-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-fe94df8c34 2020-09-25 16:31:57.893643 --------------------------------------------------------------------------------
Name : drupal7 Product : Fedora 33 Version : 7.72 Release : 1.fc33 URL : https://www.drupal.org Summary : An open-source content-management platform Description : Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure.
-------------------------------------------------------------------------------- Update Information:
- https://www.drupal.org/project/drupal/releases/7.72 - [Drupal core - Critical - Cross Site Request Forgery - SA- CORE-2020-004](https://www.drupal.org/sa-core-2020-004) / CVE-2020-13663 - https://www.drupal.org/project/drupal/releases/7.71 -------------------------------------------------------------------------------- ChangeLog:
* Fri Sep 4 2020 Shawn Iwinski shawn.iwinski@gmail.com - 7.72-1 - Update to 7.72 - SA-CORE-2020-004/CVE-2020-13663 (RHBZ #1860912, #1860913) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1828417 - CVE-2020-11022 drupal7: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1828417 [ 2 ] Bug #1850013 - CVE-2020-11023 drupal7: jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1850013 [ 3 ] Bug #1850023 - CVE-2020-11023 drupal7: jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1850023 [ 4 ] Bug #1860912 - CVE-2020-13663 drupal7: Form API does not properly handle certain form input from cross-site requests [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1860912 [ 5 ] Bug #1860913 - CVE-2020-13663 drupal7: Form API does not properly handle certain form input from cross-site requests [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1860913 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-fe94df8c34' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------