anru
varishangout.com
This month of April has been a disaster for software security because of the number (and severity) of exploits occurring left and right all around us.
XZ Compression Exploit:
https://www.openwall.com/lists/oss-security/2024/03/29/4
https://nvd.nist.gov/vuln/detail/CVE-2024-3094
What it is and why it matters:
1. XZ is a file compression system that is very popular in the technology sphere, particularly Linux. This exploit to the compression software would grant the malicious hackers a backdoor into people's systems. It's so severe that the National Vulnerability Database ranks it a level 10 threat meaning that it's up there with the Log4js vulnerability!
2. XZ versions >= 5.6.0 are affected in the following Linux distributions: Red Hat (Not RHEL), Fedora 41, Fedora Rawhide, OpenSUSE, Debian testing/unstable/experimental, and Kali LInux are affected.
PHP Severe Security Flaw:
What it is and why it is important:
1. This is a bug that was found 24 years ago inside of the GNU C Library and it was for the most part ignored because it didn't pose any real sort of security vulnerabilities up until now. This exploit allows hackers to take over any PHP application in existence! It affects glibc versions >=2.39, basically almost every glibc version on any internet users computer.
2. This bug occurs during glibc's internationalization conversion function, it's a function that converts between different character sets, and it's the Chinese character set (ISO-2022-CN-EXT) that triggers this bug.
3. This allowed an overflow of a few bytes, which is more than enough for hackers to run exploits and take over systems which are vulnuerable.
If you are affected by this, please follow the instructions provided to you via the developers of these softwares on what to do for exploit mitigation. Take care of your computer and it'll take care of you.
XZ Compression Exploit:
https://www.openwall.com/lists/oss-security/2024/03/29/4
https://nvd.nist.gov/vuln/detail/CVE-2024-3094
What it is and why it matters:
1. XZ is a file compression system that is very popular in the technology sphere, particularly Linux. This exploit to the compression software would grant the malicious hackers a backdoor into people's systems. It's so severe that the National Vulnerability Database ranks it a level 10 threat meaning that it's up there with the Log4js vulnerability!
2. XZ versions >= 5.6.0 are affected in the following Linux distributions: Red Hat (Not RHEL), Fedora 41, Fedora Rawhide, OpenSUSE, Debian testing/unstable/experimental, and Kali LInux are affected.
PHP Severe Security Flaw:
What it is and why it is important:
1. This is a bug that was found 24 years ago inside of the GNU C Library and it was for the most part ignored because it didn't pose any real sort of security vulnerabilities up until now. This exploit allows hackers to take over any PHP application in existence! It affects glibc versions >=2.39, basically almost every glibc version on any internet users computer.
2. This bug occurs during glibc's internationalization conversion function, it's a function that converts between different character sets, and it's the Chinese character set (ISO-2022-CN-EXT) that triggers this bug.
3. This allowed an overflow of a few bytes, which is more than enough for hackers to run exploits and take over systems which are vulnuerable.
If you are affected by this, please follow the instructions provided to you via the developers of these softwares on what to do for exploit mitigation. Take care of your computer and it'll take care of you.