MGASA-2012-0366
| Date: | December 26th, 2012 |
| Affected releases: | 2 |
Description:
Updated drupal packages fix security vulnerabilities:
A vulnerability was identified that allows blocked users to appear
in user search results, even when the search results are viewed by
unprivileged users (CVE-2012-5651).
Drupal core's file upload feature blocks the upload of many files that
can be executed on the server by munging the filename. A malicious user
could name a file in a manner that bypasses this munging of the filename
in Drupal's input validation (CVE-2012-5653).
The drupal package has been updated to latest version 7.18 to fix above
vulnerabilities.
Updated Packages:
drupal-7.18-1.mga2
drupal-mysql-7.18-1.mga2
drupal-postgresql-7.18-1.mga2
drupal-sqlite-7.18-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5653
http://drupal.org/SA-CORE-2012-004
https://bugs.mageia.org/show_bug.cgi?id=8442
