Advisory ID: 
BACKDROP-SA-CORE-2019-001
Date: 
Wednesday, Jan 16th, 2019
Vulnerability: 
Third Party Libraries
Versions affected: 
  • Backdrop core versions prior to 1.12.1 and 1.11.5

Backdrop core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Backdrop configurations. Refer to CVE-2018-1000888 for details.

Another SA was released today, see also:

Solution: 

Upgrade your site to the most recent version of Backdrop core.  Download available on the Backdrop CMS 1.12.1 release page.  See the update instructions, if needed.

Reported By: 
Fixed By: 
Coordinated By: