By 
It’s time you updated your Drupal-based blog or business website to the next available versions.
On Thursday, Drupal development team issued major security updates for its extensively used open-source content management software that highlights a serious and three “moderately critical” flaws in its central system.
The only advisory with serious severity comprises covers for numerous flaws in a third-party library, called ‘Archive_Tar,’ that Drupal Core uses for generating, listing, mining, and adding files to tar records.
The flaw exists in the way the affected library untar archives with symlinks, which, if abused, could let an attacker overwrite important files on a targeted server by uploading a spitefully crafted tar file.
It should be noted that due to this, the fault only affects Drupal websites that are configured to process .tar, .tar.gz, .bz2, or .tlz files uploaded by unreliable users.
Drupal developers, a proof-of-concept exploit for this susceptibility already exists; considering the fame of Drupal exploits among hackers, you may see hackers vigorously abusing this flaw to target Drupal websites.
In addition to this serious flaw, Drupal developers have also repaired three “moderately critical” flaws in its Core software.
Since a proof-of-concept occurs for the serious Drupal susceptibility, users running weak versions of Drupal are highly suggested to update their CMS to the latest Drupal core release as the earliest.
