[teknoids] Major Drupal security updates for contrib modules expected tomorrow

Elmer Masters emasters at cali.org
Tue Jul 12 17:09:17 EDT 2016


The following message is making the rounds of the Drupal community. The
last time an alert like this went out was back in the Fall of 2014 when the
issue led to thousands of Drupal sites being compromised in a matter of

I'll be applying any applicable updates quickly tomorrow afternoon, so you
may see a blip in the CALI website.

Of particular note is that since Drupal 6 is no longer supported it isn't
covered by this announcement but it may still be affected.

Happy patching,

*From:* security-news at drupal.org
*Date:* July 12, 2016 at 12:37:55 PM CDT
*To:* security-news at drupal.org
*Subject:* *[Security-news] Drupal contrib - Highly Critical - Remote code
execution PSA-2016-001*
*Reply-To:* noreply at drupal.org

View online: https://www.drupal.org/node/2764899

 * Advisory ID: DRUPAL-PSA-2016-001
 * Project: Drupal contributed modules
 * Version: 7.x
 * Date: 2016-July-12
 * Security risk: 22/25 ( Highly Critical)
   AC:None/A:None/CI:All/II:All/E:Theoretical/TD:All [1]
 * Vulnerability: Arbitrary PHP code execution


There will be multiple releases of Drupal contributed modules on Wednesday
July 13th 2016 16:00 UTC that will fix highly critical remote code execution
vulnerabilities (risk scores up to 22/25 [2]). The Drupal Security Team
you to reserve time for module updates at that time because exploits are
expected to be developed within hours/days. Release announcements will
at the standard announcement locations. [3]

Drupal core is not affected. Not all sites will be affected. You should
review the published advisories on July 13th 2016 to see if any modules you
use are affected.

The Drupal security team can be reached at security at drupal.org or via the
contact form at https://www.drupal.org/contact [4].

Learn more about the Drupal Security team and their policies [5], writing
secure code for Drupal [6], and  securing your site [7].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [8]

[1] https://www.drupal.org/security-team/risk-levels
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/security/contrib
[4] https://www.drupal.org/contact
[5] https://www.drupal.org/security-team
[6] https://www.drupal.org/writing-secure-code
[7] https://www.drupal.org/security/secure-configuration
[8] https://twitter.com/drupalsecurity

Security-news mailing list
Security-news at drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news

Elmer R. Masters
Director of Technology
Center for Computer-Assisted Legal Instruction
emasters at cali.org    773-332-7508
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.teknoids.net/pipermail/teknoids/attachments/20160712/c6a62b41/attachment.html>

More information about the Teknoids mailing list