PHP Attack Puts WordPress and Drupal at Risk
All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.
The WordPress and Drupal websites are warning of a newly discovered flaw that could make these leading content management systems susceptible to a denial of service attack. The so-called XML Quadratic Blowup Attack, which was discovered by security expert Nir Goldshlager, affects the PHP XML module, which is included with both WordPress and Drupal. The attack distorts the memory limit, consuming all memory and bringing down the system.
According to the blog post, this attack can work on a default installation of Drupal or WordPress and requires only one attacking computer to trigger the exploit. The popularity of both CMS systems means that this attack could affect thousands, or even millions of websites.
Patches have already been released at both the Drupal and WordPress websites. Users are advised to update as soon as possible.
Issue 220/2019
Buy this issue as a PDF
News
-
Kali Linux 2019.1 Released
The favorite Linux distro of Mr. Robot gets the first update of 2019.
-
Linux Foundation Releases a new Draft of OpenChain Spec
OpenChain provides a standard for open source compliance throughout the software supply chain.
-
Linux Kernel Continues To Offer Mitigation for Spectre Mitigation
Kernel 4.19 has added another family of Spectre vulnerabilities to its list of mitigating the mitigation.
-
SpeakUp Trojan Targets Linux Servers
It’s exploiting a known vulnerability.
-
KDE Plasma 5.15 Beta Arrives
Major improvements to software management.
-
Canonical Announces Latest Ubuntu Core for IoT
Now offers 10 years of support.
-
GitHub Offers Free Private Repositories
Popular source code collaboration site makes a major change to feature set.
-
Linus Torvalds Welcomes 2019 with Linux 5.x
Better support for GPUs and CPUs.
-
Keep your edge with these powerful Linux administration tools:
Keep All Your Linux Servers in Check
Watching the Bad Guys with Cowrie
Become a certified Linux Admin professional with the Linux Professional Institute LPIC-1 Systems Administrator certification.
-
Microsoft Gets an Open Source Web Browser
The company will use Google Chromium web browser as the foundation for its next browser.