PHP Attack Puts WordPress and Drupal at Risk
All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.
The WordPress and Drupal websites are warning of a newly discovered flaw that could make these leading content management systems susceptible to a denial of service attack. The so-called XML Quadratic Blowup Attack, which was discovered by security expert Nir Goldshlager, affects the PHP XML module, which is included with both WordPress and Drupal. The attack distorts the memory limit, consuming all memory and bringing down the system.
According to the blog post, this attack can work on a default installation of Drupal or WordPress and requires only one attacking computer to trigger the exploit. The popularity of both CMS systems means that this attack could affect thousands, or even millions of websites.
Patches have already been released at both the Drupal and WordPress websites. Users are advised to update as soon as possible.
Issue 226/2019
Buy this issue as a PDF
News
-
Knoppix 8.6 Released
The latest version of the classic Live Linux comes with KDE Plasma 5.
-
openSUSE Board Gets a New Chairman
Richard Brown is replaced by Gerald Pfeifer.
-
Linux Mint 19.2 “Tina” Released
The latest version of Linux Mint brings many performance improvements.
-
Gnome and KDE Coming Together
The two major Linux projects will work together to create a compatible ecosystem.
-
Fedora CoreOS Preview Released
The new distribution from Red Hat is targeted at containerized workloads.
-
SUSE Appoints New CEO
Melissa Di Donato replaces Nils Brauckmann, who will retire and leave SUSE.
-
Debian Buster Arrives
The latest release of Debian comes with tightened security.
-
IBM Acquires Red Hat
Red Hat becomes an independent entity within IBM.
-
Raspberry Pi 4 Is Here
A new operating system has been released to support the new device.
-
Ubuntu Takes A U-Turn with 32-Bit Support
Canonical will continue to support legacy applications and libraries.