Explore top 10 tips to secure your open-source projects now. Read More
×The Debian Project recently unveiled Debian 12.8 as the eighth update of its stable distribution, Debian 12, codenamed "Bookworm." While not technically a new release of Debian 12, Debian 12.8 nonetheless features important security fixes and corrections across various packages in Debian 12. . In this article, I'll provide an in-depth overview of what can be expected in this point release. I'll then explain how you can upgrade to Debian 12.8 to take advantage of the security fixes and updates introduced. Let's begin by examining the notable features and capabilities of Debian 12.8 "Bookworm." Key Features and Capabilities of Debian 12.8 "Bookworm" Debian 12.8 "Bookworm" continues the robust and dependable experience users have come to expect from Debian distributions. This release's primary emphasis is maintenance and security to ensure the system remains efficient and safe for its users. Debian 12.8's signature features and capabilities include its unparalleled stability, demonstrated by significant updates and bug fixes that correct existing issues without creating new instabilities. Security remains at the core of everything it does - evidenced by 50 security updates addressing various vulnerabilities. This update enhances package integrity by targeting specific packages to strengthen their functionality and security and ensure seamless integration into the ecosystem. One of the notable aspects is the ease of upgrade. Thanks to an up-to-date mirror, users can quickly upgrade to the latest point release without needing a fresh installation. Comprehensive bug fixes are also an integral component, with 68 bugs addressed, ranging from minor issues to critical fixes that significantly improve user experience. Notable Security Issues Addressed in Debian 12.8 Security updates are vitally important to any operating system, and Debian 12.8 stands out in this area by offering solutions for numerous vulnerabilities to ensure system integrity and prevent known exploits. Critical security updatesinclude fixes to address CVE-2023-52168 and CVE-2023-52169 issues in 7zip's NTFS handler's heap buffer overflow and out-of-bounds read problems, respectively, while ClamAV , updates such as CVE-2024-20505 and CVE-2024-20506 mitigate denial of service vulnerabilities as well as file corruption vulnerabilities. Amanda package updates complete a fix for CVE-2022-37704 , restoring operation with xfsdump. In addition, CVE-2024-8096 corrects curl's handling of specific OCSP responses, while CVE-2024-28182 addresses a denial-of-service issue in the nghttp2 package. Additionally, updates to the Linux Kernel ABI version 6.1.0-27 ensure compatibility between software and hardware components and further security measures designed to defend Debian 12.8 "Bookworm" against potential threats while taking advantage of all available protocols and patches. Debian 12.8 brings with it not only security enhancements but also numerous necessary corrections across several packages. For instance, NTFS-3g updates address use-after-free issues in ntfs-uppercase-mbs and change the fuse classification to Depends. OpenSSL package now includes the most upstream release, which addresses buffer overread and out-of-bounds memory access vulnerabilities. SQLite3 addresses buffer overreads, integer overflows, and stack overflows, while Systemd's new stable release provides improved system initialization and service management. Python3.11 fixes regression issues related to ReDoS vulnerabilities found within specially crafted tar archives. Furthermore, its comprehensive list of bug fixes significantly increases system reliability, from minor adjustments like correcting path information in the notify-osd desktop launcher file to critical fixes like preventing Python packages from experiencing NULL dereferencing crashes. How to Upgrade to Debian 12.8 Upgrading to Debian 12.8 is an effortless process designed to minimize disruption for users and administrators. Before beginning, existing system packages must beup-to-date. This can be accomplished using the sudo apt update and sudo apt upgrade commands. To change to a stable mirror, you must modify your /etc/apt/sources.list file with appropriate entries from Debian mirrors. Visit the Debian mirror list for a comprehensive list of mirrors. Once your mirror has been updated, use sudo apt update followed by sudo apt full-upgrade to complete a system upgrade and install the latest point release. Reboot your system using the sudo reboot command to apply all changes made with these steps and benefit from all the latest fixes and security updates in Debian 12.8 without reinstalling the operating system from scratch. Our Final Thoughts on the Significance of This Release Debian 12.8 "Bookworm" showcases the Debian Project's dedication to creating a secure, stable, and reliable operating system. Containing 68 bug fixes and 50 security updates, this point release strives to enhance user experiences by improving quality and security. We encourage users and system administrators to upgrade to maximize the benefit from these improvements. Debian continues to develop operating systems that balance robustness with cutting-edge innovations, and Debian 12.8 "Bookworm" is proof. Have you upgraded to Debian 12.8? What is your opinion on these changes and fixes? Connect with us @lnxsec and let us know! . Ubuntu 22.04 improves performance and reliability through essential patches and enhancements. Update your system today to ensure protection!. Debian 12.8, security updates, bug fixes, system upgrades, Linux fixes. . Brittany Day
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium vulnerabilities that threaten user safety and privacy. Chromium is the open-source web browser project that is the basis of Chrome and many other widely used browsers. . These issues highlight the struggle between providing user-friendly software and protecting it with robust security measures. I'll explain these recent vulnerabilities in more depth, help you determine if you are at risk, and explain how to update Chrome to protect your privacy and security online. Unpacking These Recent Chromium Vulnerabilities Google released a critical security update to Google Chrome on August 6, 2024, to address a series of vulnerabilities that potentially allowed attackers to install malicious code on users' systems. Linux version 127.0.6533.99 aims to address these flaws. CVE-2024-7532 was identified as the most severe vulnerability involving out-of-bounds memory access in ANGLE (Almost Native Graphics Layer Engine). Considered critical, this flaw could enable attackers to execute arbitrary code, and cause system crashes. Apart from CVE-2024-7532, the update includes resolution for several high-severity issues: CVE-2024-7533 is a use-after-free vulnerability in the Sharing feature. CVE-2024-7550 is a type confusion flaw in the V8 JavaScript engine. CVE-2024-7534 is a heap buffer overflow in the Layout component CVE-2024-7535 represents inappropriate implementation in V8. CVE-2024-7536 involves WebAudio use-after-free vulnerabilities that enable malicious actors to gain unauthorized access, access sensitive data, or inject and execute arbitrary malicious code. Impact and Risk Evaluation Due to Chrome's widespread usage across platforms, these vulnerabilities have far-reaching ramifications. One immediate risk for individual users lies in their privacy and security. If their browser session becomes hijacked, personal andfinancial data could be stolen, and unwanted actions could be taken on their behalf. Organizations that rely heavily on web applications for operations are especially at risk since security flaws in these apps could allow attackers to penetrate organizational networks and steal sensitive data. This risk is especially acute in finance, healthcare, and government services. Any user, small business owner, or large enterprise using unpatched versions of Google Chrome could be susceptible to these vulnerabilities. This includes individual users and businesses without rapid update policies in place. Why Are Timely Updates Essential & How Can I Update Chrome on Linux? These vulnerabilities have been addressed with Google's recent Chrome update . Updating immediately is an essential preventative measure against potential attacks. Google did not reveal specifics regarding each vulnerability to protect against further exploitation. Instead, it is relying on users updating their browsers to protect themselves. Updating Google Chrome on Linux can be an effortless but effective way of protecting against vulnerabilities that exist within it. Here's how to update: Launch Google Chrome: Launching the Chrome browser is the first step in getting Google Chrome up and running. Access the Menu: To open, click on the three-dot menu in your browser's top-right corner. Navigating to Help: Navigate to Google Chrome > About, and your browser will take you directly to a page that displays its current version and checks for updates. Automatic Update: If an update is available, Chrome will begin the update process automatically. Wait for it to download and install before taking action. Restart Chrome: Once the update is installed, the browser must be relaunched to complete it successfully. An icon will remind you when it is ready and to relaunch immediately afterward. Verifying Your Updates: To ensure the update has taken effect, visit Help > About Google Chrome to view its updatedversion number. Our Final Thoughts on These Severe Chromium Bugs Chromium vulnerabilities are a stark reminder of the perils inherent to digital security and highlight the necessity of constant vigilance. Users can significantly mitigate risks by understanding these vulnerabilities and possible repercussions and updating their systems with security patches . Linux users should follow this straightforward update process to safeguard their digital privacy and security. Staying informed and proactive is critical in protecting our digital lives! . Enhance your system's security with Chromium by ensuring that Google Chrome is freshly updated on Linux. Safeguard your privacy and maintain user safety efficiently.. Google Chrome Security, Chromium Update, User Privacy Measures, Cybersecurity Risks. . Brittany Day
The Curl application is a tool many software programs use to transmit various types of data to and from servers. It's essentially a workhorse allowing the other programs on your computer to communicate with the internet in a standard and efficient manner. . However, a security vulnerability, officially known as CVE-2023-38545 , was recently discovered in Curl. This vulnerability is associated with the handling of unusually long hostnames during a process called a SOCKS5 proxy handshake, which is a common procedure for setting up network connections. Due to this vulnerability, if Curl encounters a hostname that is excessively long, it could lead to a scenario commonly referred to as a "buffer overflow". This happens when the data exceeds the space that was initially allocated for it, and it can potentially harm the system. As a user, you must be aware that any software, apps, or applications on your system using Curl could become a point of attack from malicious entities, who could potentially exploit this vulnerability for nefarious purposes, such as unauthorized acce ss or manipulation of data. To rectify this issue and protect itself from potential attacks, Curl has released an update, version 8.4.0, which includes a fix for this buffer overflow problem. Meanwhile, on the feature side, Curl 8.4 supports IPFS protocols via HTTP gateways. Curl 8.4 also drops support for legacy MinGW.org toolchains. By upgrading to this version or a later one, you'd be patching this vulnerability, thereby preventing the potential risks associated with it. This is why it's important that individuals using Curl update to the latest version. It's a matter of practicing good digital hygiene, like locking your house door when you leave, and ensuring you're doing everything possible to keep potential intruders out. In the digital world, this often means keeping our software updated and patched against known vulnerabilities. So, it's highly recommended that you upgrade Curl to keep your system secure. More details on all of the Curl 8.4 changes via Curl.se . Debian , Fedora , Mageia , Slackware , and Ubuntu have released advisory updates addressing this issue. Given this vulnerability's severe threat to impacted systems, if left unpatched, we urge all affected users to apply these updates as soon as possible to protect against arbitrary code execution, potentially leading to the compromise of your critical systems and sensitive data. To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user , subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems. Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s) . . It is advisable for users to update to Curl version 8.4 to address CVE-2023-38545, bolstering protection against potential vulnerabilities.. Curl Update,Buffers,Security Patch,Open Source Software. . Brittany Day
Developers behind the open source library described one Curl vulnerability as one of the worst they've ever encountered. . The developers behind the Curl library are set to release a patch for two as-yet-undisclosed vulnerabilities that present a serious risk to the thousands of software applications that use the library every day. Curl 8.4.0 will drop at 6:00 UTC on October 11, less than a month after the release of Curl 8.3.0, in a scramble to address the flaws before attackers can exploit them. The vulnerabilities are tracked as CVE-2023-38545 and CVE-2023-38546, with severity ratings of ‘high’ and ‘low’ respectively. Curl creator Daniel Stenberg stated that CVE-2023-38545 is “probably the worst curl security flaw in a long time”. . The team behind Curl is deploying immediate updates to address severe security flaws impacting a wide array of software packages.. Curl Patches, Open Source Security, Software Vulnerabilities, Curl Library, Security Updates. . Brittany Day
Ahead of the Linux 6.5-rc2 release tomorrow there was a set of x86/x86_64 kernel changes merged overnight to deal with some weaknesses in the kernel's Control Flow Integrity (kCFI) / FineIBT (Indirect Branch Tracking) code. . Going back to the Linux 6.1 days there has been the kernel Control Flow Integrity code in good shape as a replacement to prior CFI code. Since Linux 6.2 has also been FineIBT as an alternative CFI scheme that uses the compiler-provided kCFI paired with hardware Control-Flow Integrity provided by Intel's Indirect Branch Tracking. These efforts are to thwart control-flow hijacking attacks on the kernel but recently some weaknesses were discovered in the kernel's code. Merged overnight is new code to deal with those weaknesses and part of resolving the weaknesses are rewriting some of the Assembly code into C. The link for this article located at Phoronix is no longer available. . Recent updates to the kernel target vulnerabilities in Control Flow Integrity, enhancing protection against potential threats.. Control Flow Integrity, Linux Kernel Security, Assembly Code Rewrite, Cyber Defense Strategies. . LinuxSecurity.com Team
A security flaw in a bundle anti-malware scanner product has created a serious security risk for some products from networking giant Cisco. . More particularly, a vulnerability in the ClamAV scanning library (tracked as CVE-2023-20032) created a critical security risk for Cisco’s Secure Web Appliance as well as various versions of Cisco Secure Endpoint (including Windows, MacOS, Linux, and cloud). Cisco released an advisory on the vulnerability – alongside patches for affected products – last week. Although the vulnerability is not under active attack, patching is nonetheless recommended. The partition scanning buffer overflow vulnerability poses a critical risk to vulnerable technologies. . A security loophole in Cisco's ClamAV presents severe threats; immediate updates are advised for every impacted unit.. Cisco ClamAV Vulnerability, Patching Network Devices, Security Flaw in Anti-Malware. . Brittany Day
Canonical has released a new Linux kernel security updates for all supported Ubuntu LTS releases to address up to 16 vulnerabilities discovered by various security researchers. . The new Linux kernel security updates are about one month after the previous kernel update , which patched the recently disclosed Wi-Fi driver stack vulnerabilities, and are available only for all supported Ubuntu LTS (Long-Term Support) versions, including Ubuntu 22.04 LTS (Jammy Jellyfish), Ubuntu 20.04 LTS (Focal Fossa), and Ubuntu 18.04 LTS (Bionic Beaver). Fixed in this new Linux kernel update are a total of 16 vulnerabilities, including five that are common to all supported Ubuntu releases. These are CVE-2022-2978 , a use-after-free vulnerability discovered by Hao Sun and Jiacheng Xu in the NILFS file system implementation that could allow a local attacker to crash the system or execute arbitrary code, CVE-2022-3028 , a race condition discovered by Abhishek Shah in the PF_KEYv2 implementation that could allow a local attacker to expose sensitive information (kernel memory) or crash the system, and CVE-2022-3635 , a use-after-free vulnerability discovered in the IDT 77252 ATM PCI device driver that could allow a local attacker to crash the system or execute arbitrary code. The link for this article located at 9 to 5 Linux is no longer available. . Canonical has rolled out fresh updates for the Linux kernel to fix 16 security flaws affecting all supported Ubuntu LTS versions.. Ubuntu Kernel Updates, System Security Patch, LTS Security Fixes. . Brittany Day
British Linux distributor Canonical is releasing security updates to the Linux kernel for Ubuntu 22.04 LTS (“Jammy Jellyfish”) and Ubuntu 20.04 LTS (“Focal Fossa”), patching vulnerabilities in its operating systems. The vulnerabilities fixed could lead to a Denial of Service (DOS) lead. . The latest free operating system kernel Linux 5.15.0.46.46 for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS, which has also been upgraded to Linux kernel 5.15 LTS via the Hardware Enablement Stack (HWE), is now available for download and close the following Completely Eliminated Eight Distribution Vulnerabilities: Security Issues Canonical strongly recommends that all users immediately update the kernel packages of their systems running Ubuntu 22.04 LTS and Ubuntu 20.04 LTS as well as Linux 5.15 LTS to the new versions for security reasons. To do this, the following command can be run from the command line: sudo apt update && sudo apt full-upgrade The vulnerabilities open up to a local attacker who could specifically crash the system with a denial of service and run random malware on it to carry out. . Canonical issues security patches for Ubuntu 22.04 LTS and 20.04 LTS kernel versions, rectifying severe security flaws.. Ubuntu Kernel Security, Canonical Patches, Denial of Service Fixes, Kernel Updates. . Brittany Day
Get the latest Linux and open source security news straight to your inbox.