Critical Vulnerability in Drupal Kernel Versions 6, 7, and 8

    www.drupal.org/SA-CORE-2018-002

    A week ago, the Drupal Security Team announced on March 28 a serious fix that closes a critical security bug, relevant for all versions of Drupal 6.x, 7.x and 8.x. The bug allows an attacker to gain access to a hosting server with the rights of a web server. There is no known public exploit using this vulnerability yet, but it will most likely appear in the very near future, therefore it is strongly recommended that all happy owners of sites on Drupal or supporting those that install the update as soon as possible.

    Sites running on versions 7.x and 8.x are lucky: they just need to install a kernel update to the latest version, or if this is impossible for some reason, roll a patch to the kernel, there are links to the corresponding patches and versions in the information Drupal Security Team leaflet .

    Owners of sites on the unsupported at the moment version 6 were less fortunate, there is no ready-made assembly for them, but there is a patch in the Drupal 6 Long Term Support project , you can download it here .

    Also popular now: