{"id":1186,"date":"2018-04-19T16:15:21","date_gmt":"2018-04-19T21:15:21","guid":{"rendered":"https:\/\/cert.pa\/?p=1186"},"modified":"2018-04-19T16:15:21","modified_gmt":"2018-04-19T21:15:21","slug":"csirt-panama-aviso-2018-04-19-drupal-ckeditor-lanza-parche-de-seguridad","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=1186","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2018-04-19 Drupal-CKEditor lanza parche de seguridad"},"content":{"rendered":"<p><strong>CSIRT Panam\u00e1 Aviso 2018-04-19 Drupal- CKEditor lanza parche de seguridad<\/strong><\/p>\n<p>Gravedad: Cr\u00edtica<br \/>\nFecha de publicaci\u00f3n: 19 abril 2018<br \/>\nFecha de modificaci\u00f3n: 19 abril 2018<br \/>\n\u00daltima revisi\u00f3n: Revisi\u00f3n A.<br \/>\nFuente: www.drupal.org, ckeditor.com<\/p>\n<p><strong>Sistemas Afectados<\/strong><br \/>\nDrupal 8, CKEditor 4.5.11 y posterior.<\/p>\n<p><strong>I. Descripci\u00f3n<\/strong><br \/>\nCKEditor, es una biblioteca de JavaScript de terceros incluida en el n\u00facleo de Drupal, el cual anuncio el lanzamiento de CKEditor 4.9.2 que contiene una soluci\u00f3n de seguridad que corrige una vulnerabilidad de XSS (Cross Site Scripting) que se pod\u00edan ejecutar, utilizando las etiquetas &lt;imag&gt; del CKEditor.<\/p>\n<p><strong>I. Mitigaci\u00f3n<\/strong><br \/>\n\u2022 Si est\u00e1 utilizando Drupal 8, actualice a Drupal 8.5.2 o Drupal 8.4.7 .<br \/>\n\u2022 El m\u00f3dulo contribuido Drupal 7.x CKEditor no se ve afectado si est\u00e1 ejecutando el m\u00f3dulo 7.x-1.18 de CKEditor y est\u00e1 usando CKEditor desde la CDN, ya que actualmente utiliza una versi\u00f3n de la biblioteca CKEditor que no es vulnerable.<br \/>\n\u2022 Si instal\u00f3 CKEditor en Drupal 7 utilizando otro m\u00e9todo (por ejemplo, con el m\u00f3dulo WYSIWYG o el m\u00f3dulo CKEditor con CKEditor localmente) y est\u00e1 usando una versi\u00f3n de CKEditor desde 4.5.11 hasta 4.9.1, actualice el JavaScript descargando CKEditor 4.9.2 del sitio de CKEditor .<br \/>\n\u2022 https:\/\/ckeditor.com\/ckeditor-4\/download\/<\/p>\n<p><strong>II. Referencia a soluciones, herramientas e informaci\u00f3n<\/strong><br \/>\nhttps:\/\/ckeditor.com\/blog\/CKEditor-4.9.2-with-a-security-patch-released\/<br \/>\nhttps:\/\/www.drupal.org\/sa-core-2018-003<\/p>\n<p><strong>III. Informaci\u00f3n de contacto<\/strong><br \/>\nCSIRT PANAMA<br \/>\nAutoridad Nacional para la Innovaci\u00f3n Gubernamental<br \/>\nE-Mail: info@cert.pa<br \/>\nWeb: http:\/\/www.cert.pa<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CSIRT Panam\u00e1 Aviso 2018-04-19 Drupal- CKEditor lanza parche de seguridad Gravedad: Cr\u00edtica Fecha de publicaci\u00f3n: 19 abril 2018 Fecha de modificaci\u00f3n: 19 abril 2018 \u00daltima revisi\u00f3n: Revisi\u00f3n A. Fuente: www.drupal.org, ckeditor.com Sistemas Afectados Drupal 8,&#8230;<\/p>\n","protected":false},"author":4,"featured_media":941,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1186","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1186","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1186"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1186\/revisions"}],"predecessor-version":[{"id":1187,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1186\/revisions\/1187"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/941"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1186"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1186"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1186"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}