Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [Security-news] Drupal Core - 3rd-party libraries -SA-CORE-2018-005

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [Security-news] Drupal Core - 3rd-party libraries -SA-CORE-2018-005


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: security-news AT drupal.org
  • To: security-news AT drupal.org
  • Subject: [IT-SecNots] [Security-news] Drupal Core - 3rd-party libraries -SA-CORE-2018-005
  • Date: Wed, 1 Aug 2018 21:00:31 +0000 (UTC)
  • List-archive: <http://lists.drupal.org/pipermail/security-news/>
  • List-id: <security-news.drupal.org>
View online: https://www.drupal.org/SA-CORE-2018-005

* Advisory ID: SA-CORE-2018-005
* Project: Drupal core [1]
* Version: 8.x
* CVE: CVE-2018-14773
* Date: 2018-August-01

-------- DESCRIPTION
---------------------------------------------------------

The Drupal project uses the Symfony library. The Symfony library has released
a security update that impacts Drupal. Refer to the Symfony security
advisory for the issue [2].

The same vulnerability also exists in the Zend Feed and Diactoros libraries
included in Drupal core; however, Drupal core does not use the vulnerable
functionality. If your site or module uses Zend Feed or Diactoros directly,
read the Zend Framework security advisory [3] and update or patch as needed.

The Drupal Security Team would like to to thank the Symfony and Zend Security
teams for their collaboration on this issue.

-------- VERSIONS AFFECTED
---------------------------------------------------

8.x versions before 8.5.6.

-------- SOLUTION
------------------------------------------------------------

Upgrade to Drupal 8.5.6.

Versions of Drupal 8 prior to 8.5.x are end-of-life and do not receive
security coverage.

-------- CONTACT AND MORE INFORMATION
----------------------------------------

The Drupal security team can be reached at security at drupal.org or via the
contact form at https://www.drupal.org/contact [4].

Learn more about the Drupal Security team and their policies [5], writing
secure code for Drupal [6], and securing your site [7].

Follow the Drupal Security Team on Twitter at
https://twitter.com/drupalsecurity [8]


[1] https://www.drupal.org/project/drupal
[2] https://symfony.com/cve-2018-14773
[3] https://framework.zend.com/security/advisory/ZF2018-01
[4] https://www.drupal.org/contact
[5] https://www.drupal.org/security-team
[6] https://www.drupal.org/writing-secure-code
[7] https://www.drupal.org/security/secure-configuration
[8] https://twitter.com/drupalsecurity

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news

  • [IT-SecNots] [Security-news] Drupal Core - 3rd-party libraries -SA-CORE-2018-005, security-news, 01.08.2018

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang