MGASA-2014-0492

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0492.html

Import Source

https://advisories.mageia.org/MGASA-2014-0492.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0492

Upstream

CVE-2014-9015

CVE-2014-9016

Published

2014-11-26T17:29:06Z

Modified

2026-04-16T06:25:28.648268751Z

Summary

Updated drupal packages fix security vulnerabilities

Details

Updated drupal packages fix security vulnerability:

Aaron Averill discovered that a specially crafted request can give a user access to another user's session, allowing an attacker to hijack a random session (CVE-2014-9015).

Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered that the password hashing API allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service) (CVE-2014-9016). anonymous users (CVE-2014-9016).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3 / drupal

Package

Name: drupal
Purl: pkg:rpm/mageia/drupal?arch=source&distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.34-1.mga3

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2014-0492.json"

Mageia:4 / drupal

Package

Name: drupal
Purl: pkg:rpm/mageia/drupal?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.34-1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2014-0492.json"