Drupal Releases Emergency Security Update

Last Updated: 05/01/2018

Security Notice Level

SEVERE

Overview

Drupal has released an update to address a vulnerability that may allow a remote code execution which could allow the site to be completely compromised. The IT Security Office recommends upgrading as soon as possible.

CU Boulder's www.colorado.edu and sites on the Web Express service are fully patched.

Affected Software

Drupal core 6.x, 7.x, 8.3.x, 8.4.x, and 8.5.x

Solution

Upgrade to the most recent version of Drupal 6, 7, or 8 core.

Additional Information

Security bulletin name: Drupal Core - Highly Critical - Remote Code Execution - SA-CORE-2018-002

Additional information about this vulnerability can be viewed at: https://www.drupal.org/SA-CORE-2018-002

If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or help@colorado.edu.  IT Service Center Hours:  https://oit.colorado.edu/support/it-service-center.