USN-6757-2: PHP vulnerabilities

Read Time:37 Second

USN-6757-1 fixed vulnerabilities in PHP. Unfortunately these fixes were incomplete for
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. This update fixes the problem.

Original advisory details:

It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. This issue only affected Ubuntu 20.04 LTS, and
Ubuntu 22.04 LTS. (CVE-2022-4900)

It was discovered that PHP incorrectly handled certain cookies.
An attacker could possibly use this issue to cookie by pass.
(CVE-2024-2756)

It was discovered that PHP incorrectly handled some passwords.
An attacker could possibly use this issue to cause an account takeover
attack. (CVE-2024-3096)

New Linux Rootkit

ELENOR-corp Ransomware Targets Healthcare Sector

Blue Shield of California Data Breach Affects 4.7 Million Members

Highest-Risk Security Flaw Found in Commvault Backup Solutions

Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks

Ransomware Attacks Fall Sharply in March

ETSI Unveils New Baseline Requirements for Securing AI

Ofcom Lays Down the Law with Child Safety Rules for Tech Giants

Smashing Security podcast #414: Zoom.. just one click and your data goes boom!

USN-7449-2: Linux kernel (HWE) vulnerabilities

USN-7463-1: Linux kernel (IBM) vulnerabilities

xz-5.8.1-2.fc42

USN-7462-2: Linux kernel (AWS FIPS) vulnerabilities

USN-7462-1: Linux kernel vulnerabilities

USN-7461-2: Linux kernel (FIPS) vulnerabilities