FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (3da0352f-2397-11ea-966e-000ffec0b3e1)

high Nessus Plugin ID 132349

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Drupal Security Team reports :

A visit to install.php can cause cached data to become corrupted. This could cause a site to be impaired until caches are rebuilt.

Drupal 8 core's file_save_upload() function does not strip the leading and trailing dot ('.') from filenames, like Drupal 7 did. Users with the ability to upload files with any extension in conjunction with contributed modules may be able to use this to upload system files such as .htaccess in order to bypass protections afforded by Drupal's default .htaccess file. After this fix, file_save_upload() now trims leading and trailing dots from filenames.

The Media Library module has a security vulnerability whereby it doesn't sufficiently restrict access to media items in certain configurations.

The Drupal project uses the third-party library Archive_Tar, which has released a security-related feature that impacts some Drupal configurations. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The latest versions of Drupal update Archive_Tar to 1.4.9 to mitigate the file processing vulnerabilities.

Solution

Update the affected packages.

See Also

https://www.drupal.org/sa-core-2019-009

https://www.drupal.org/sa-core-2019-010

https://www.drupal.org/sa-core-2019-011

https://www.drupal.org/sa-core-2019-012

http://www.nessus.org/u?84fc5f5f

Plugin Details

Severity: High

ID: 132349

File Name: freebsd_pkg_3da0352f239711ea966e000ffec0b3e1.nasl

Version: 1.1

Type: local

Published: 12/23/2019

Updated: 12/23/2019

Dependencies: ssh_get_info.nasl

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:drupal7, p-cpe:/a:freebsd:freebsd:drupal8, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/21/2019

Vulnerability Publication Date: 12/18/2019