SafeUM
Home Blog Services Download Help About Recharge
EN
RU

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
EN
Lang
EN
RU
Archive
TOP Security!
27 Mar 2018

Drupal forewarns ‘highly critical’ bug to be patched next week

Drupal developers are being asked to give themselves extra time next week to fix a “highly critical” flaw in Drupal 7 and 8 core.

In an advisory sent to developers on Wednesday, Drupal notified them that, “there will be a security release of Drupal 7.x, 8.3.x, 8.4.x, and 8.5.x on March 28th 2018 between 18:00 – 19:30 UTC.” The security advisory did not identify the bug, only describing it as a “highly critical security vulnerability.”

“The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days,” according to the post. Drupal is a content management system (CMS) that runs on over one million websites and is popular with e-commerce focused businesses. The CMS is the second most popular web management tool behind WordPress, and followed by Joomla.

The advisory said despite the fact Drupal 8.3.x and 8.4.x are not supported and that Drupal doesn’t “normally provide security releases for unsupported minor releases,” it will next week “given the potential severity of this issue.” “We are providing 8.3.x and 8.4.x releases that include the fix for sites which have not yet had a chance to update to 8.5.0,” Drupal said. The upcoming security advisory will list the appropriate version numbers for all three Drupal 8 branches, according to the advisory.

Developers behind Drupal told Threatpost that Drupal 6, with about 65,000 sites still running the version, are also affected by this security issue. They added that  the D6LTS project will provide an upcoming patch for Drupal 6 as well. Specifics regarding the patches and version numbers include:

* Sites on 8.3.x should immediately update to the 8.3.x release that will be provided in the advisory, and then plan to update to the latest 8.5.x security release in the next month.

* Sites on 8.4.x should immediately update to the 8.4.x release that will be provided in the advisory, and then plan to update to the latest 8.5.x security release in the next month.

* Sites on 7.x or 8.5.x can immediately update when the advisory is released using the normal procedure.

Tags:
Drupal information leaks
Source:
Threatpost
93
Other NEWS
25 Apr 2018 safeum news imgage Amazon has a top-secret plan to build home robots
24 Apr 2018 safeum news imgage Advanced hackers infect X-Ray machines in healthcare espionage
23 Apr 2018 safeum news imgage 'Trustjacking' could expose iPhones to attack
20 Apr 2018 safeum news imgage Google boots fake Ad blockers from Chrome web store
20 Apr 2018 safeum news imgage Data firm leaks 48 million user profiles it scraped from Facebook, LinkedIn, others
19 Apr 2018 safeum news imgage Critical unpatched RCE flaw disclosed in LG network storage devices
18 Apr 2018 safeum news imgage Apple is planning to launch a news subscription service
18 Apr 2018 safeum news imgage A big Spanish bank’s customers can now use it to transfer money
17 Apr 2018 safeum news imgage How Android phones hide missed security updates from you
16 Apr 2018 safeum news imgage Google is testing self-destructing emails in new Gmail
16 Apr 2018 safeum news imgage In a leaked memo, Apple warns employees to stop leaking information
13 Apr 2018 safeum news imgage WannaCry ransomware sinkhole data now available to organizations
13 Apr 2018 safeum news imgage Apple must pay $502.6 million to VirnetX, federal jury rules
12 Apr 2018 safeum news imgage Vevo’s YouTube account hack hits popular music videos, causes biggest video ever to disappear
11 Apr 2018 safeum news imgage Homeland security to compile database of journalists, bloggers
All news
SafeUM
Confidential Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015