Can you imagine your world without the Internet?
I know it’s hard to imagine your life without the Internet, and the same was the case of two Ohio prisoners who built personal computers from parts from e-waste, hid them in the ceiling, and connected those PCs to the Internet via the prison’s network.
The incident occurred in 2015 but has now been made public by the State of Ohio’s Office of
In libsndfile before 1.0.28, an error in the “flac_buffer_copy()” function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
In libsndfile before 1.0.28, an error in the “flac_buffer_copy()” function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.
Open Atrium is a distribution the enables collaboration sites to be built. It contains several custom modules to provide various functionality. While content is often protected behind private groups, public content can also be shared. When using Open Atrium as an internal Intranet, this “public” content might be restricted to only logged in users by disabling anonymous access to the site.
The oa_core and oa_comment modules do not properly respect the “view published content” permission and allows anonymous users to view this “public” content regardless of the permission setting.
This only affects sites that have disabled the “view published content” permission for anonymous users, and only affects a small number of views.
Drupal core is not affected. If you do not use the contributed Open Atrium Core module, there is nothing you need to do.
Install the latest version of Open Atrium. Be sure to revert the following features:
oa_comments, oa_core, oa_news, oa_river, oa_section, oa_sections
Also see the Open Atrium project page.
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
Provide some more API for developer to work with Drupal 7.
The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466
Drupal core is not affected. If you do not use the contributed @Base module, there is nothing you need to do.
If you use the @Base module for Drupal you should uninstall it.
Also see the @Base project page.
Not applicable.
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
Provides integration between the Scheduler module and the Workbench Moderation module.
The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466
Drupal core is not affected. If you do not use the contributed Scheduler Workbench Integration module, there is nothing you need to do.
If you use the Scheduler Workbench Integration module for Drupal you should uninstall it.
Also see the Scheduler Workbench Integration project page.
Not applicable
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with “cmc” and “password” (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell.
Please note, the security team will not release information on this vulnerability for up to a month, the recommendation is to migrate. Emails asking for details on the vulnerability will not be responded to. If you would like to maintain the module, please follow the directions below.
This project provides D7 versions of the ‘node_reference’ and ‘user_reference’ field types, that were part of the CCK package in D6, at functional parity with the D6 counterparts.
The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466
Drupal core is not affected. If you do not use the contributed References module, there is nothing you need to do.
If you use the References module for Drupal you should uninstall it.
Also see the References project page.
Notably, if you started with References and need to maintain equivalent functionality, we recommend reviewing the feature set of Entity Reference. If Entity Reference can work for you, there is a Reference to EntityReference Field Migration module that can assist in the transition.
Not applicable
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
Easily create forms in Drupal that submit data to Filemaker databases which are hosted on Filemaker Server.
The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466
Drupal core is not affected. If you do not use the contributed Filemaker Form module, there is nothing you need to do.
If you use the Filemaker Form module for Drupal you should uninstall it.
Also see the Filemaker Form project page.
Not applicable
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
Displays your Terms & Conditions to users who want to register, and requires that they accept the T&C before their registration is accepted.
The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466
Drupal core is not affected. If you do not use the contributed Legal module, there is nothing you need to do.
If you use the Legal module for Drupal you should uninstall it.
Also see the Legal project page.
Not applicable
The Drupal security team can be reached at security at drupal.org or via
the contact form at https://www.drupal.org/contact.
Learn more about the
Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity