Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Drupal security updates

Number: AV17-086
Date: 22 June 2017

Purpose

The purpose of this advisory is to bring attention to Drupal security updates.

Assessment

Drupal has released updates to address multiple security vulnerabilities. An attacker can exploit those vulnerabilities to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.

Affected Versions:

  • Drupal core 7.x versions prior to 7.56
  • Drupal core 8.x versions prior to 8.3.4

CVE Reference: CVE-2017-6920, CVE-2017-6921, CVE-2017-6922

Suggested Action

CCIRC recommends that owners/operators test and deploy the vendor released update or workaround to affected platforms accordingly.

References:

https://www.drupal.org/SA-CORE-2017-003

Date modified: