Fedora 28 : drupal7 (2018-75bca4c5a0)

https://www.drupal.org/SA-CORE-2018-002 - https://www.drupal.org/SA-CORE-2018-001 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora 28 : drupal8 (2018-906ba26b4d) (Drupalgeddon 2)

8.4.6 - SA-CORE-2018-002 CVE-2018-7600 - 8.4.5 - SA-CORE-2018-001 CVE-2017-6926 / CVE-2017-6927 / CVE-2017-6930 / CVE-2017-6931 - 8.4.4 - 8.4.3 - 8.4.2 - 8.4.1 - 8.4.0 - 8.4.0-rc2 - 8.4.0-rc1 - 8.4.0-beta1 - 8.4.0-alpha1 Note that Tenable Network Security has extracted the preceding description...

Fedora Update for drupal8 FEDORA-2018-1ba93b3144

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for drupal8 FEDORA-2018-6e6d8c314b

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for drupal8 FEDORA-2018-922cc2fbaa

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 26 : drupal8 (2018-922cc2fbaa) (Drupalgeddon 2)

8.3.9 - SA-CORE-2018-002 CVE-2018-7600 - 8.3.8 - SA-CORE-2018-001 CVE-2017-6926 / CVE-2017-6927 / CVE-2017-6930 / CVE-2017-6931 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically...

Fedora 26 : drupal7 (2018-d8269e4262)

https://www.drupal.org/SA-CORE-2018-002 - https://www.drupal.org/SA-CORE-2018-001 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

Drupal 8 – CVE-2017-6926漏洞详解

作者：绿盟科技 来源： 近期，著名的Drupal CMS网站爆出7个漏洞，其中1个严重漏洞CVE-2017-6926，具有发表评论权限的用户可以查看他们无权访问的内容和评论，并且还可以为该内容添加评论。绿盟科技于上周发布了《Drupal下周将发布重要安全补丁威胁预警通告》。 本篇文章对Drupal 8 – CVE-2017-6926漏洞进行了详细分析。 CVE-2017-6926 漏洞详情 先看下drupal官网的通告： 有发布评论权限的用户，可以查看他们无权访问的内容和评论。 并且还可以为此内容添加评论。 想要触发这个漏洞，必须启用评论系统，并且攻击者必须有权发布评论。...

CVE-2017-6926

CVE-2017-6926 affects Drupal 8.4.x before 8.4.5 where users with permission to post comments can view content and comments they access to and add comments to that content. The issue’s underlying cause is tied to Drupal’s comment system behavior; mitigations are stated as requiring the comment sys...