Detections
Analytics

Debian DLA-2637-1 : drupal7 security update

high Nessus Plugin ID 149015

Language:

Synopsis

The remote Debian host is missing a security update.

Description

The Drupal project identified a vulnerability in the sanitization performed in the _filter_xss_arttributes function, potentially allowing a cross-site scripting, and granted it the Drupal Security Advisory ID SA-CORE-2021-002 :

https://www.drupal.org/sa-core-2021-002

No CVE number has been announced.

For Debian 9 'Stretch', the fix to this issue was backported in version 7.52-2+deb9u15.

We recommend you upgrade your drupal7 package.

For detailed security status of drupal7, please refer to its security tracker page :

https://security-tracker.debian.org/tracker/source-package/drupal7

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Upgrade the affected drupal7 package.

See Also

https://lists.debian.org/debian-lts-announce/2021/04/msg00024.html

https://packages.debian.org/source/stretch/drupal7

http://www.nessus.org/u?87fc5303

https://www.drupal.org/sa-core-2021-002

Plugin Details

Severity: High

ID: 149015

File Name: debian_DLA-2637.nasl

Version: 1.1

Type: local

Agent: unix

Published: 4/27/2021

Updated: 4/27/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:drupal7, cpe:/o:debian:debian_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 4/23/2021

Vulnerability Publication Date: 4/23/2021