Drupal security updates

Number: AV17-033
Date: 16 March 2017

Purpose

The purpose of this advisory is to bring attention to a Drupal security release.

Assessment

Drupal has released updates to address multiple security vulnerabilities.  Exploitation of these vulnerabilities may allow an attacker to perform arbitrary remote code execution.

Affected Versions:
Drupal core 8.x versions prior to 8.2.7

CVE References: 

CVE-2017-6377, CVE-2017-6379, CVE-2017-6381

Suggested action

CCIRC recommends that owner/operators test and deploy the vendor released update or workaround to affected platforms accordingly.

References

https://www.drupal.org/SA-2017-001

Date modified: