Zerolock 1 Security Done Right 1028x280 1676299316 Esm W690

A severe flaw in PHP could possibly allow applications to accept any password as valid, contrary to expectations, potentially leading to the compromise of critical systems and sensitive information. With a low attack complexity, no user interaction required, and a high confidentiality impact, it is crucial that all impacted users update immediately to protect the privacy and confidentiality of their systems and their sensitive data. Read on to learn if you are at risk, and how to update. Our experts also share best practices for PHP security that you don't want to miss!

We also examine WordPress's questionable security history, and what happens when we add on predictive analysis detection and automated remediation to find and fix new and known vulnerabilities. We put a few strategies to the test to find the best way to secure your WordPress install, and this one emerged as highly effective

Threat actors frequently exploit unpatched security vulnerabilities in software and applications to infect Linux systems with harmful malware, but what happens when we implement the ability to patch servers without having to reboot to address security issues before they are exploited by adversaries? The LinuxSecurity team put this approach to the test, and it proved to be highly effective in stopping Linux malware attacks.

Continue reading to learn about other significant issues that have been discovered and fixed in the open-source programs and applications you use.

Yours in Open Source,

Brittany Signature 150 Esm W150

Ruby

The Discovery 

Two important ReDoS issues have been found in the Ruby programming language; one in the URI component (CVE-2023-28755) and one in the Time component (CVE-2023-28756). It was discovered that the URI parser and the Time parser mishandle invalid URLs that have specific characters, causing an increase in execution time for parsing strings to URI and Time objects.

Ruby Esm W150

The Impact

An attacker could easily exploit these vulnerabilities to cause a denial of service (DoS) with no user interaction required.

The Fix

With a high availability impact, it is critical that all impacted users apply the Ruby updates issued but their distro(s) as soon as possible to protect against attacks leading to loss of access and potential compromise.

Your Related Advisories:

Register to Customize Your Advisories

WebKitGTK

The Discovery 

Several high-severity vulnerabilities have been found in the WebKitGTK web engine, including a use after free issue that may have been actively exploited (CVE-2023-28205).

Webkitgtk Esm W225

The Impact

These bugs could result in the exposure of sensitive information and the execution of arbitrary code. 

The Fix

With a low attack complexity, no privileges required to exploit, and a high confidentiality, integrity and availability impact, we strongly recommend that all impacted users apply the WebKitGTK updates issued but their distro(s) now to protect against attacks leading to downtime and the compromise of confidential information.

Your Related Advisories:

Register to Customize Your Advisories

PHP

The Discovery 

It was discovered that PHP could be made to bypass password checking if a specially crafted input was provided (CVE-2023-0567). This issue impacts PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3.

PHP Esm W306

The Impact

This flaw could possibly allow applications to accept any password as valid, contrary to expectations, potentially leading to the compromise of critical systems and sensitive information.

The Fix

With a low attack complexity, no user interaction required, and a high confidentiality impact, it is crucial that all impacted users apply the PHP updates issued but their distro(s) immediately to protect the privacy and confidentiality of their systems and their sensitive data. Our experts also share best practices for PHP security that you don't want to miss!

Your Related Advisories:

Register to Customize Your Advisories