Linux Advisory Watch: April 8, 2022

Advisories

Linux Advisory Watch: April 8, 2022

Happy Friday fellow Linux geeks! This week, important updates have been issued for the Linux kernel, Apache HTTP Server and OpenVPN. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150

Linux Kernel

The Discovery 

Twelve important security vulnerabilities have been found in the Linux kernel, including a buffer overflow in the st21nfca driver (CVE-2022-26490) and a use-after-free vulnerability in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (CVE-2022-0487).

LinuxKernel

The Impact

These issues could result in privilege escalation, buffer overflow attacks, denial of service (DoS), memory corruption and information leakage, among other threats.

The Fix

An update that fixes these dangerous kernel bugs is available. We strongly recommend updating now to protect the security, integrity and availability of your systems.

Your Related Advisories:

Register to Customize Your Advisories

Apache HTTP Server

The Discovery 

Multiple important vulnerabilities have been discovered in the Apache HTTP Server, including a heap out-of-bounds write in mod_sed (CVE-2022-23943), HTTP request smuggling due to incorrect error handling (CVE-2022-22720), use of uninitialized value of in r:parsebody in mod_lua (CVE-2022-22719) and possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721).
Apache2

The Impact

These flaws could be exploited to carry out HTTP request smuggling attacks, buffer overflow attacks, and to potentially overwrite heap memory with attacker provided data.

The Fix

An update for apache2 fixes these issues. Update promptly to protect your systems against attacks and compromise.

Your Related Advisories:

Register to Customize Your Advisories

OpenVPN

The Discovery

An authentication bypass vulnerability has been discovered in the external authentication plug-in for OpenVPN (CVE-2022-0547).

The ImpactOpenVPN

This flaw could result in authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which could allow an external user to be granted access with only partially correct credentials.

The Fix

An important OpenVPN update mitigates this issue. We recommend updating as soon as possible to protect your security and privacy online.

Your Related Advisories:

Register to Customize Your Advisories

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.