CVE-2015-3234 Information

Description

The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users’ accounts by leveraging an OpenID identity from certain providers as demonstrated by the Verisign LiveJournal and StackExchange providers.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161265.html http://www.debian.org/security/2015/dsa-3291 http://www.securityfocus.com/bid/75294 https://www.drupal.org/SA-CORE-2015-002