Monthly Archives: September 2015

Drupal

Drupal 7 driver for SQL Server and SQL Azure – Moderately Critical – SQL Injection – SA-CONTRIB-2015-148

Description

Drupal 7 driver for SQL Server and SQL Azure module has a SQL injection vulnerability.

Certain characters aren’t properly escaped by the Drupal database API. A malicious user may be able to access restricted information by performing a specially-crafted search.

Only sites that use contrib or custom modules which rely on the db_like() function may be affected.

CVE identifier(s) issued

  • A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.

Versions affected

  • Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x versions prior to 7.x-1.4

Drupal core is not affected. If you do not use the contributed Drupal 7 driver for SQL Server and SQL Azure module, there is nothing you need to do.

Solution

Install the latest version:

Although a 7.x-1.4 version has been released the 7.x-1.x branch is currently unsupported and not maintained.

Also see the Drupal 7 driver for SQL Server and SQL Azure project page.

Reported by

Fixed by

Coordinated by

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version: 
Drupal 7.x
CentOS

CEBA-2015:1794 CentOS 7 sos BugFix Update

CentOS Errata and Bugfix Advisory 2015:1794 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1794.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
3730c244c71710068c1b500b346da09998e42c575c4f7d7d138a414c2c136f2a  sos-3.2-15.el7.centos.8.noarch.rpm

Source:
948a4735783da418ba2a87d0818db62523cac9a705fbd0ea06f631c4ff8ac89f  sos-3.2-15.el7.centos.8.src.rpm
CentOS

CESA-2015:1778 Important CentOS 7 kernel SecurityUpdate

CentOS Errata and Security Advisory 2015:1778 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1778.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
2b6db9618f5eadc5e387ef7bbb92921016889e4ff475a7d7e58f6ee839b4fee4  kernel-3.10.0-229.14.1.el7.x86_64.rpm
2953bc79d19f33b7c8d3619cc6e4e6674d875b5ad7fc697dd67bdc3a1e8be534  kernel-abi-whitelists-3.10.0-229.14.1.el7.noarch.rpm
f9061a5ae18f4e1144bbcab75aa796b9f03fc222dacbc6bbf32763892316674b  kernel-debug-3.10.0-229.14.1.el7.x86_64.rpm
a6408241bb37c5211d17aef1877a3a4deaf17dcfc563f0f71a9feb933fda0bde  kernel-debug-devel-3.10.0-229.14.1.el7.x86_64.rpm
ebcc89d2c1f6f905af463e43a378ef7ee8268c8384db22d84a92a3ef9f7494d6  kernel-devel-3.10.0-229.14.1.el7.x86_64.rpm
798f9c01a29374e0514150977172a3b963dd3f2b12bcd570df4a6c3bc3436c27  kernel-doc-3.10.0-229.14.1.el7.noarch.rpm
2990dccdb92ba07e02678a986920de27955dfd91917a47832689764228fc6a8f  kernel-headers-3.10.0-229.14.1.el7.x86_64.rpm
3352f73904aefd474e2f7c156671b6420411d843a215b86e7d479fd17b4ddb42  kernel-tools-3.10.0-229.14.1.el7.x86_64.rpm
c0f054af75c2238dcc2e76a2f80f41590efc964d28bb5e37f54d69dadd152867  kernel-tools-libs-3.10.0-229.14.1.el7.x86_64.rpm
293a5f0c016913ed8c8b45d7f4970c5b76f67b5fb98c1f653d78c07c606ee0a9  kernel-tools-libs-devel-3.10.0-229.14.1.el7.x86_64.rpm
6249ecbfad2add537457d487214f18bb01da91b11fea4681e4ec64ee563ae84a  perf-3.10.0-229.14.1.el7.x86_64.rpm
a4903553384638544c330b3a3aacef7638b1082cc9e356e13823a5c705208f4c  python-perf-3.10.0-229.14.1.el7.x86_64.rpm

Source:
8bb6f681b9f547cce81793c286d5f40f79062b55e9e6eeb2db53d87a338f7465  kernel-3.10.0-229.14.1.el7.src.rpm
CentOS

CEBA-2015:1785 CentOS 7 sssd BugFix Update

CentOS Errata and Bugfix Advisory 2015:1785 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1785.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
084f9b2dd0af4eb9d91db8f5c33a607fa483de1c7f4ff8b5cb0871555a19e9f3  libipa_hbac-1.12.2-58.el7_1.17.i686.rpm
e34ff0bacc7534d13d55e82c568c56432a65e0f71e5c4259138a729ffe1aeb94  libipa_hbac-1.12.2-58.el7_1.17.x86_64.rpm
7cc6de9d45283f65b63543dfab4d94c14890f26d0f95232f34c80ef9312aaaf9  libipa_hbac-devel-1.12.2-58.el7_1.17.i686.rpm
d2c59f4b9cc77f7f64d27df64949781d3b6e527d881fd7201ceda21351b61156  libipa_hbac-devel-1.12.2-58.el7_1.17.x86_64.rpm
2d5d77d34da99080e22a91dcc2f359e339506bd2d09b8f78e33de2f982cf7268  libipa_hbac-python-1.12.2-58.el7_1.17.x86_64.rpm
6b458d80cf7b532a95b7ff3b450a07d72beff9cb4ab40e8a4c7b3e67393f0f11  libsss_idmap-1.12.2-58.el7_1.17.i686.rpm
b90fa87538e8ca82be2145784c0ac2e9c502c20963bb6bf516119ba1af102eb1  libsss_idmap-1.12.2-58.el7_1.17.x86_64.rpm
b85acd94bfb5ef1f5e50251f68799bb3a339ac9920b8b42ed46b98c34794a49e  libsss_idmap-devel-1.12.2-58.el7_1.17.i686.rpm
d19d90ca39a93b9c705eac10a940a9b5df6effa59db6216e8437c79c65703521  libsss_idmap-devel-1.12.2-58.el7_1.17.x86_64.rpm
80274a8b568ef40e02f9b45691bd586af7afecf9fda632e7c91572a58624f634  libsss_nss_idmap-1.12.2-58.el7_1.17.i686.rpm
68a6a1233bf29bd29e924312197a24d24aacf6725ea2da9199d6d28beb0127f8  libsss_nss_idmap-1.12.2-58.el7_1.17.x86_64.rpm
8db52767afef9ced4c54c07371899d4b8b4c56347bb435dc63ad803a5d01d7e4  libsss_nss_idmap-devel-1.12.2-58.el7_1.17.i686.rpm
e9004c73bfa326e445cf69f7e31b8d33f01900358fe29b26a778136dc37988df  libsss_nss_idmap-devel-1.12.2-58.el7_1.17.x86_64.rpm
1b0203c6be228d21d9d9e5cb15e63d31ff2a3a76231c975dd30a52abfdffd44a  libsss_nss_idmap-python-1.12.2-58.el7_1.17.x86_64.rpm
77fbbc7b146595623fd15b20d4b98fc8df8243c6daad4b60e7df7e1bb20c0776  libsss_simpleifp-1.12.2-58.el7_1.17.i686.rpm
72cf5f255b7568c519eb5738c2bd6a0d1015ccaf83edc9fbb9d9b50ab7973ed3  libsss_simpleifp-1.12.2-58.el7_1.17.x86_64.rpm
8eb3644e9854f61d36f8105332631534a092d792c012702fc5bc34113bcfe488  libsss_simpleifp-devel-1.12.2-58.el7_1.17.i686.rpm
a43d2e3df781891597cb2b62e991565454e0eaba365db7cdec883a9845fbf230  libsss_simpleifp-devel-1.12.2-58.el7_1.17.x86_64.rpm
0e9b2fac1ab055ee2f49dbbaa9d4eb1ac3712def96891bad3dfd5637bb3dcd09  python-sssdconfig-1.12.2-58.el7_1.17.noarch.rpm
20a2d0a2795d203fc4ff4006c3fec78d12ef26da5557516582f20fe05f436a61  sssd-1.12.2-58.el7_1.17.x86_64.rpm
a136c13847495360347bf02b45b195a990b4a023b26b6f93efd8158663ae2550  sssd-ad-1.12.2-58.el7_1.17.x86_64.rpm
3f7b32c34f267d4efed4fc2cfb1fca28cc398109776c6acc6d030b977bac9ed0  sssd-client-1.12.2-58.el7_1.17.i686.rpm
52e4fe169060cf8270781e5227aa9e03f62ad0578c2f85e12198bc8448a699ee  sssd-client-1.12.2-58.el7_1.17.x86_64.rpm
ee82c379e3b2e316031545d8c273bafe4ca60de17540efd4310ad4cc40a3a3c0  sssd-common-1.12.2-58.el7_1.17.i686.rpm
5fd241035f6936152113db57b1da05850b87963d39f1fcf2b3242c90c0443049  sssd-common-1.12.2-58.el7_1.17.x86_64.rpm
57d2e1e771413f68d74e804b52bb71c41162e92515002057ad57d4765b15ec1d  sssd-common-pac-1.12.2-58.el7_1.17.x86_64.rpm
e01c245d9d7ff75db744d7ae9b71eb2342362f3be2c30712ba89af0b36dffde0  sssd-dbus-1.12.2-58.el7_1.17.x86_64.rpm
dff04028be0fb7998b4713fa8db2bacc4ab375117dd6d3b618c96ea84e52a722  sssd-ipa-1.12.2-58.el7_1.17.x86_64.rpm
e2e19972b75dab3df9f13032de992c41ebcaa8d08586cd2aa4c3ac58784793f4  sssd-krb5-1.12.2-58.el7_1.17.x86_64.rpm
77f52726f3b00e45ebb89c7a1f54b0ae4be420f1f836ff561d46ccb002e0766c  sssd-krb5-common-1.12.2-58.el7_1.17.i686.rpm
57d8e78e4c7fafc60a201f2c3102078e6c66c257e7cfdc03940d5dd877e6fda6  sssd-krb5-common-1.12.2-58.el7_1.17.x86_64.rpm
9a0e1d823d741e73f5d4d19548762284d2660d28e78dc97b9a01272003049cb0  sssd-ldap-1.12.2-58.el7_1.17.x86_64.rpm
c543d2e79cdec3ebe4a3883918d6d1cba4f1c50dd6039b23bd8399afb65a8b84  sssd-libwbclient-1.12.2-58.el7_1.17.x86_64.rpm
909dc9864c289ad5afa2a766f7e8d2ba35f5eb7dcdbc99383f48327c6194063f  sssd-libwbclient-devel-1.12.2-58.el7_1.17.i686.rpm
3eaf1e7aa1ee031ae275566482401538b78c2ceec1324bbe3ce4beb26bbdfc52  sssd-libwbclient-devel-1.12.2-58.el7_1.17.x86_64.rpm
caec67b6159a7a6d836aa3531ec048b66188430188475b55cd39d4a4ba5391df  sssd-proxy-1.12.2-58.el7_1.17.x86_64.rpm
868cc18041fccb2ad7770eab5177a19f8644754d3653795111f4ffbe57ce9be2  sssd-tools-1.12.2-58.el7_1.17.x86_64.rpm

Source:
946333878b4cd2b9872a5970e190ebafa1c71fb2fde3a628f68674c2d09811fa  sssd-1.12.2-58.el7_1.17.src.rpm