7 matches found
Debian DLA-1685-1 : drupal7 security update
Drupal core uses the third-party PEAR ArchiveTar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details. Also a possible regression caused by CVE-2019-6339 is fixed. For Debian 8 'Jessie', this problem has been fixed in...
Debian: Security Advisory (DLA-1685-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM API Connect Developer Portal is affected by a remote code execution vulnerability in Drupal (CVE-2019-6339)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-6339 DESCRIPTION: Drupal core could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an error in PHP's built-in phar stream wrapper. By sending a...
CVE-2019-6339 PHAR stream wrapper Arbitrary PHP code execution
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing fi...
CVE-2019-6339
Summary: CVE-2019-6339 affects Drupal Core components: Drupal 7.x before 7.62, 8.6.x before 8.6.6, and 8.5.x before 8.5.9. It is a remote code execution in PHP’s built‑in phar stream wrapper during file operations on untrusted phar:// URIs, exposed when unvalidated user input is used in file oper...
Debian DSA-4370-1 : drupal7 - security update
Two vulnerabilities were found in Drupal, a fully-featured content management framework, which could result in arbitrary code execution. For additional information, please refer to the upstream advisories at: https://www.drupal.org/sa-core-2019-001 and https://www.drupal.org/sa-core-2019-002 C...
Drupal 7.x < 7.62 / 8.5.x < 8.5.9 / 8.6.x < 8.6.6 Multiple Vulnerabilities (SA-CORE-2019-001, SA-CORE-2019-002)
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.62, 8.5.x prior to 8.5.9, or 8.6.x prior to 8.6.6. It is, therefore, affected by multiple phar handling vulnerabilities. An unauthenticated attacker could leverage these vulnerabiliti...