Discover Security Vulnerabilities News
Critical PHP Info Disclosure, Code Execution Bugs Fixed
Two major security vulnerabilities were recently discovered in PHP. It was discovered that PHP incorrectly handled certain XML files (CVE-2023-3823) and certain PHAR files (CVE-2023-3824). Due to their ease of exploitation and the severe threat that these issues pose to impacted systems, these vulnerabilities have been rated by the National Vulnerability Database as High-Severity and Critcial, respectively.
These flaws could result in the exposure of sensitive information, crashes, or arbitrary code execution.
Important updates for PHP that fix these significant issues have been released. We urge all impacted users to apply the updates released by Debian LTS, Fedora, Mageia, SUSE, and Ubuntu immediately to protect against attacks leading to data compromise, loss of system access, and other severe repercussions.
To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user, subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.
Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).