|Title||Start Date & Time||End Date & Time|
|Service Restored: Red Hat Licensing Issues||Thursday, November 29, 2018 - 9:20am|
|Service Maintenance Scheduled: Networks in Multiple Buildings||Monday, November 26, 2018 - 6:00pm||Wednesday, January 23, 2019 - 10:00pm|
Drupal has released an update to address a vulnerability that may allow a remote code execution which could allow the site to be completely compromised. The IT Security Office recommends upgrading as soon as possible.
CU Boulder's www.colorado.edu and sites on the Web Express service are fully patched.
Drupal core 6.x, 7.x, 8.3.x, 8.4.x, and 8.5.x
Upgrade to the most recent version of Drupal 6, 7, or 8 core.
Security bulletin name: Drupal Core - Highly Critical - Remote Code Execution - SA-CORE-2018-002
Additional information about this vulnerability can be viewed at: https://www.drupal.org/SA-CORE-2018-002
If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or firstname.lastname@example.org. IT Service Center Hours: https://oit.colorado.edu/support/it-service-center.
OIT has defined the following categories to describe the severity of security risks:
URGENT severity represents a broad threat to the entire campus community.
SEVERE severity included remote exploits and worms.
IMPORTANT severity includes virus and local exploits for commonly used services.