[BlueOnyx:21905] Drupal 7 & 8 vulnerability
Michael Stauber
mstauber at blueonyx.it
Wed Mar 28 18:14:35 -05 2018
Hi all,
I know there are some Drupal users here, so this is a heads up for them:
CVE: CVE-2018-7600
===================
A remote code execution vulnerability exists within multiple subsystems
of Drupal 7.x and 8.x. This potentially allows attackers to exploit
multiple attack vectors on a Drupal site, which could result in the site
being completely compromised.
The security team has written an FAQ about this issue.
Solution:
=========
Upgrade to the most recent version of Drupal 7 or 8 core.
- If you are running 7.x, upgrade to Drupal 7.58. (If you are unable to
update immediately, you can attempt to apply this patch to fix the
vulnerability until such time as you are able to completely update.)
- If you are running 8.5.x, upgrade to Drupal 8.5.1. (If you are unable
to update immediately, you can attempt to apply this patch to fix the
vulnerability until such time as you are able to completely update.)
See: https://www.drupal.org/sa-core-2018-002
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list