Alert GCSA-21100 - Aggiornamento di sicurezza per Drupal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-21100
Data: 17 Settembre 2021
Titolo: Aggiornamento di sicurezza per Drupal
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versione del CMS Drupal
che risolvono alcuni bug di sicurezza:
Drupal core - Moderately critical - Cross Site Request Forgery - SA-CORE-2021-006
Drupal core - Moderately critical - Cross Site Request Forgery - SA-CORE-2021-007
Drupal core - Moderately critical - Access bypass - SA-CORE-2021-008
Drupal core - Moderately critical - Access bypass - SA-CORE-2021-009
Drupal core - Moderately critical - Access bypass - SA-CORE-2021-010
Maggiori informazioni sono disponibili nella segnalazione
ufficiale alla sezione "Riferimenti".
:: Piattaforme e software interessati
Drupal versione 9.2
Drupal versione 9.1
Drupal versione 8.9
Versioni precedenti alla 8.9x e alla 9.1.x sono considerate end-of-life e
non ricevono piu' aggiornamenti di sicurezza.
:: Impatto
Elusione delle restrizioni di sicurezza (SRB)
Rivelazione di informazioni (ID)
Cross-Site Scripting (XSS)
:: Soluzioni
Aggiornare alle ultime versioni di Drupal:
https://www.drupal.org/project/drupal/releases/9.2.6
https://www.drupal.org/project/drupal/releases/9.1.13
https://www.drupal.org/project/drupal/releases/8.9.19
:: Riferimenti
Drupal
https://www.drupal.org/sa-core-2021-006
https://www.drupal.org/sa-core-2021-007
https://www.drupal.org/sa-core-2021-008
https://www.drupal.org/sa-core-2021-009
https://www.drupal.org/sa-core-2021-010
US-CERT
https://us-cert.cisa.gov/ncas/current-activity/2021/09/16/drupal-releases-multiple-security-updates
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13677
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFhREGPwZxMk2USYEIRApppAKCLP54f+N7sC0Z8pOM1iKISHQ7ErACcDmce
M1JOh27x18uRGQB+QLV3Bwk=
=g0bZ
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-21100
Data: 17 Settembre 2021
Titolo: Aggiornamento di sicurezza per Drupal
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versione del CMS Drupal
che risolvono alcuni bug di sicurezza:
Drupal core - Moderately critical - Cross Site Request Forgery - SA-CORE-2021-006
Drupal core - Moderately critical - Cross Site Request Forgery - SA-CORE-2021-007
Drupal core - Moderately critical - Access bypass - SA-CORE-2021-008
Drupal core - Moderately critical - Access bypass - SA-CORE-2021-009
Drupal core - Moderately critical - Access bypass - SA-CORE-2021-010
Maggiori informazioni sono disponibili nella segnalazione
ufficiale alla sezione "Riferimenti".
:: Piattaforme e software interessati
Drupal versione 9.2
Drupal versione 9.1
Drupal versione 8.9
Versioni precedenti alla 8.9x e alla 9.1.x sono considerate end-of-life e
non ricevono piu' aggiornamenti di sicurezza.
:: Impatto
Elusione delle restrizioni di sicurezza (SRB)
Rivelazione di informazioni (ID)
Cross-Site Scripting (XSS)
:: Soluzioni
Aggiornare alle ultime versioni di Drupal:
https://www.drupal.org/project/drupal/releases/9.2.6
https://www.drupal.org/project/drupal/releases/9.1.13
https://www.drupal.org/project/drupal/releases/8.9.19
:: Riferimenti
Drupal
https://www.drupal.org/sa-core-2021-006
https://www.drupal.org/sa-core-2021-007
https://www.drupal.org/sa-core-2021-008
https://www.drupal.org/sa-core-2021-009
https://www.drupal.org/sa-core-2021-010
US-CERT
https://us-cert.cisa.gov/ncas/current-activity/2021/09/16/drupal-releases-multiple-security-updates
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13677
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFhREGPwZxMk2USYEIRApppAKCLP54f+N7sC0Z8pOM1iKISHQ7ErACcDmce
M1JOh27x18uRGQB+QLV3Bwk=
=g0bZ
-----END PGP SIGNATURE-----