[SECURITY] Fedora 26 Update: drupal8-8.3.9-1.fc26

Monday, 23 April 2018

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-922cc2fbaa
2018-04-24 03:27:22.354426
--------------------------------------------------------------------------------

Name        : drupal8
Product     : Fedora 26
Version     : 8.3.9
Release     : 1.fc26
URL         : https://www.drupal.org/8
Summary     : An open source content management platform
Description :
Drupal is an open source content management platform powering millions of
websites and applications. It���s built, used, and supported by an active and
diverse community of people around the world.

--------------------------------------------------------------------------------
Update Information:

* [8.3.9](https://www.drupal.org/project/drupal/releases/8.3.9)     * [SA-
CORE-2018-002 (CVE-2018-7600)](https://www.drupal.org/SA-CORE-2018-002) *
[8.3.8](https://www.drupal.org/project/drupal/releases/8.3.8)     * [SA-
CORE-2018-001 (CVE-2017-6926 / CVE-2017-6927 / CVE-2017-6930 /
CVE-2017-6931)](https://www.drupal.org/SA-CORE-2018-001)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 28 2018 Shawn Iwinski <shawn(a)iwin.ski&gt; - 8.3.9-1
- Update to 8.3.9 (SA-CORE-2018-001 / CVE-2017-6926 / CVE-2017-6927 /
  CVE-2017-6930 / CVE-2017-6931 / SA-CORE-2018-002 / CVE-2018-7600)
* Thu Aug 17 2017 Shawn Iwinski <shawn(a)iwin.ski&gt; - 8.3.7-1
- Update to 8.3.7 (RHBZ #1482277 / SA-CORE-2017-004 / CVE-2017-6923 /
  CVE-2017-6924 / CVE-2017-6925)
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org&gt; - 8.3.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Jul  7 2017 Shawn Iwinski <shawn(a)iwin.ski&gt; - 8.3.5-1
- Update to 8.3.5 (RHBZ #1468059)
* Thu Jun 22 2017 Shawn Iwinski <shawn(a)iwin.ski&gt; - 8.3.4-1
- Update to 8.3.4 (RHBZ #1459711 / SA-CORE-2017-003 / CVE-2017-6920 /
  CVE-2017-6921 / CVE-2017-6922)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1561855 - CVE-2018-7600 drupal8: drupal: Unsanitized requests allow remote
attackers to execute arbitrary code [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1561855
  [ 2 ] Bug #1548325 - CVE-2017-6926 CVE-2017-6927 CVE-2017-6928 CVE-2017-6929
CVE-2017-6930 CVE-2017-6931 CVE-2017-6932 drupal8: drupal: Multiple vulnerabilities fixed
in 7.57 and 8.4.5 (SA-CORE-2018-001) [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1548325
  [ 3 ] Bug #1548192 - drupal8: drupal: JavaScript cross-site scripting in checkPlain
function [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1548192
  [ 4 ] Bug #1548188 - drupal8: drupal: Comment reply form allows access to restricted
content [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1548188
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-922cc2fbaa' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[SECURITY] Fedora 26 Update: drupal8-8.3.9-1.fc26