vm666, to php French

Charles Fol a présenté la faille #iconv (CVE-2024-2961) à #OffensiveCon le 10/05/2024. On n'a toujours pas de détails. On dirait bien qu'il n'y a pas d'attaques généralisées non plus.
Quelqu'un aurait vu des sites #PHP compromis via ce genre de chose récemment ? Ou pire ?

j3j5, to php
@j3j5@hachyderm.io avatar

tl;dr: upgrade glibc on your servers!

Summing it up, there's a vulnerability (CVE-2024-2961) on glibc that, apparently, can be used to get RCE on servers running PHP.
It's recommended that you update glibc to a patched version.

https://security-tracker.debian.org/tracker/CVE-2024-2961
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-2961

There's an upcoming talk on May 10 where the researcher will explain how it was used to hack PHP servers.

https://www.offensivecon.org/speakers/2024/charles-fol.html

slink, to random
@slink@fosstodon.org avatar

Another week, another new for

Today: character encoding conversions for

https://gitlab.com/uplex/varnish/libvmod-iconv

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • GTA5RPClips
  • thenastyranch
  • ethstaker
  • everett
  • Durango
  • rosin
  • InstantRegret
  • DreamBathrooms
  • magazineikmin
  • Youngstown
  • mdbf
  • slotface
  • tacticalgear
  • anitta
  • kavyap
  • tester
  • cubers
  • cisconetworking
  • ngwrru68w68
  • khanakhh
  • normalnudes
  • provamag3
  • Leos
  • modclub
  • osvaldo12
  • megavids
  • lostlight
  • All magazines
    •