it.ucsf.edu

Security Update:Drupal has released a HIGHLY CRITICAL security advisory to address multiple vulnerabilities in Drupal 7.x and 8.5.x. There are now reports of active exploitation of this vulnerability to compromise servers and spread malware

Status Type

Security Update

Date and Time

Tuesday, April 17, 2018 - 08:27

Reason

Security update

Impact

Drupal users

WHAT HAPPENED?

Drupal has released a HIGHLY CRITICAL security advisory to address multiple vulnerabilities in Drupal 7.x and 8.5.x. There are now reports of active exploitation of this vulnerability to compromise servers and spread malware.

 

Advanced Users: For the full Public Announcement refer to:

 

AFFECTED SYSTEMS:

  • Drupal 6.x, 7.x, and 8.x

 

WHAT'S THE PROBLEM?

If exploited, this vulnerability may allow an attacker completely take over the site.

 

WHAT DO YOU NEED TO DO?

Install the latest version:

  • If you use Drupal 6.x, upgrade to Dupal 7.58 or 8.5.1. If a Drupal 6 site cannot be upgraded to Drupal 7 or 8: Drupal 6 is officially end of life, support and security patches may be available from third party vendors: https://www.drupal.org/project/d6lts

 

RELATED LINKS