Wednesday, July 13, 2016

Feedly:SANS Internet Storm Center, InfoCON: green. Drupal: Patch released today to fix a highly critical RCE in contributed modules, (Wed, Jul 13th)



from SANS Internet Storm Center, InfoCON: green

Drupal announced that they will release today (Wed July 13th 2016 16:00 UTC) a patch that will fix highly critical remote code execution vulnerabilities in contributed modules. Drupal core is not affected.

The vulnerability is a "PHP Arbitrary Code Execution" and is rated up to 22/25 (based on risk calculation model used by Drupal - details here). The vulnerable modules are used on between 1.000 and 10.000 instances.

If you maintain one or more Drupal websites, review the list of affected contributed modules and apply the patch as soon as possible if you're affected.

Link to the advisory ID: <span style="color: rgb(34, 34, 34); font-family: " lucida="" grande",="" "dejavu="" sans",="" "bitstream="" vera="" verdana,="" arial,="" sans-serif;="" line-height:="" 18px;"="">DRUPAL-PSA-2016-001

Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant
PGP Key

Web Analytics