Drupal 7.20 Released to Address DOS Vulnerability

Non-security fixes or new features are not included in the release

By Eduard Kovacs on February 21st, 2013 09:23 GMT

Drupal 7.20 has been released to fix a critical remotely-exploitable denial-of-service (DOS) vulnerability.

According to the developers, the latest update doesn’t include any new features or non-security-related fixes, but all users of Drupal 7.x are advised to install the latest version to prevent potential cybercriminal operations.

“Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load,” the vulnerability advisory released by Drupal reads.

It notes, “Either of these effects may lead to the site becoming unavailable or unresponsive.”

A CVE identifier has been requested for the flaw and it will be added once it’s issued.

Drupal is available for download here
Drupal 7.20 released
   Drupal 7.20 released
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments