[LTER-im] Fwd: [ctsc-announce-sw-l] Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001

Inigo San Gil isangil at lternet.edu
Thu Feb 25 13:20:54 MST 2016


Hi,

This reminds me of the messages I get from our trusty biology tech 
person... "ey, a fishing email. do not open it.  windows patch, etc." 
very cute.

Before the fear spreads: I had a chance to check earlier on the 
vulnerabilities addressed by the new core: those do not affect how we 
use DEIMS (To be a target, a Drupal install would either accommodate 
untrusted users or have certain modules active. But those cases is not 
how we use DEIMS --  No need to patch in any urgent manner.

If you need to do something about DEIMS urgently, you will hear from me 
or Palantir before the patch is even issued.

Should anyone feel compelled to patch or upgrade DEIMS, please read 
pages 78-79 of the Book of DEIMS for detailed guidance.

cheers,
Inigo

On 2/25/2016 8:36 AM, Mark Servilla wrote:
> FYI...
>
> ---
> Mark Servilla, Ph.D.
>
> LTER Network Office
> Department of Biology
> MSC 03 2020
> 1 University of New Mexico
> Albuquerque, NM 87131-0001
>
> servilla at LTERnet.edu
> (505) 750-3226
>
> ---------- Forwarded message ----------
> From: *Basney, Jim* <jbasney at illinois.edu <mailto:jbasney at illinois.edu>>
> Date: Thu, Feb 25, 2016 at 8:32 AM
> Subject: [ctsc-announce-sw-l] Drupal Core - Critical - Multiple 
> Vulnerabilities - SA-CORE-2016-001
> To: CTSC Software Developers Announcement List 
> <ctsc-announce-sw-l at list.indiana.edu 
> <mailto:ctsc-announce-sw-l at list.indiana.edu>>, CTSC Infrastructure 
> Operators Announce List <ctsc-announce-inf-l at list.indiana.edu 
> <mailto:ctsc-announce-inf-l at list.indiana.edu>>
>
>
> CI Operators and Software Developers:
>
> Drupal has released updates to address multiple vulnerabilities in the 
> Drupal content management software. Exploitation of some of these 
> vulnerabilities may allow a remote attacker to take control of an 
> affected website.
>
> Available updates include:
> Drupal core 6.38 for 6.x users
> Drupal core 7.43 for 7.x users
> Drupal core 8.0.4 for 8.0.x users
>
> For more information:
> https://www.drupal.org/SA-CORE-2016-001
> https://www.us-cert.gov/ncas/current-activity/2016/02/24/Drupal-Releases-Security-Updates
>
> How CTSC can help:
> The potential impact of any vulnerability, and therefore the 
> appropriate response, depends in part on operational conditions that 
> are unique to each cyberinfrastructure deployment. CTSC can not 
> provide a one-size-fits-all severity rating and response 
> recommendation for all NSF cyberinfrastructure. Please contact us 
> (http://trustedci.org/help/) if you need assistance with assessing the 
> potential impact of this vulnerability in your environment and/or you 
> have additional information about this issue that should be shared 
> with the community.
>
>
>
> _______________________________________________
> Long Term Ecological Research Network
> im mailing list
> im at lternet.edu
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lternet.edu/pipermail/im/attachments/20160225/ef839e3b/attachment.html>


More information about the im mailing list