<div dir="ltr"><div><div><div><div>Ahoj, <br><br>dnes v 18h vyjdou záplaty vysoce kritických zranitelností modulů redakčního systému Drupal.<br><br></div>Kdo provozujete Drupal, neváhejte aktualizovat, očekává se, že exploity budou vytvořeny během hodin od zveřejnění.<br><br></div>Více info v přeposlaném oznámení.<br><br></div>Zdravím,<br><br></div>Jiří Volf<br><div><div><div><div><div><div><div><br><div><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername"></b> <span dir="ltr"><<a href="mailto:security-news@drupal.org" target="_blank">security-news@drupal.org</a>></span><br>Date: 2016-07-12 19:37 GMT+02:00<br>Subject: [Security-news] Drupal contrib - Highly Critical - Remote code execution PSA-2016-001<br>To: <a href="mailto:security-news@drupal.org" target="_blank">security-news@drupal.org</a><br><br><br>View online: <a href="https://www.drupal.org/node/2764899" rel="noreferrer" target="_blank">https://www.drupal.org/node/2764899</a><br>
<br>
* Advisory ID: DRUPAL-PSA-2016-001<br>
* Project: Drupal contributed modules<br>
* Version: 7.x<br>
* Date: 2016-July-12<br>
* Security risk: 22/25 ( Highly Critical)<br>
AC:None/A:None/CI:All/II:All/E:Theoretical/TD:All [1]<br>
* Vulnerability: Arbitrary PHP code execution<br>
<br>
-------- DESCRIPTION<br>
---------------------------------------------------------<br>
<br>
There will be multiple releases of Drupal contributed modules on Wednesday<br>
July 13th 2016 16:00 UTC that will fix highly critical remote code execution<br>
vulnerabilities (risk scores up to 22/25 [2]). The Drupal Security Team urges<br>
you to reserve time for module updates at that time because exploits are<br>
expected to be developed within hours/days. Release announcements will appear<br>
at the standard announcement locations. [3]<br>
<br>
Drupal core is not affected. Not all sites will be affected. You should<br>
review the published advisories on July 13th 2016 to see if any modules you<br>
use are affected.<br>
-------- CONTACT AND MORE INFORMATION<br>
----------------------------------------<br>
<br>
The Drupal security team can be reached at security at <a href="http://drupal.org" rel="noreferrer" target="_blank">drupal.org</a> or via the<br>
contact form at <a href="https://www.drupal.org/contact" rel="noreferrer" target="_blank">https://www.drupal.org/contact</a> [4].<br>
<br>
Learn more about the Drupal Security team and their policies [5], writing<br>
secure code for Drupal [6], and securing your site [7].<br>
<br>
Follow the Drupal Security Team on Twitter at<br>
<a href="https://twitter.com/drupalsecurity" rel="noreferrer" target="_blank">https://twitter.com/drupalsecurity</a> [8]<br>
<br>
<br>
[1] <a href="https://www.drupal.org/security-team/risk-levels" rel="noreferrer" target="_blank">https://www.drupal.org/security-team/risk-levels</a><br>
[2] <a href="https://www.drupal.org/security-team/risk-levels" rel="noreferrer" target="_blank">https://www.drupal.org/security-team/risk-levels</a><br>
[3] <a href="https://www.drupal.org/security/contrib" rel="noreferrer" target="_blank">https://www.drupal.org/security/contrib</a><br>
[4] <a href="https://www.drupal.org/contact" rel="noreferrer" target="_blank">https://www.drupal.org/contact</a><br>
[5] <a href="https://www.drupal.org/security-team" rel="noreferrer" target="_blank">https://www.drupal.org/security-team</a><br>
[6] <a href="https://www.drupal.org/writing-secure-code" rel="noreferrer" target="_blank">https://www.drupal.org/writing-secure-code</a><br>
[7] <a href="https://www.drupal.org/security/secure-configuration" rel="noreferrer" target="_blank">https://www.drupal.org/security/secure-configuration</a><br>
[8] <a href="https://twitter.com/drupalsecurity" rel="noreferrer" target="_blank">https://twitter.com/drupalsecurity</a><br>
<br>
_______________________________________________<br>
Security-news mailing list<br>
<a href="mailto:Security-news@drupal.org" target="_blank">Security-news@drupal.org</a><br>
Unsubscribe at <a href="https://lists.drupal.org/mailman/listinfo/security-news" rel="noreferrer" target="_blank">https://lists.drupal.org/mailman/listinfo/security-news</a><br>
</div><br></div></div></div></div></div></div></div></div></div>