<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
Hi,<br>
<br>
This reminds me of the messages I get from our trusty biology tech
person... "ey, a fishing email. do not open it. windows patch,
etc." very cute.<br>
<br>
Before the fear spreads: I had a chance to check earlier on the
vulnerabilities addressed by the new core: those do not affect how
we use DEIMS (To be a target, a Drupal install would either
accommodate untrusted users or have certain modules active. But
those cases is not how we use DEIMS -- No need to patch in any
urgent manner. <br>
<br>
If you need to do something about DEIMS urgently, you will hear from
me or Palantir before the patch is even issued.<br>
<br>
Should anyone feel compelled to patch or upgrade DEIMS, please read
pages 78-79 of the Book of DEIMS for detailed guidance.<br>
<br>
cheers,<br>
Inigo<br>
<br>
<div class="moz-cite-prefix">On 2/25/2016 8:36 AM, Mark Servilla
wrote:<br>
</div>
<blockquote
cite="mid:CAHVSB9GJ4GrJA_p1LHBvKzWQY8EfHcwwj6ZGh=wH0SNZH6BWUA@mail.gmail.com"
type="cite">
<div dir="ltr">FYI...<br clear="all">
<div>
<div class="gmail_signature"><br>
---<br>
Mark Servilla, Ph.D.<br>
<br>
LTER Network Office<br>
Department of Biology<br>
MSC 03 2020<br>
1 University of New Mexico<br>
Albuquerque, NM 87131-0001<br>
<br>
<a class="moz-txt-link-abbreviated" href="mailto:servilla@LTERnet.edu">servilla@LTERnet.edu</a><br>
(505) 750-3226</div>
</div>
<br>
<div class="gmail_quote">---------- Forwarded message ----------<br>
From: <b class="gmail_sendername">Basney, Jim</b> <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:jbasney@illinois.edu">jbasney@illinois.edu</a>></span><br>
Date: Thu, Feb 25, 2016 at 8:32 AM<br>
Subject: [ctsc-announce-sw-l] Drupal Core - Critical -
Multiple Vulnerabilities - SA-CORE-2016-001<br>
To: CTSC Software Developers Announcement List <<a
moz-do-not-send="true"
href="mailto:ctsc-announce-sw-l@list.indiana.edu"><a class="moz-txt-link-abbreviated" href="mailto:ctsc-announce-sw-l@list.indiana.edu">ctsc-announce-sw-l@list.indiana.edu</a></a>>,
CTSC Infrastructure Operators Announce List <<a
moz-do-not-send="true"
href="mailto:ctsc-announce-inf-l@list.indiana.edu"><a class="moz-txt-link-abbreviated" href="mailto:ctsc-announce-inf-l@list.indiana.edu">ctsc-announce-inf-l@list.indiana.edu</a></a>><br>
<br>
<br>
<div
style="word-wrap:break-word;color:rgb(0,0,0);font-size:12px;font-family:Helvetica,sans-serif">
<div>
<div><font face="Helvetica,sans-serif">CI Operators and
Software Developers:</font></div>
<div><font face="Helvetica,sans-serif"><br>
</font></div>
<div><font face="Helvetica,sans-serif">Drupal has released
updates to address multiple vulnerabilities in the
Drupal content management software. Exploitation of
some of these vulnerabilities may allow a remote
attacker to </font><span
style="font-family:Helvetica,sans-serif">take control
of an affected website.</span></div>
<div><font face="Helvetica,sans-serif"><br>
</font></div>
<div><font face="Helvetica,sans-serif">Available updates
include:</font></div>
<div><font face="Helvetica,sans-serif">Drupal core 6.38
for 6.x users</font></div>
<div><font face="Helvetica,sans-serif">Drupal core 7.43
for 7.x users</font></div>
<div><font face="Helvetica,sans-serif">Drupal core 8.0.4
for 8.0.x users</font></div>
<div><font face="Helvetica,sans-serif"><br>
</font></div>
<div><font face="Helvetica,sans-serif">For more
information:</font></div>
<div><font face="Helvetica,sans-serif"><a
moz-do-not-send="true"
href="https://www.drupal.org/SA-CORE-2016-001"
target="_blank"><a class="moz-txt-link-freetext" href="https://www.drupal.org/SA-CORE-2016-001">https://www.drupal.org/SA-CORE-2016-001</a></a></font></div>
<div><font face="Helvetica,sans-serif"><a
moz-do-not-send="true"
href="https://www.us-cert.gov/ncas/current-activity/2016/02/24/Drupal-Releases-Security-Updates"
target="_blank"><a class="moz-txt-link-freetext" href="https://www.us-cert.gov/ncas/current-activity/2016/02/24/Drupal-Releases-Security-Updates">https://www.us-cert.gov/ncas/current-activity/2016/02/24/Drupal-Releases-Security-Updates</a></a></font></div>
<div><font face="Helvetica,sans-serif"><br>
</font></div>
<div><font face="Helvetica,sans-serif">How CTSC can help:</font></div>
<div><font face="Helvetica,sans-serif">The potential
impact of any vulnerability, and therefore the
appropriate response, depends in part on operational
conditions that are unique to each cyberinfrastructure
deployment. CTSC can not provide a one-size-fits-all
severity rating and response recommendation for all
NSF cyberinfrastructure. Please contact us (<a
moz-do-not-send="true"
href="http://trustedci.org/help/" target="_blank"><a class="moz-txt-link-freetext" href="http://trustedci.org/help/">http://trustedci.org/help/</a></a>)
if you need assistance with assessing the potential
impact of this vulnerability in your environment
and/or you have additional information about this
issue that should be shared with the community.</font></div>
</div>
</div>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Long Term Ecological Research Network
im mailing list
<a class="moz-txt-link-abbreviated" href="mailto:im@lternet.edu">im@lternet.edu</a>
</pre>
</blockquote>
<br>
</body>
</html>