SafeUM
Home Blog Services Download Help About Recharge
EN
RU

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
EN
Lang
EN
RU
Archive
TOP Security!
27 Mar 2018

Drupal forewarns ‘highly critical’ bug to be patched next week

Drupal developers are being asked to give themselves extra time next week to fix a “highly critical” flaw in Drupal 7 and 8 core.

In an advisory sent to developers on Wednesday, Drupal notified them that, “there will be a security release of Drupal 7.x, 8.3.x, 8.4.x, and 8.5.x on March 28th 2018 between 18:00 – 19:30 UTC.” The security advisory did not identify the bug, only describing it as a “highly critical security vulnerability.”

“The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days,” according to the post. Drupal is a content management system (CMS) that runs on over one million websites and is popular with e-commerce focused businesses. The CMS is the second most popular web management tool behind WordPress, and followed by Joomla.

The advisory said despite the fact Drupal 8.3.x and 8.4.x are not supported and that Drupal doesn’t “normally provide security releases for unsupported minor releases,” it will next week “given the potential severity of this issue.” “We are providing 8.3.x and 8.4.x releases that include the fix for sites which have not yet had a chance to update to 8.5.0,” Drupal said. The upcoming security advisory will list the appropriate version numbers for all three Drupal 8 branches, according to the advisory.

Developers behind Drupal told Threatpost that Drupal 6, with about 65,000 sites still running the version, are also affected by this security issue. They added that  the D6LTS project will provide an upcoming patch for Drupal 6 as well. Specifics regarding the patches and version numbers include:

* Sites on 8.3.x should immediately update to the 8.3.x release that will be provided in the advisory, and then plan to update to the latest 8.5.x security release in the next month.

* Sites on 8.4.x should immediately update to the 8.4.x release that will be provided in the advisory, and then plan to update to the latest 8.5.x security release in the next month.

* Sites on 7.x or 8.5.x can immediately update when the advisory is released using the normal procedure.

Tags:
Drupal information leaks
Source:
Threatpost
564
Other NEWS
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
17 May 2018 safeum news imgage US cell carriers are selling access to your real-time phone location data
16 May 2018 safeum news imgage Australia looking into claim Google harvests data while consumers pay
15 May 2018 safeum news imgage Hacking train Wi-Fi may expose passenger data and control systems
15 May 2018 safeum news imgage Huge new Facebook data leak exposed intimate details of 3m users
All news
SafeUM
Confidential Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015