LISTSERV - CAMPUSDEV-L Archives

CAMPUSDEV-L Archives

Discussion group for campus developers and other technologists.

CAMPUSDEV-L@LISTS.OU.EDU

	LISTSERV Archives
	CAMPUSDEV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show HTML Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	FW: Drupal Releases Public Service Announcement
From:	"Bailey, Chad A." <[log in to unmask]>
Reply To:	Discussion group for campus developers and other technologists.
Date:	Thu, 30 Oct 2014 15:31:47 +0000
Content-Type:	multipart/alternative
Parts/Attachments:	text/plain (2944 bytes) , text/html (7 kB)

Drupal released a security advisory on 10-15 (SA-CORE-2014-005). This vulnerability allows an attacker to send requests to a server that result in SQL injection. Within hours of the announcement they began seeing automated attacks compromising Drupal 7 websites. If you know anyone running Drupal 7 please make sure they are aware of this issue. If you think your site may be compromised please contact OUIT Security.

Kind Regards,
-Chad

Chad Bailey
Information Security Analyst
OU Information Technology

405.325.4904 | http://www.ou.edu/ouit

From: US-CERT <[log in to unmask]<mailto:[log in to unmask]>>
Reply-To: "[log in to unmask]<mailto:[log in to unmask]>" <[log in to unmask]<mailto:[log in to unmask]>>
Date: Wednesday, October 29, 2014 at 8:10 PM
To: Chad Bailey <[log in to unmask]<mailto:[log in to unmask]>>
Subject: Drupal Releases Public Service Announcement


[NCCIC / US-CERT]

National Cyber Awareness System:

Drupal Releases Public Service Announcement<https://www.us-cert.gov/ncas/current-activity/2014/10/29/Drupal-Releases-Public-Service-Announcement>
10/29/2014 08:14 PM EDT

Original release date: October 29, 2014

Drupal released a public service announcement to address active exploitations of a previously patched vulnerability found in Drupal core 7.x versions prior to 7.32.

US-CERT advises users and administrators to review Drupal's Public Service announcement <https://www.drupal.org/PSA-2014-003> and apply the necessary updates or workarounds.





________________________________

This product is provided subject to this Notification<http://www.us-cert.gov/privacy/notification> and this Privacy & Use<http://www.us-cert.gov/privacy/> policy.

________________________________
OTHER RESOURCES:
Contact Us<http://www.us-cert.gov/contact-us/> | Security Publications<http://www.us-cert.gov/security-publications> | Alerts and Tips<http://www.us-cert.gov/ncas> | Related Resources<http://www.us-cert.gov/related-resources>
STAY CONNECTED:
[Sign up for email updates]<http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new>

SUBSCRIBER SERVICES:
Manage Preferences<http://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/new?preferences=true>  |  Unsubscribe<[log in to unmask]" target="_blank">https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/one_click_unsubscribe?verification=5.3a2e9254b755e1fd8bca03ddbd755013&[log in to unmask]>  |  Help<https://subscriberhelp.govdelivery.com/>

________________________________
This email was sent to [log in to unmask]<mailto:[log in to unmask]> using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (703) 235-5110   [Powered by GovDelivery] <http://www.govdelivery.com/portals/powered-by>


########################################################################

To unsubscribe from the CAMPUSDEV-L list, click the following link:
http://lists.ou.edu/cgi-bin/wa?SUBED1=CAMPUSDEV-L

ATOM RSS1 RSS2

LISTS.OU.EDU