[LTER-im] Fwd: [ctsc-announce-sw-l] Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001
Dan Bahauddin
danbaha at umn.edu
Thu Feb 25 14:00:48 MST 2016
Thanks Mark. I always appreciate the heads up.
--
Dan Bahauddin
Information Manager
Cedar Creek Ecosystem Science Reserve
2660 Fawn Lake Dr. NE
East Bethel, MN 55005
Office: 612-301-2603
Fax: 612-301-2626
On Feb 25, 2016 2:21 PM, "Inigo San Gil" <isangil at lternet.edu> wrote:
>
> Hi,
>
> This reminds me of the messages I get from our trusty biology tech
> person... "ey, a fishing email. do not open it. windows patch, etc." very
> cute.
>
> Before the fear spreads: I had a chance to check earlier on the
> vulnerabilities addressed by the new core: those do not affect how we use
> DEIMS (To be a target, a Drupal install would either accommodate untrusted
> users or have certain modules active. But those cases is not how we use
> DEIMS -- No need to patch in any urgent manner.
>
> If you need to do something about DEIMS urgently, you will hear from me or
> Palantir before the patch is even issued.
>
> Should anyone feel compelled to patch or upgrade DEIMS, please read pages
> 78-79 of the Book of DEIMS for detailed guidance.
>
> cheers,
> Inigo
>
> On 2/25/2016 8:36 AM, Mark Servilla wrote:
>
> FYI...
>
> ---
> Mark Servilla, Ph.D.
>
> LTER Network Office
> Department of Biology
> MSC 03 2020
> 1 University of New Mexico
> Albuquerque, NM 87131-0001
>
> servilla at LTERnet.edu
> (505) 750-3226
>
> ---------- Forwarded message ----------
> From: Basney, Jim <jbasney at illinois.edu>
> Date: Thu, Feb 25, 2016 at 8:32 AM
> Subject: [ctsc-announce-sw-l] Drupal Core - Critical - Multiple
> Vulnerabilities - SA-CORE-2016-001
> To: CTSC Software Developers Announcement List <
> ctsc-announce-sw-l at list.indiana.edu>, CTSC Infrastructure Operators
> Announce List <ctsc-announce-inf-l at list.indiana.edu>
>
>
> CI Operators and Software Developers:
>
> Drupal has released updates to address multiple vulnerabilities in the
> Drupal content management software. Exploitation of some of these
> vulnerabilities may allow a remote attacker to take control of an
> affected website.
>
> Available updates include:
> Drupal core 6.38 for 6.x users
> Drupal core 7.43 for 7.x users
> Drupal core 8.0.4 for 8.0.x users
>
> For more information:
> https://www.drupal.org/SA-CORE-2016-001
>
> https://www.us-cert.gov/ncas/current-activity/2016/02/24/Drupal-Releases-Security-Updates
>
> How CTSC can help:
> The potential impact of any vulnerability, and therefore the appropriate
> response, depends in part on operational conditions that are unique to each
> cyberinfrastructure deployment. CTSC can not provide a one-size-fits-all
> severity rating and response recommendation for all NSF
> cyberinfrastructure. Please contact us (http://trustedci.org/help/) if
> you need assistance with assessing the potential impact of this
> vulnerability in your environment and/or you have additional information
> about this issue that should be shared with the community.
>
>
>
> _______________________________________________
> Long Term Ecological Research Network
> im mailing listim at lternet.edu
>
>
>
> _______________________________________________
> Long Term Ecological Research Network
> im mailing list
> im at lternet.edu
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lternet.edu/pipermail/im/attachments/20160225/c179744b/attachment.html>
More information about the im
mailing list