Home » News » Drupal Releases Security Updates

Dated: August 19, 2015

Description
Drupal has released security updates to address multiple vulnerabilities. The vulnerabilities fixed were critical like
– Cross Site Scripting – Ajax System (Drupal 7)
– Cross Site Scripting – Autocomplete system (Drupal 6 and 7)
– SQL Injection – Database API (Drupal 7)
– Cross Site Request Forgery – Form API – (Drupal 6 and 7)
– Information Disclosure in Menu Links – Access System – (Drupal 6 and 7)

Affected Versions
– Drupal core 6.x versions prior to 6.37
– Drupal core 7.x versions prior to 7.39

Recommendations
NUST CSIRT encourage web admins to install the latest version of Drupal by reviewing the security bulletin [1].
– If you use Drupal 6.x, upgrade to Drupal core 6.37 [2]
– If you use Drupal 7.x, upgrade to Drupal core 7.39 [3]

References
[1]. https://www.drupal.org/SA-CORE-2015-003
[2]. https://www.drupal.org/drupal-6.37-release-notes
[3]. https://www.drupal.org/drupal-7.39-release-notes
[4]. https://www.drupal.org/project/drupal