Multiple high-severity vulnerabilities have been discovered in the Linux kernel that could lead to denial of service (DoS) attacks, the execution of arbitrary code and the exposure of sensitive information. Learn if you are at risk, and how to protect yourself now!

Important PHP and Sudo updates have also been released to mitigate issues that could result in privilege escalation, the compromise of sensitive information and files, and DoS attacks. It is crucial that all impacted users update immediately to protect against downtime and compromise.

Our own Dave Wreski also evaluated Vali Cyber's ZeroLock, the latest ransomware protection developed specifically for Linux servers, and how it can be used to keep your critical systems and sensitive data protected from the dramatic increase in attacks against Linux we've seen over the last year.

Continue reading to learn about other significant issues that have been fixed, and how to secure your systems against them.

Yours in Open Source,

Brittany Signature 150

Linux Kernel

The Discovery 

Several critical and high-severity security issues, including multiple use-after-free vulnerabilities and a stack-based buffer overflow vulnerability, were discovered in the Linux kernel.

LinuxKernel

The Impact

These flaws could result in denial of service (DoS) attacks, the execution of arbitrary code, or the exposure of sensitive information. 

The Fix

An important Linux kernel security update that fixes these dangerous bugs has been released. We urge all impacted users to update immediately to protect the integrity, confidentiality and availability of their critical systems and information.

Your Related Advisories:

Register to Customize Your Advisories

PHP

The Discovery 

Multiple security issues were found in PHP, including a critical vulnerability involving the incorrect handling of resolving long paths (CVE-2023-0568), and a high-severity bug involving the incorrect handling of a large number of field and file parts in HTTP form uploads (CVE-2023-0662).

PHP

The Impact

A remote attacker could possibly use these issues to obtain or modify sensitive information, or to cause PHP to consume resources, leading to denial of service (DoS).

The Fix

These flaws have now been fixed in PHP. We strongly recommend that all impacted users update now to protect against attacks leading to downtime and compromise.

Your Related Advisories:

Register to Customize Your Advisories

Sudo

The Discovery 

Two high-severity vulnerabilities were recently found in the widely used Sudo function. These flaws include a double-free vulnerability involving the incorrect handling of the per-command chroot feature (CVE-2023-27320), and a vulnerability in sudoedit (CVE-2023-22809).

Sudo Logo

The Impact

These issues could result in denial of service (DoS) or privilege escalation, or could enable a malicious user with sudoedit access to edit arbitrary files.

The Fix

Important security updates are available for Sudo that mitigate these bugs. We strongly recommend that all impacted users update now to protect the confidentiality, integrity and availability of their systems.

Your Related Advisories:

Register to Customize Your Advisories