Drupal core – Critical – Third-party libraries – SA-CORE-2021-001

Otra petadita de las buenas … a actualizar pero ya. 7.78, 8.9.13, 9.0.11 y 9.1.3.

View online: https://www.drupal.org/sa-core-2021-001

Project: Drupal core [1]
Date: 2021-January-20
Security risk: *Critical* 18∕25
AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:Uncommon [2]
Vulnerability: Third-party libraries

Description:
The Drupal project uses the pear Archive_Tar library, which has released a
security update that impacts Drupal. For more information please see:

* CVE-2020-36193 [3]

Exploits may be possible if Drupal is configured to allow .tar, .tar.gz,
.bz2, or .tlz file uploads and processes them.

Solution:
Install the latest version:

* If you are using Drupal 9.1, update to Drupal 9.1.3 [4].
* If you are using Drupal 9.0, update to Drupal 9.0.11 [5].
* If you are using Drupal 8.9, update to Drupal 8.9.13 [6].
* If you are using Drupal 7, update to Drupal 7.78 [7].

Versions of Drupal 8 prior to 8.9.x are end-of-life and do not receive
security coverage.