You are here
Home > Data Breach > Drupal’s Archive Tar patches multiple crititical vulnerabilities

Drupal’s Archive Tar patches multiple crititical vulnerabilities

by Doug Olenick - 0
As MENA moves to cloud, CIOs look to keep data in-country, study shows
 

Drupal Core announced multiple critical vulnerabilities
that impact some of its configurations for
versions: 8.8.x-dev, 8.7.x-dev, and 7.x-dev.

The Drupal project uses the
third-party library Archive_Tar,
which released a security update – SA-CORE-2019-012, according to a Dec. 18
advisory.

Multiple vulnerabilities are
possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file
uploads and processes them.

The latest versions of Drupal
update Archive_Tar to 1.4.9 to mitigate the file processing
vulnerabilities.

Drupal
also advises users to install the latest
versions:

  • If you are using Drupal 7.x, upgrade to Drupal 7.69.
  • If you are using Drupal 8.7.x, upgrade to Drupal 8.7.11.
  • If you are using Drupal 8.8.x, upgrade to Drupal 8.8.1.

In
addition, updating to the Drupal 7.x core release will apply the fixes for all the
below:

  • SA-CORE-2019-009
  • SA-CORE-2019-010
  • SA-CORE-2019-011
  • SA-CORE-2019-012

The post Drupal’s Archive Tar patches multiple crititical vulnerabilities appeared first on SC Media.

Source link

Doug Olenick
Top