it.ucsf.edu

Security Update:

Status Type

Security Update

Date and Time

Thursday, April 26, 2018 - 11:25

Reason

Security Update

Impact

  • If you are running 7.x, upgrade to Drupal 7.59.
  • If you are running 8.5.x, upgrade to Drupal 8.5.3.
  • If you are running 8.4.x, upgrade to Drupal 8.4.8.
  • If you installed CKEditor in Drupal 7 using another method and you’re using a version of CKEditor from 4.5.11 up to 4.9.1, update the third-party JavaScript library by downloading CKEditor 4.9.2 from CKEditor's site: https://ckeditor.com/ckeditor-4/download/
  • If you are unable to update immediately, apply the Patch for Drupal 8.x (8.5.x and below)
  • If you are unable to update immediately, apply the Patch for Drupal 7.x

Advanced Users: For the full Public Announcement refer to:

AFFECTED SYSTEMS:

  • Drupal 7 and 8

WHAT'S THE PROBLEM?

If exploited, this vulnerability may allow an attacker to gain access to sensitive information.

WHAT DO YOU NEED TO DO?

Install the latest version:

  • If you are running 7.x, upgrade to Drupal 7.59.
  • If you are running 8.5.x, upgrade to Drupal 8.5.3.
  • If you are running 8.4.x, upgrade to Drupal 8.4.8.
  • If you installed CKEditor in Drupal 7 using another method and you’re using a version of CKEditor from 4.5.11 up to 4.9.1, update the third-party JavaScript library by downloading CKEditor 4.9.2 from CKEditor's site: https://ckeditor.com/ckeditor-4/download/
  • If you are unable to update immediately, apply the Patch for Drupal 8.x (8.5.x and below)
  • If you are unable to update immediately, apply the Patch for Drupal 7.x