Debian 10225 Published by

The following updates has been released for Debian GNU/Linux 7 LTS:

DLA 1295-1: drupal7 security update
DLA 1296-1: xmltooling security update



DLA 1295-1: drupal7 security update




Package : drupal7
Version : 7.14-2+deb7u17
CVE ID : CVE-2017-6927 CVE-2017-6928 CVE-2017-6929
CVE-2017-6932
Debian Bug : 891152 891150 891153 891154

Multiple vulnerabilities have been found in the Drupal content
management framework. For additional information, please refer to the
upstream advisory at https://www.drupal.org/sa-core-2018-001.

For Debian 7 "Wheezy", these problems have been fixed in version
7.14-2+deb7u17.

We recommend that you upgrade your drupal7 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1296-1: xmltooling security update




Package : xmltooling
Version : 1.4.2-5+deb7u3
CVE ID : CVE-2018-0489

Kelby Ludwig and Scott Cantor discovered that the Shibboleth service
provider is vulnerable to impersonation attacks and information
disclosure due to incorrect XML parsing. For additional details please
refer to the upstream advisory at
https://shibboleth.net/community/advisories/secadv_20180227.txt

For Debian 7 "Wheezy", these problems have been fixed in version
1.4.2-5+deb7u3.

We recommend that you upgrade your xmltooling packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS