Hello Linux users, 

A PHP code execution vulnerability is being swiftly weaponized to spread TellYouThePass ransomware. This flaw impacts PHP version 8.1. before 8.1.29, 8.2. before 8.2.20 and 8.3. before 8.3.8. It allows attackers to execute arbitrary PHP code on target systems, creating significant threats to web applications and servers.

Read on to learn how to secure your systems against this malicious bug. You’ll also get updates on other issues affecting your open-source programs and applications that threaten your sensitive data and system security.

If you gained valuable information from reading today’s newsletter, please share it with a fellow security geek. Do you have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from enthusiastic, insightful community members who share our love for Linux and security!

Stay safe out there,

Brittany Signature 150 Esm W150

PHP

The Discovery 

Malicious actors are exploiting a PHP code execution vulnerability to spread TellYouThePass ransomware. This flaw impacts PHP versions 8.1, before 8.1.29, 8.2, before 8.2.20, and 8.3. before 8.3.8.

PHP Esm W400

The Impact

This bug allows attackers to execute arbitrary PHP code on target systems, putting web applications and servers at risk of ransomware attacks.

The Fix

Important PHP security updates have been released to fix this issue. We strongly encourage all impacted users to update immediately to protect their critical systems and data against ransomware attacks.

Your Related Advisories:

[distro_list_1]

Linux Kernel

The Discovery 

A high-severity privilege elevation bug (CVE-2023-3390) has been identified in the Linux kernel. Proof-of-Concept (PoC) exploit for this vulnerability has significantly increased its risk, providing security researchers and malicious actors alike with the knowledge required to exploit it.

LinuxKernel Esm W206

The Impact

This flaw allows attackers to gain root access to impacted systems, leading to full system compromise, data theft, malware infections, and other threats.

The Fix

Essential Linux kernel security bug fixes have been released to mitigate this issue. We urge all impacted users to update as soon as possible to protect the security of their systems and sensitive information.

Your Related Advisories:

[distro_list_2]

Chromium

The Discovery 

Have you updated to protect against severe Chromium zero-day flaws that CISA recently added to its Known Exploited Vulnerabilities (KEV) catalog? According to CISA, "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise."

Chromium Esm W225

The Impact

These vulnerabilities could result in system disruption and data exposure.

The Fix

Chromium security patch updates have been released to mitigate these bugs. We strongly recommend that all impacted users update immediately to safeguard sensitive data and system availability.

Your Related Advisories:

[distro_list_3]