[IDA] All sites updated, Core/Module security vulnerabilities

  • Posted on: 20 February 2019
  • By: Michael

Hello All,

Your Drupal site has been updated today for one or more of the following:

- Drupal core - Highly critical - Remote Code Execution
https://www.drupal.org/sa-core-2019-003

- Font Awesome Icons - Critical - Remote Code Execution
https://www.drupal.org/sa-contrib-2019-025

- Translation Management Tool - Critical - Remote Code Execution
https://www.drupal.org/sa-contrib-2019-024

- Paragraphs - Critical - Remote Code Execution
https://www.drupal.org/sa-contrib-2019-023

- Video - Critical - Remote Code Execution
https://www.drupal.org/sa-contrib-2019-022

- Metatag - Critical - Remote code execution
https://www.drupal.org/sa-contrib-2019-021

- Link - Critical - Remote Code Execution
https://www.drupal.org/sa-contrib-2019-020

- JSON:API - Highly critical - Remote code execution
https://www.drupal.org/sa-contrib-2019-019

- RESTful Web Services - Critical - Access bypass
https://www.drupal.org/sa-contrib-2019-018

# # # # #

These security issues affect all sites.  We apply all security releases
immediately to address as best as possible as yet undiscovered security
issues.

# # #

[ X ]
Other available module updates were not applied at this time.  Your full
update will be performed at your regularly scheduled time.

# # #

[ X ]
All other available, non-blacklisted [1], module updates were applied at the
same time.  If you have the:

* Webform and/or
* Media

modules on your site they (and their associated support modules) were updated
at this time.  Please run though a test submission and/or post to verify your
specific Webform and/or WYSIWYG setups are functioning correctly.

If you have the:

* Nodeaccess

modules on your site it was updated at this time.  Your Node Access
Permissions were rebuilt after the module update.  Please verify your node
(aka webpage) Grants are functioning correctly.

This full update will fulfill your regularly scheduled quarterly site update.

# # # # #

IDA routine QA has been applied, but please do preform your individual QA(s).  
If you find any issues, send them my way. [2]

Best Regards Everyone,

Michael

Internet Design Alliance, owner
http://inet-design.com/
Hours (US CST):  Mon - Thur, 8am - 6pm | Fri, 8am - Noon
Emergency calls:  24x7

[1] Blacklisted modules are updated as soon as the issue(s) causing them to be
blacklisted is resolved, and do not affect your quarterly site update
schedule.

[2] As always full site backups are made prior to any maintenance.  This
allows for a full rollback so problematic modules can be isolated and
successful modules can be updated normally.

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
CAPTCHA
You know what to do... (an image you see? there is one finger less than two hands of items to find.)
Image CAPTCHA
Enter the characters shown in the image.