--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-922cc2fbaa
2018-04-24 03:27:22.354426
--------------------------------------------------------------------------------
Name : drupal8
Product : Fedora 26
Version : 8.3.9
Release : 1.fc26
URL :
https://www.drupal.org/8
Summary : An open source content management platform
Description :
Drupal is an open source content management platform powering millions of
websites and applications. It���s built, used, and supported by an active and
diverse community of people around the world.
--------------------------------------------------------------------------------
Update Information:
* [
8.3.9](https://www.drupal.org/project/drupal/releases/8.3.9) * [SA-
CORE-2018-002 (
CVE-2018-7600)](https://www.drupal.org/SA-CORE-2018-002) *
[
8.3.8](https://www.drupal.org/project/drupal/releases/8.3.8) * [SA-
CORE-2018-001 (CVE-2017-6926 / CVE-2017-6927 / CVE-2017-6930 /
CVE-2017-6931)](https://www.drupal.org/SA-CORE-2018-001)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 28 2018 Shawn Iwinski <shawn(a)iwin.ski> - 8.3.9-1
- Update to 8.3.9 (SA-CORE-2018-001 / CVE-2017-6926 / CVE-2017-6927 /
CVE-2017-6930 / CVE-2017-6931 / SA-CORE-2018-002 / CVE-2018-7600)
* Thu Aug 17 2017 Shawn Iwinski <shawn(a)iwin.ski> - 8.3.7-1
- Update to 8.3.7 (RHBZ #1482277 / SA-CORE-2017-004 / CVE-2017-6923 /
CVE-2017-6924 / CVE-2017-6925)
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 8.3.5-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Jul 7 2017 Shawn Iwinski <shawn(a)iwin.ski> - 8.3.5-1
- Update to 8.3.5 (RHBZ #1468059)
* Thu Jun 22 2017 Shawn Iwinski <shawn(a)iwin.ski> - 8.3.4-1
- Update to 8.3.4 (RHBZ #1459711 / SA-CORE-2017-003 / CVE-2017-6920 /
CVE-2017-6921 / CVE-2017-6922)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1561855 - CVE-2018-7600 drupal8: drupal: Unsanitized requests allow remote
attackers to execute arbitrary code [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1561855
[ 2 ] Bug #1548325 - CVE-2017-6926 CVE-2017-6927 CVE-2017-6928 CVE-2017-6929
CVE-2017-6930 CVE-2017-6931 CVE-2017-6932 drupal8: drupal: Multiple vulnerabilities fixed
in 7.57 and 8.4.5 (SA-CORE-2018-001) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1548325
[ 3 ] Bug #1548192 - drupal8: drupal: JavaScript cross-site scripting in checkPlain
function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1548192
[ 4 ] Bug #1548188 - drupal8: drupal: Comment reply form allows access to restricted
content [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1548188
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-922cc2fbaa' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------