News

Drupal Releases Security Updates for Critical Vulnerability in Drupal 6, 7 and 8

By admin
Spread the love

Drupal has released security updates for Drupal 7 and Drupal 8 that address a critical vulnerability in the software. The organization warned a week ago that it would release the patches on Wednesday evening. Drupal 6 has also been affected and patches are available.

According to the warning issued by Drupal, it is a vulnerability that allows remote code execution. The organization has therefore chosen to assign a risk score of 21 out of 25. Drupal has not released any details of the vulnerability, but from the build-up of the risk score, described on a FAQ page, it can be concluded that the vulnerability can easily be exploited by an unauthorized attacker and that it gives access to all data on a server . No exploits are said to be available yet and the vulnerability is present in standard configurations and commonly used settings.

The Drupal team warns that due to the nature of the vulnerability, it is likely that exploits will be developed in the near future. There are indications on Twitter as to the nature of the vulnerability to find. It is therefore recommended to perform an update as soon as possible. The vulnerability was found by an employee of Druid, which, among other things, conducts audits for Drupal. The cms is used by five percent of the one million most popular sites, according to Builtwith, W3Techs shows a slightly lower percentage for a larger population.

Patches are available for the vulnerability, which is identified as CVE-2018-7600. Users with version 7.x can update to version 7.58 and for users with version 8.5.x a patch in the form of 8.5.1 is available. Users with 8.3.x and 8.4.x can update to versions 8.3.9 and 8.4.6 respectively or use a patch, even if they are unsupported releases. The Drupal team advises these users to update to 8.5 after the patch.

For version 6 users, Drupal points to the lts version page, where patches should be available. For users who are unable to update, Drupal recommends, among other things, to temporarily replace the site with a static HTML page. The organization warned about this leak a week ago.

You might also like
News

X begins to deploy the audio and video calling function (but only paying users can…

News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Telegram has over 800 million active users and is not yet profitable