Drupal releases fix for critical vulnerability with known exploits

Drupal has released a security update to address a critical vulnerability in a third-party library. The vulnerability is caused by a bug in the PEAR Archive_Tar library used by the CMS tracked as CVE-2020-36193. The bug causes out-of-path extraction vulnerabilities via “write operations with Directory Traversal due to inadequate checking of symbolic links”” The vulnerability requires access to user accounts with basic permissions on servers with uncommon module configurations. The CMS is used by roughly 2.4% of all sites with content management systems

Source:

Something Fresh

What to Know About The Jamaica Data Protection Act

St Vincent and the Grenadines embracing CariSECURE

Jamaica's Gov’t Looking to Finalize Data Protection Act Regulations

What People Reading

Feedback and data-driven updates to Googles disclosure policy

RSA: Geolocation shows just how dead privacy is

Intel Confirms Unauthorized Access of Earnings-Related Data

Launching AnonLeaks, Ready To Dump More HBGary E-mails!

Complacency Increases Security Risk

Categories

Partners

Just add here your partners image or promo text