Summary: | <www-apps/drupal-{6.36,7.38}: Multiple vulnerabilities (CVE-2015-{3231,3232,3233,3234}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | MickKi <confabulate> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.drupal.org/SA-CORE-2015-002 | ||
Whiteboard: | ~3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
MickKi
2015-06-17 21:01:13 UTC
13:54 < gentoovcs> jmbsvicetto → gentoo-x86 (www-apps/drupal/) Bump drupal to releases 7.38 and 6.36 - fixes bug 552416. Security bump - CVE-2015-{3231,3232,3233,3234}. Add drupal-8.0.0_beta11 from my overlay. 13:54 < willikins> gentoovcs: https://bugs.gentoo.org/552416 "<www-apps/drupal-{6.36,7.38}: Multiple vulnerabilities (CVE-2015-{3231,3232,3233,3234})"; Gentoo Security, Vulnerabilities; IN_P; New releases added to the tree and affected versions dropped. CVE-2015-3234 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3234): The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers. CVE-2015-3233 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3233): Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. CVE-2015-3232 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3232): Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter. |