Happy Friday fellow Linux geeks! This week, important updates have been issued for the Linux kernel, Apache HTTP Server and OpenVPN. Read on to learn about these vulnerabilities and how to secure your system against them.
Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
Linux KernelThe DiscoveryTwelve important security vulnerabilities have been found in the Linux kernel, including a buffer overflow in the st21nfca driver (CVE-2022-26490) and a use-after-free vulnerability in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (CVE-2022-0487). |
Apache HTTP ServerThe DiscoveryMultiple important vulnerabilities have been discovered in the Apache HTTP Server, including a heap out-of-bounds write in mod_sed (CVE-2022-23943), HTTP request smuggling due to incorrect error handling (CVE-2022-22720), use of uninitialized value of in r:parsebody in mod_lua (CVE-2022-22719) and possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721). The ImpactThese flaws could be exploited to carry out HTTP request smuggling attacks, buffer overflow attacks, and to potentially overwrite heap memory with attacker provided data. The FixAn update for apache2 fixes these issues. Update promptly to protect your systems against attacks and compromise. Your Related Advisories:Register to Customize Your Advisories |
OpenVPNThe DiscoveryAn authentication bypass vulnerability has been discovered in the external authentication plug-in for OpenVPN (CVE-2022-0547). The Impact
|
