[kwlug-disc] Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002
Mark Steffen
rmarksteffen at gmail.com
Fri Mar 30 15:46:02 EDT 2018
Softaculous on our cPanel server (and everyone elses) was updated later in
the day after the exploit was discovered, so if you use a hosting company
that has an auto-installer like Softaculous it's a good idea to have "auto
update" enabled on all of your apps. I can't speak for some of the other
popular installers like Fantastico and Installatron but all should be
updated soon if they aren't already.
*Mark Steffen*
Office Direct: +1.226.476.1240 | Mobile: +1.226.600.0464
*"Don't believe everything you read on the Internet." -Abraham Lincoln*
On Fri, Mar 30, 2018 at 3:25 PM, Khalid Baheyeldin <kb at 2bits.com> wrote:
> If you don't want to read the code in the github repository for
> Drupalgeddon exploit from 2014, then here is a simplified overview of how
> the old and new exploits will work.
>
> https://www.freelock.com/blog/john-locke/2018-03/
> drupalgeddon2-should-i-worry-about-critical-security-updates
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20180330/7f5c9366/attachment.htm>
More information about the kwlug-disc
mailing list