Drupal security updates

Number: AV16-035
Date: 25 February 2016

Purpose

The purpose of this advisory is to bring attention to a Drupal Security Release.

Assessment

Drupal has released updates to address multiple security vulnerabilities. Some of these vulnerabilities can allow a remote attacker to take control of an affected system.

Affected Versions:
Drupal core 6.x versions prior to 6.38
Drupal core 7.x versions prior to 7.43
Drupal core 8.0.x versions prior to 8.0.4

Suggested Action

CCIRC recommends that owner/operators test and deploy the vendor released update or workaround to affected platforms accordingly.

References:

Drupal: https://www.drupal.org/SA-CORE-2016-001

Date modified: