Af Nicolai Devantier, 20/12/19
Der rettes i Drupal 7.x, 8.7.x og 8.8.x.
Drupal har frigivet sikkerhedsopdateringer, der adresserer sårbarheder i Drupal 7.x, 8.7.x og 8.8.x.
En angriber kan potentielt udnytte nogle af sårbarhederne til at manipulere data på berørte websider.
The Cybersecurity and Infrastructure Security Agency (CISA) opfordrer brugere og administratorer til at gennemse nedenstående sikkerhedsadvarsler fra Drupal og installere de nødvendige opdateringer.
- Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2019-012
- Drupal core - Moderately critical - Access bypass - SA-CORE-2019-011
- Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010
- Drupal core - Moderately critical - Denial of Service - SA-CORE-2019-009
Anbefaling:
Opdater altid dine produkter med de nyeste rettelser fra producenten.
Links:
- Drupal Releases Security Updates, advarsel fra US-CERT.
- The Drupal development team released versions 7.69, 8.7.11 and 8.8.1, which address several vulnerabilities, including a serious file processing issue, artikel fra Securityaffairs.
- Vulnerability Related to Processing of Archive Files Patched in Drupal, artikel fra Securityweek.