Package name
drupal
Date
2014-02-14
Advisory ID
MDVSA-2014:031
Affected versions
MBS1 x86_64

Problem description

Multiple security issues was identified and fixed in drupal:

The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows
remote OpenID users to authenticate as other users via unspecified
vectors (CVE-2014-1475).

The Taxonomy module in Drupal 7.x before 7.26, when upgraded from
an earlier version of Drupal, does not properly restrict access to
unpublished content, which allows remote authenticated users to obtain
sensitive information via a listing page (CVE-2014-1476).

The updated packages has been upgraded to the 7.26 version which is
unaffected by these security flaws.

Updated packages

MBS1 x86_64

 1561765f33c6a67a7b63ecbc783a8e68  mbs1/x86_64/drupal-7.26-1.mbs1.noarch.rpm
 5d8bb1fedd2fc2acfe50272dbc57dc50  mbs1/x86_64/drupal-mysql-7.26-1.mbs1.noarch.rpm
 6f4d6b410161ef37d36e055b75ac61bf  mbs1/x86_64/drupal-postgresql-7.26-1.mbs1.noarch.rpm
 614f9cb70cbb955f445bbb3fc77dc819  mbs1/x86_64/drupal-sqlite-7.26-1.mbs1.noarch.rpm 
 34636e9e6743b2b8e1e3e4c46156eb6c  mbs1/SRPMS/drupal-7.26-1.mbs1.src.rpm

References