Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Drupal security updates

Number: AV17-128
Date: 17 August 2017

Purpose

The purpose of this advisory is to bring attention to a Drupal security release.

Assessment

Drupal has released updates to address multiple security vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to bypass certain security restrictions and perform unauthorized actions.

Affected Versions:

  • Drupal 7 Views module
  • Drupal core 8.x versions prior to 8.3.7

CVE References: CVE-2017-6923, CVE-2017-6924, CVE-2017-6925

Suggested Action

CCIRC recommends that owners/operators test and deploy the vendor released update or workaround to affected platforms accordingly.

References:

https://www.drupal.org/SA-CORE-2017-004

Date modified: