Security-related announcements, such as information on best practices. These posts by the Drupal security team are also sent to the security announcements e-mail list.

Drupal Core - Highly Critical - Public Service announcement - PSA-2014-003

This Public Service Announcement is a follow up to SA-CORE-2014-005 - Drupal core - SQL injection. This is not an announcement of a new vulnerability in Drupal.

DRUPAL-PSA-2014-002 - Drupal core - Information disclosure

  • Advisory ID: DRUPAL-PSA-2014-002
  • Project: Drupal core
  • Version: 6.x, 7.x
  • Date: 2014-May-21
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure

DRUPAL-PSA-2014-001 - Media - Access Bypass

  • Advisory ID: PSA-2014-001
  • Project: Media (third-party module)
  • Version: 7.x
  • Date: 2014-01-08
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access Bypass

PSA-2013-002: Direct download links available even during Drupal.org upgrade window

This is a short addition to the security announcements released on October 30th.

Due to Drupal.org's scheduled downtime on October 31, not all links in those mails may be available when you need them.

If you encounter this situation, please use the following direct URLs to the archives containing the updates.

PSA-2013-001: Drupal core - Users can insert hidden text and links

  • Advisory ID: PSA-2013-001
  • Project: Drupal core
  • Version: 6.x, 7.x
  • Date: 2013-September-04
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure

DRUPAL-PSA-2012-001 - localizations - Cross Site Scripting

  • Advisory ID: DRUPAL-PSA-2012-001
  • Version: 6.x, 7.x
  • Date: 2012-March-07
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

PSA-2012-001 - Hash DOS attack prevention with Suhosin needs a .htaccess edit

  • Advisory ID: DRUPAL-PSA-2012-001
  • Project: Drupal core
  • Version: 6.x, 7.x
  • Date: 2012-01-11
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Denial of Service

PSA-2011-002 - External libraries and plugins

  • Advisory ID: PSA-2011-002
  • Date: 2011-June-15
  • Project: External libraries and plugins

PSA-2011-001 - "Drupal security update" social engineering

  • Advisory ID: PSA-2011-001
  • Project: Drupal core and contrib
  • Versions: All versions
  • Date: 2011-February-17
  • Security risk: Not critical

PSA-2010-002 - Views - Administer views permission

  • Advisory ID: PSA-2010-002
  • Project: Views (third-party module)
  • Versions: 5.x, 6.x
  • Date: 2010-June-16
  • Security risk: Not critical

Pages

Subscribe with RSS Subscribe to Security public service announcements