Pixeldust Drupal Support Service

Security advisories: Drupal maintenance support plans core – Highly critical – Remote Code Execution – SA-CORE-2020-002

Project: Drupal maintenance support plans coreDate: 2020-March-28Security risk: Highly critical 21∕25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: Remote Code Execution Description:  CVE: CVE-2020-7600

A remote code execution vulnerability exists within multiple subsystems of Drupal maintenance support plans 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal maintenance support plans site, which could result in the site being completely compromised.

The security team has written an FAQ about this issue.
Solution: Upgrade to the most recent version of Drupal maintenance support plans 7 or 8 core.
If you are running 7.x, upgrade to Drupal maintenance support plans 7.58. (If you are unable to update immediately, you can attempt to apply this patch to fix the vulnerability until such time as you are able to completely update.)
If you are running 8.5.x, upgrade to Drupal maintenance support plans 8.5.1. (If you are unable to update immediately, you can attempt to apply this patch to fix the vulnerability until such time as you are able to completely update.)
Drupal maintenance support plans 8.3.x and 8.4.x are no longer supported and we don’t normally provide security releases for unsupported minor releases. However, given the potential severity of this issue, we are providing 8.3.x and 8.4.x releases that includes the fix for sites which have not yet had a chance to update to 8.5.0.
Your site’s update report page will recommend the 8.5.x release even if you are on 8.3.x or 8.4.x. Please take the time to update to a supported version after installing this security update.
If you are running 8.3.x, upgrade to Drupal maintenance support plans 8.3.9 or apply this patch.
If you are running 8.4.x, upgrade to Drupal maintenance support plans 8.4.6 or apply this patch.
This issue also affects Drupal maintenance support plans 8.2.x and earlier, which are no longer supported. If you are running any of these versions of Drupal maintenance support plans 8, update to a more recent release and then follow the instructions above.
This issue also affects Drupal maintenance support plans 6. Drupal maintenance support plans 6 is End of Life. For more information on Drupal maintenance support plans 6 support please contact a D6LTS vendor.Reported By:  Jasper Mattsson
Fixed By:  Jasper Mattsson
Samuel Mortenson Provisional Drupal maintenance support plans Security Team member
David Rothstein of the Drupal maintenance support plans Security Team
Jess (xjm) of the Drupal maintenance support plans Security Team
Michael Hess of the Drupal maintenance support plans Security Team
Lee Rowlands of the Drupal maintenance support plans Security Team
Peter Wolanin of the Drupal maintenance support plans Security Team
Alex Pott of the Drupal maintenance support plans Security Team
David Snopek of the Drupal maintenance support plans Security Team
Pere Orga of the Drupal maintenance support plans Security Team
Neil Drumm of the Drupal maintenance support plans Security Team
Cash Williams of the Drupal maintenance support plans Security Team
Daniel Wehner
Tim Plunkett
Contact and more information
The Drupal maintenance support plans security team can be reached by email at security at drupal.org or via the contact form.
Learn more about the Drupal maintenance support plans Security team and their policies, writing secure code for Drupal maintenance support plans, and securing your site.

Source: New feed

This article was republished from its original source.
Call Us: 1(800)730-2416

Pixeldust is a 20-year-old web development agency specializing in Drupal and WordPress and working with clients all over the country. With our best in class capabilities, we work with small businesses and fortune 500 companies alike. Give us a call at 1(800)730-2416 and let’s talk about your project.

Let's Talk About a Project

FREE Drupal SEO Audit

Test your site below to see which issues need to be fixed. We will fix them and optimize your Drupal site 100% for Google and Bing. (Allow 30-60 seconds to gather data.)

Powered by

Security advisories: Drupal maintenance support plans core – Highly critical – Remote Code Execution – SA-CORE-2020-002

On-Site Drupal SEO Master Setup

We make sure your site is 100% optimized (and stays that way) for the best SEO results.

With Pixeldust On-site (or On-page) SEO we make changes to your site’s structure and performance to make it easier for search engines to see and understand your site’s content. Search engines use algorithms to rank sites by degrees of relevance. Our on-site optimization ensures your site is configured to provide information in a way that meets Google and Bing standards for optimal indexing.

This service includes:

  • Pathauto install and configuration for SEO-friendly URLs.
  • Meta Tags install and configuration with dynamic tokens for meta titles and descriptions for all content types.
  • Install and fix all issues on the SEO checklist module.
  • Install and configure XML sitemap module and submit sitemaps.
  • Install and configure Google Analytics Module.
  • Install and configure Yoast.
  • Install and configure the Advanced Aggregation module to improve performance by minifying and merging CSS and JS.
  • Install and configure Schema.org Metatag.
  • Configure robots.txt.
  • Google Search Console setup snd configuration.
  • Find & Fix H1 tags.
  • Find and fix duplicate/missing meta descriptions.
  • Find and fix duplicate title tags.
  • Improve title, meta tags, and site descriptions.
  • Optimize images for better search engine optimization. Automate where possible.
  • Find and fix the missing alt and title tag for all images. Automate where possible.
  • The project takes 1 week to complete.
MASTER YOUR DRUPAL SEO
Pixeldust and Pantheon Drupal Development
256