Alert GCSA-22011 - Aggiornamento di sicurezza per Drupal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-22011
Data: 21 Gennaio 2022
Titolo: Aggiornamento di sicurezza per Drupal
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versione del CMS Drupal
che risolvono due bug di sicurezza:
Drupal core - Moderately critical - Cross Site Scripting -
SA-CORE-2022-001
Drupal core - Moderately critical - Cross site scripting -
SA-CORE-2022-002
Maggiori informazioni sono disponibili nella segnalazione
ufficiale alla sezione "Riferimenti".
:: Piattaforme e software interessati
Drupal versione 7
Drupal versione 9.2
Drupal versione 9.3
:: Impatto
Cross-Site Scripting (XSS)
:: Soluzioni
Aggiornare alle ultime versioni di Drupal:
https://www.drupal.org/project/drupal/releases/7.86
https://www.drupal.org/project/drupal/releases/9.2.11
https://www.drupal.org/project/drupal/releases/9.3.3
:: Riferimenti
Drupal
https://www.drupal.org/sa-core-2022-001
https://www.drupal.org/sa-core-2022-002
AusCERT
https://www.auscert.org.au/bulletins/ESB-2022.0234/
https://www.auscert.org.au/bulletins/ESB-2022.0236/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41183
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFh6nP4wZxMk2USYEIRAtwYAKDAncURnZeo0KmGrtQy1jAQjU7ltACgvtu3
lwfen0o0Dt4qfxqCUNxA9dU=
=v33e
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-22011
Data: 21 Gennaio 2022
Titolo: Aggiornamento di sicurezza per Drupal
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versione del CMS Drupal
che risolvono due bug di sicurezza:
Drupal core - Moderately critical - Cross Site Scripting -
SA-CORE-2022-001
Drupal core - Moderately critical - Cross site scripting -
SA-CORE-2022-002
Maggiori informazioni sono disponibili nella segnalazione
ufficiale alla sezione "Riferimenti".
:: Piattaforme e software interessati
Drupal versione 7
Drupal versione 9.2
Drupal versione 9.3
:: Impatto
Cross-Site Scripting (XSS)
:: Soluzioni
Aggiornare alle ultime versioni di Drupal:
https://www.drupal.org/project/drupal/releases/7.86
https://www.drupal.org/project/drupal/releases/9.2.11
https://www.drupal.org/project/drupal/releases/9.3.3
:: Riferimenti
Drupal
https://www.drupal.org/sa-core-2022-001
https://www.drupal.org/sa-core-2022-002
AusCERT
https://www.auscert.org.au/bulletins/ESB-2022.0234/
https://www.auscert.org.au/bulletins/ESB-2022.0236/
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41183
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iD8DBQFh6nP4wZxMk2USYEIRAtwYAKDAncURnZeo0KmGrtQy1jAQjU7ltACgvtu3
lwfen0o0Dt4qfxqCUNxA9dU=
=v33e
-----END PGP SIGNATURE-----