Thank you for reading the LinuxSecurity Linux Advisory Watch newsletter! 

Today’s newsletter is sponsored by Uptycs. To close security observibility gaps across your cloud attack surface, check out the Uptycs Security Analytics Platform.

This week, important updates have been issued for Thunderbird, Firefox and libsndfile

We recommend that you visit our Advisories page frequently to see the latest security advisories that have been issued by your Linux distro(s). We also now offer the ability to personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select. 

On behalf of the LinuxSecurity.com administrative team, I would like to extend a warm welcome to our newly redesigned site!

Yours in Open Source,

Thunderbird
The Discovery 

Thunderbird

Multiple important security issues have been discovered in the Thunderbird mail and newsgroup client. These vulnerabilities include uninitialized memory in a canvas object (CVE-2021-29980), incorrect instruction reordering during JIT optimization (CVE-2021-29984), a race condition when resolving DNS names (CVE-2021-29986), incorrect style treatment (CVE-2021-29988), use-after-free media channels (CVE-2021-29985) and memory safety bugs (CVE-2021-29989).

The Impact

These flaws could result in memory corruption and the execution of arbitrary code.

The Fix

These problems have been fixed in Thunderbird version 78.13.0. Upgrade now to secure your system and prevent attacks.

Your Related Advisories:

Register to Customize Your Advisories

Firefox
The Discovery 

Firefox

Mozilla developers and community members have reported multiple remotely-exploitable memory safety bugs in Firefox before version 91 (CVE-2021-29980, CVE-2021-29981, CVE-2021-29982 and CVE-2021-29984).

The Impact

A remote attacker could exploit these issues to execute arbitrary code or trick the user into accepting additional site permissions through maliciously crafted webcontent.

The Fix

These problems have been fixed upstream in Firefox version 91.0. Upgrade Firefox to version 91.0-1 immediately to protect sensitive information and prevent system compromise.

# pacman -Syu "firefox>=91.0-1"

Your Related Advisories:

Register to Customize Your Advisories

libsndfile
The Discovery

Libsndfile

Four critical vulnerabilities have been discovered in the widely used libsndfile C library. They include a stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 (CVE-2018-13139), a NULL pointer dereference in the function sf_write_int in sndfile.c (CVE-2018-19432), a heap buffer overflow vulnerability in msadpcm_decode_block (CVE-2021-3246) and a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 (CVE-2018-19758).

The Impact

These issues allow remote attackers to cause denial of service (DoS) conditions.

The Fix

An update for libsndfile fixes these flaws. Users impacted by these dangerous vulnerabilities should apply updates released by their distro(s) promptly to protect the integrity and availability of their systems.

Your Related Advisories:

Register to Customize Your Advisories