Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework: vulnerabilities due to optimistic cross-site request forgery protection, insecure pseudo random number generation, code execution and incorrect security token validation. In order to avoid the remote code execution vulnerability, it is recommended to create a .htaccess file in each of your sites" "files" directories . Please refer to the NEWS file provided with this update and the upstream advisory at https://drupal.org/SA-CORE-2013-003 for further information.