PHP is one of the most widely-used server-side scripting languages, but with great popularity comes great responsibility. We're here to alert you to one of the most serious vulnerabilities we've seen in PHP in quite some time. Attackers can exploit this vulnerability to expose sensitive information, crash your system, or even execute code on your servers. Scary stuff, right? But don't panic just yet. As LinuxSecurity.com Content Editor, I've got you covered! Read on to learn more about this critical PHP vulnerability and how you can ensure your systems are protected before it's too late.

We also have other significant discoveries and fixes for you, including mitigations for multiple severe, remotely exploitable Chromium vulnerabilities that could result in the execution of arbitrary code, denial of service (DoS), or information disclosure, and fixes for a DoS and information disclosure bug found in JOSE for C/C++. It's essential that you stay up-to-date on these issues to protect your system from any potential harm. 

Found this newsletter helpful? Please pay it forward and share it with a fellow security geek! We also welcome feedback on how we could improve our newsletters. If you have any comments or thoughts, please share them with us. Have a Linux security-related topic you'd like to cover and share with our audience? We welcome contributions from passionate community members like you!

Stay safe out there,

Brittany Signature 150

Chromium

The Discovery 

Multiple severe, remotely exploitable security vulnerabilities have been found in Chromium, including out-of-bounds memory access in V8, CSS, and Fonts (CVE-2023-4427, CVE-2023-4428, and CVE-2023-4431), and use after frees in Loader and Vulkan (CVE-2023-4429 and CVE-2023-4430). Because of the serious threat these bugs pose to the confidentiality, integrity, and availability of impacted systems and their ease of exploitation, they have all received a National Vulnerability Database severity rating of “High”.

Chromium

The Impact

These issues could result in the execution of arbitrary code, denial of service, or information disclosure.

The Fix

A Chromium security update that mitigates these dangerous flaws has been released. We strongly recommend that all impacted users apply these updates now to protect against attacks leading to loss of access to critical systems and the compromise of sensitive data.

Your Related Advisories:

Register to Customize Your Advisories

PHP

The Discovery 

Two major security vulnerabilities were recently discovered in PHP. It was discovered that PHP incorrectly handled certain XML files (CVE-2023-3823) and certain PHAR files (CVE-2023-3824). Due to their ease of exploitation and the severe threat that these issues pose to impacted systems, these vulnerabilities have been rated by the National Vulnerability Database as High-Severity and Critcial, respectively.

PHP

The Impact

These flaws could result in the exposure of sensitive information, crashes, or arbitrary code execution.

The Fix

Important updates for PHP that fix these significant issues have been released. We urge all impacted users to update immediately to protect against attacks leading to data compromise, loss of system access, and other severe repercussions.

Your Related Advisories:

Register to Customize Your Advisories

JOSE for C/C++

The Discovery 

It was discovered that JOSE for C/C++ AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE (CVE-2023-37464). This severe vulnerability is simple to exploit and threatens the integrity of impacted systems.

Jose

The Impact

An attacker could use this to cause a denial of service (system crash) or to expose sensitive information.

The Fix

Updates for JOSE for C/C++ that mitigate this dangerous bug have been released. We strongly recommend that all impacted users apply these updates as soon as possible to safeguard their sensitive data and protect against potential security issues.

Your Related Advisories:

Register to Customize Your Advisories