[Drupal] Security Update
Kildow, Brian
kildow.5 at osu.edu
Thu Oct 16 14:49:10 EDT 2014
Hi Everyone,
I’m sure a lot of you have seen this, but just in case, there was a major security vulnerability identified for Drupal 7 yesterday: https://www.drupal.org/SA-CORE-2014-005. It is recommended to update to the latest version (7.32) of Drupal, or at the very least patch your current version.
The patch can be found here: https://www.drupal.org/files/issues/SA-CORE-2014-005-D7.patch, and if you download this to your Drupal root, you can run the command "patch –p1 < SA-CORE-2014-005-D7.patch" to fix it. This only changes one line of code, so it should not cause any issues.
If you update to 7.32, the patch is included, and there is no need to worry.
The vulnerability is highly critical, and from what I’ve seen can allow anyone with an appropriately crafted http request to gain control of your site, and run arbitrary PHP code. So updating would be a good idea if you haven’t already done so.
-Brian
Brian Kildow
Web Developer
The Ohio State University
College of Engineering Web Services
025 Hitchcock Hall, 2070 Neil Ave, Columbus, OH 43210
614-292-8799 Office
kildow.5 at osu.edu<mailto:kildow.5 at osu.edu> engineering.osu.edu<http://engineering.osu.edu/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osu.edu/pipermail/drupal/attachments/20141016/e8c3b6ca/attachment.html>
More information about the Drupal
mailing list