{"id":2458,"date":"2020-11-27T17:08:05","date_gmt":"2020-11-27T22:08:05","guid":{"rendered":"https:\/\/cert.pa\/?p=2458"},"modified":"2023-01-24T09:55:31","modified_gmt":"2023-01-24T14:55:31","slug":"csirt-panama-aviso-2020-11-27-drupal-ejecucion-arbitraria-de-codigo-php","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=2458","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2020-11-27 Drupal-Ejecuci\u00f3n arbitraria de c\u00f3digo PHP"},"content":{"rendered":"\n<p>Gravedad: Alta                                                                                                   <br>Fecha de publicaci\u00f3n: 27 noviembre 2020<br>Portal: https:\/\/www.drupal.org\/<br>Sistemas Afectados: Drupal.<br>Vulnerabilidad: CVE-2020-28948, CVE-2020-28949<\/p>\n\n\n\n<p><br><strong> Descripci\u00f3n<\/strong><br>El proyecto Drupal utiliza la biblioteca PEAR Archive_Tar. La biblioteca PEAR Archive_Tar ha publicado una actualizaci\u00f3n de seguridad que afecta a Drupal. <br>Donde m\u00faltiples vulnerabilidades son posibles si Drupal est\u00e1 configurado para permitir la carga y proceso de los archivos .tar, .gz, .bz2 ,.tlz, <\/p>\n\n\n\n<p><strong>III. Referencia a soluciones, herramientas e informaci\u00f3n<\/strong><br>Para mitigar este problema, evite que los usuarios que no son de confianza carguen archivos: .tar .gz .bz2 .tlz<br>Se recomienda actualizar el gestor de contenido Drupal seg\u00fan cada versi\u00f3n, mediante su sitio oficial:<br> \u2022    Si est\u00e1 utilizando Drupal 9.0, actualice a Drupal 9.0.9<br> \u2022    Si est\u00e1 utilizando Drupal 8.9, actualice a Drupal 8.9.10<br> \u2022    Si est\u00e1 utilizando Drupal 8.8 o anterior, actualice a Drupal 8.8.12<br> \u2022    Si est\u00e1 utilizando Drupal 7, actualice a Drupal 7.75<\/p>\n\n\n\n<p>Las versiones de Drupal 8 anteriores a 8.8.x est\u00e1n al final de su vida \u00fatil y no reciben cobertura de seguridad.<\/p>\n\n\n\n<p><br> <strong>Fuentes:<\/strong><br> <a rel=\"noreferrer noopener\" aria-label=\"https:\/\/www.drupal.org\/sa-core-2020-013 (opens in a new tab)\" href=\"https:\/\/www.drupal.org\/sa-core-2020-013\" target=\"_blank\">https:\/\/www.drupal.org\/sa-core-2020-013<\/a><\/p>\n\n\n\n<p><br> <strong>Informaci\u00f3n de contacto<\/strong><br> CSIRT PANAMA<br> Computer Security Incident Response Team Autoridad Nacional para la Innovacion Gubernamental<br> E-Mail: info@cert.pa<br> Phone: +507 520-CERT (2378)<br> Web: https:\/\/cert.pa<br> Twitter: @CSIRTPanama<br> Key ID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Gravedad: Alta Fecha de publicaci\u00f3n: 27 noviembre 2020Portal: https:\/\/www.drupal.org\/Sistemas Afectados: Drupal.Vulnerabilidad: CVE-2020-28948, CVE-2020-28949 Descripci\u00f3nEl proyecto Drupal utiliza la biblioteca PEAR Archive_Tar. La biblioteca PEAR Archive_Tar ha publicado una actualizaci\u00f3n de seguridad que afecta a Drupal&#8230;.<\/p>\n","protected":false},"author":4,"featured_media":941,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-2458","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2458","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2458"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2458\/revisions"}],"predecessor-version":[{"id":2459,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2458\/revisions\/2459"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/941"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2458"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2458"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2458"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}