Fedora 18 : drupal6-6.27-1.fc18 / drupal7-7.18-1.fc18 (2012-20746)
Medium Nessus Plugin ID 63497
SynopsisThe remote Fedora host is missing one or more security updates.
DescriptionUpstream Drupal has reported SA-CORE-2012-004  which corrects multiple vulnerabilities :
1) Access bypass (User module search - Drupal 6 and 7) 2) Access bypass (Upload module - Drupal 6) 3) Arbitrary PHP code execution (File upload modules - Drupal 6 and 7)
CVEs have been requested and are not yet assigned.
These flaws have been fixed in Drupal 6.27 and 7.18.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected drupal6 and / or drupal7 packages.