Distros are still releasing important updates addressing an actively exploited Linux kernel use after free vulnerability, as well as other high-impact bugs in the kernel that could result in memory exhaustion, system crashes, denial of service (DoS), the exposure of sensitive information, cross-site scripting (XSS) attacks, privilege escalation attacks, or the execution of arbitrary code. Find out if you are impacted, and how to secure your systems against these serious flaws.
If you haven’t heard, staying up-to-date on the latest advisories issued by your distro(s) just got easier and far more convenient with the creation of the @LS_advisories Twitter handle! LinuxSecurity Live Advisory Updates is a page that provides live updates on critical Linux security advisories issued by 15 popular Linux distros. Be sure to give it a follow to stay protected against vulnerabilities leading to crashes, malware attacks, the exposure of sensitive information, and other serious security threats.
Continue reading to learn about other significant issues that have been reported and fixed and how to secure against them. These include several important security vulnerabilities in Mozilla Firefox that could lead to potentially exploitable crashes, memory corruption and arbitrary code execution, as well as remotely exploitable flaws in Chromium that could result in crashes and the compromise of critical systems and sensitive data.
Yours in Open Source,
Linux KernelThe DiscoverySeveral high-impact security bugs were recently discovered in the Linux kernel. The Cybersecurity and Infrastructure Security Agency (CISA) has warned that a use after free vulnerability exists in the ALSA PCM package in the Linux Kernel (CVE-2023-0266), which has been added to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. An integer overflow vulnerability was also found in the Linux kernel through 6.1.5 (CVE-2023-23559), and it was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs (CVE-2022-2196). |
FirefoxThe DiscoverySeveral important security vulnerabilities have been discovered in Mozilla Firefox including incorrect code generation during JIT compilation (CVE-2023-25751) and memory safety bugs in Firefox 111 and Firefox ESR 102.9 (CVE-2023-28176).
The ImpactThese issues could result in potentially exploitable crashes, memory corruption and the execution of arbitrary code. The FixA Firefox security update that mitigates these bugs has now been released. With a high confidentiality, integrity and availability impact, it is critical that all impacted users apply the updates for Firefox issued by their distro(s) immediately to protect against downtime and compromise. Your Related Advisories:Register to Customize Your Advisories |
ChromiumThe DiscoverySeveral high-impact vulnerabilities have been found in Chromium. These issues include a remotely exploitable heap buffer overflow in Chrome prior to 112.0.5615.49 (CVE-2023-1810) and a remotely exploitable use after free vulnerability in Frames in Chrome prior to 112.0.5615.49 (CVE-2023-1811). |
