Thursday, October 16, 2014

Drupal security fix SA-CORE-2014-005

The Drupal project has just released a new version that fixes a highly critical issue: SA-CORE-2014-005A vulnerability in the Drupal 7 API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution.

We have released BitNami Drupal 7.32 installers, virtual machines and Amazon EC2 images that fix this issue. We are continuing to work on upgrading other Drupal-based applications like CiviCRM and OpenAtrium.

You should patch your Drupal version as soon as possible. You can follow the step by step instructions at this blog post. Basically you will need to ssh to your machine, ssh to the Drupal installation directory and execute drush.

$ cd /opt/bitnami/apps/drupal/htdocs
$ drush up

If everything goes well you should see something similar to the following:

Project drupal was updated successfully. Installed version is now 7.32.
Backups were saved into the directory /home/bitnami/drush-backups/bitnami_drupal7/20141017020023/drupal.       [ok]
No database updates required                    [success]
'all' cache was cleared.                        [success]

Finished performing updates.                         [ok]

In case you were not familiar with Bitnami Drupal, it is a self-contained and easy to use distribution that makes it simple to start developing and deploying Drupal applications.