Linux Advisory Watch: April 22, 2022

Advisories

Linux Advisory Watch: April 22, 2022

Happy Friday fellow Linux geeks! This week, important updates have been issued for Subversion, Thunderbird and the Linux kernel. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150

Subversion

The Discovery 

Several important security vulnerabilities have been found in the Subversion version control system. It was discovered that Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules (CVE-2021-28544), and that Subversion's mod_dav_svn is prone to a use-after-free vulnerability when looking up path-based authorization rules (CVE-2022-24070).

Subversion

The Impact

These issues could result in denial of service (crash of HTTPD worker handling the request) and memory corruption.

The Fix

A Subversion security update fixes these flaws. Update now to protect the security, integrity and availability of your systems.

Your Related Advisories:

Register to Customize Your Advisories

Thunderbird

The Discovery 

Nine important security issues have been discovered in Mozilla Thunderbird.
Thunderbird

The Impact

These vulnerabilities could result in denial of service (DoS) or the execution of arbitrary code.

The Fix

A Thunderbird security update mitigates these flaws. Update promptly to protect your systems against potential attacks and compromise.

Your Related Advisories:

Register to Customize Your Advisories

Linux Kernel

The Discovery

Two important security bugs have been discovered in the Linux kernel. A buffer overflow vulnerability was found in IPsec ESP transformation code (CVE-2022-27666) and stale file descriptors on failed usercopy were also discovered (CVE-2022-22942).

The ImpactLinuxKernel

Exploitation of these vulnerabilities could result in privilege escalation attacks.

The Fix

A Linux kernel update that fixes these issues is now available. Update as soon as possible to protect against these dangerous flaws.

Your Related Advisories:

Register to Customize Your Advisories

 

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.