<p dir="ltr">Thanks Mark. I always appreciate the heads up. </p>
<p dir="ltr">--<br>
Dan Bahauddin<br>
Information Manager</p>
<p dir="ltr">Cedar Creek Ecosystem Science Reserve<br>
2660 Fawn Lake Dr. NE<br>
East Bethel, MN 55005 </p>
<p dir="ltr">Office: 612-301-2603<br>
Fax: 612-301-2626</p>
<div class="gmail_quote">On Feb 25, 2016 2:21 PM, "Inigo San Gil" <<a href="mailto:isangil@lternet.edu">isangil@lternet.edu</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<br>
Hi,<br>
<br>
This reminds me of the messages I get from our trusty biology tech
person... "ey, a fishing email. do not open it. windows patch,
etc." very cute.<br>
<br>
Before the fear spreads: I had a chance to check earlier on the
vulnerabilities addressed by the new core: those do not affect how
we use DEIMS (To be a target, a Drupal install would either
accommodate untrusted users or have certain modules active. But
those cases is not how we use DEIMS -- No need to patch in any
urgent manner. <br>
<br>
If you need to do something about DEIMS urgently, you will hear from
me or Palantir before the patch is even issued.<br>
<br>
Should anyone feel compelled to patch or upgrade DEIMS, please read
pages 78-79 of the Book of DEIMS for detailed guidance.<br>
<br>
cheers,<br>
Inigo<br>
<br>
<div>On 2/25/2016 8:36 AM, Mark Servilla
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">FYI...<br clear="all">
<div>
<div><br>
---<br>
Mark Servilla, Ph.D.<br>
<br>
LTER Network Office<br>
Department of Biology<br>
MSC 03 2020<br>
1 University of New Mexico<br>
Albuquerque, NM 87131-0001<br>
<br>
<a href="mailto:servilla@LTERnet.edu" target="_blank">servilla@LTERnet.edu</a><br>
<a href="tel:%28505%29%20750-3226" value="+15057503226" target="_blank">(505) 750-3226</a></div>
</div>
<br>
<div class="gmail_quote">---------- Forwarded message ----------<br>
From: <b class="gmail_sendername">Basney, Jim</b> <span dir="ltr"><<a href="mailto:jbasney@illinois.edu" target="_blank">jbasney@illinois.edu</a>></span><br>
Date: Thu, Feb 25, 2016 at 8:32 AM<br>
Subject: [ctsc-announce-sw-l] Drupal Core - Critical -
Multiple Vulnerabilities - SA-CORE-2016-001<br>
To: CTSC Software Developers Announcement List <<a href="mailto:ctsc-announce-sw-l@list.indiana.edu" target="_blank"><a href="mailto:ctsc-announce-sw-l@list.indiana.edu" target="_blank">ctsc-announce-sw-l@list.indiana.edu</a></a>>,
CTSC Infrastructure Operators Announce List <<a href="mailto:ctsc-announce-inf-l@list.indiana.edu" target="_blank"><a href="mailto:ctsc-announce-inf-l@list.indiana.edu" target="_blank">ctsc-announce-inf-l@list.indiana.edu</a></a>><br>
<br>
<br>
<div style="word-wrap:break-word;color:rgb(0,0,0);font-size:12px;font-family:Helvetica,sans-serif">
<div>
<div><font face="Helvetica,sans-serif">CI Operators and
Software Developers:</font></div>
<div><font face="Helvetica,sans-serif"><br>
</font></div>
<div><font face="Helvetica,sans-serif">Drupal has released
updates to address multiple vulnerabilities in the
Drupal content management software. Exploitation of
some of these vulnerabilities may allow a remote
attacker to </font><span style="font-family:Helvetica,sans-serif">take control
of an affected website.</span></div>
<div><font face="Helvetica,sans-serif"><br>
</font></div>
<div><font face="Helvetica,sans-serif">Available updates
include:</font></div>
<div><font face="Helvetica,sans-serif">Drupal core 6.38
for 6.x users</font></div>
<div><font face="Helvetica,sans-serif">Drupal core 7.43
for 7.x users</font></div>
<div><font face="Helvetica,sans-serif">Drupal core 8.0.4
for 8.0.x users</font></div>
<div><font face="Helvetica,sans-serif"><br>
</font></div>
<div><font face="Helvetica,sans-serif">For more
information:</font></div>
<div><font face="Helvetica,sans-serif"><a href="https://www.drupal.org/SA-CORE-2016-001" target="_blank"><a href="https://www.drupal.org/SA-CORE-2016-001" target="_blank">https://www.drupal.org/SA-CORE-2016-001</a></a></font></div>
<div><font face="Helvetica,sans-serif"><a href="https://www.us-cert.gov/ncas/current-activity/2016/02/24/Drupal-Releases-Security-Updates" target="_blank"><a href="https://www.us-cert.gov/ncas/current-activity/2016/02/24/Drupal-Releases-Security-Updates" target="_blank">https://www.us-cert.gov/ncas/current-activity/2016/02/24/Drupal-Releases-Security-Updates</a></a></font></div>
<div><font face="Helvetica,sans-serif"><br>
</font></div>
<div><font face="Helvetica,sans-serif">How CTSC can help:</font></div>
<div><font face="Helvetica,sans-serif">The potential
impact of any vulnerability, and therefore the
appropriate response, depends in part on operational
conditions that are unique to each cyberinfrastructure
deployment. CTSC can not provide a one-size-fits-all
severity rating and response recommendation for all
NSF cyberinfrastructure. Please contact us (<a href="http://trustedci.org/help/" target="_blank"><a href="http://trustedci.org/help/" target="_blank">http://trustedci.org/help/</a></a>)
if you need assistance with assessing the potential
impact of this vulnerability in your environment
and/or you have additional information about this
issue that should be shared with the community.</font></div>
</div>
</div>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
Long Term Ecological Research Network
im mailing list
<a href="mailto:im@lternet.edu" target="_blank">im@lternet.edu</a>
</pre>
</blockquote>
<br>
</div>
<br>_______________________________________________<br>
Long Term Ecological Research Network<br>
im mailing list<br>
<a href="mailto:im@lternet.edu">im@lternet.edu</a><br>
<br>
<br></blockquote></div>