drupal: several vulnerabilities (CVE-2015-6658, CVE-2015-6659, CVE-2015-6660, CVE-2015-6661, CVE-2015-6665, CVE-2015-7943)
CVE identifier(s) issued
Cross-site Scripting (Ajax system - Drupal 7): CVE-2015-6665
Cross-site Scripting (Autocomplete system - Drupal 6 and 7):
CVE-2015-6658
SQL Injection (Database API - Drupal 7): CVE-2015-6659
Cross-site Request Forgery (Form API - Drupal 6 and 7): CVE-2015-6660
Information Disclosure in Menu Links (Access system - Drupal 6 and 7):
CVE-2015-6661
Versions affected
Drupal core 6.x versions prior to 6.37
Drupal core 7.x versions prior to 7.39
Solution
Install the latest version:
If you use Drupal 6.x, upgrade to Drupal core 6.37
If you use Drupal 7.x, upgrade to Drupal core 7.39
References:
https://www.drupal.org/SA-CORE-2015-003
http://www.openwall.com/lists/oss-security/2015/08/21/5
Open Redirect - SA-CORE-2015-004: CVE-2015-7943
Versions affected
Drupal core 7.x versions prior to 7.41.
upgrade to Drupal 7.41
References:
https://www.drupal.org/SA-CORE-2015-004
(from redmine: issue id 4705, created on 2015-10-01, closed on 2015-11-04)
- Changesets:
- Revision 57553ab8 by Natanael Copa on 2015-11-04T10:42:32Z:
main/drupal7: upgrade to 7.41
fixes #4705