Happy Friday fellow Linux geeks! This week, important updates have been issued for NTFS-3G, Chromium, and pcre2. Read on to learn about these vulnerabilities and how to secure your system against them.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
NTFS-3GThe DiscoverySeveral security issues were discovered in the NTFS-3G read/write NTFS driver for FUSE. It was discovered that NTFS-3G incorrectly handled certain return codes (CVE-2022-30783), certain NTFS disk images (CVE-2022-30784, CVE-2022-30786, CVE-2022-30788 and CVE-2022-30789), and certain file handles (CVE-2022-30785 and CVE-2022-30787). |
ChromiumThe DiscoverySix important security vulnerabilities have been found in Chromium (CVE-2022-2477, CVE-2022-2478, CVE-2022-2479, CVE-2022-2480, CVE-2022-2481 and CVE-2022-2163).
The ImpactThese bugs could allow a remote attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page UI interaction, or obtain sensitive information from internal file directories via a crafted HTML page. The FixAn update for Chromium fixes these issues. We recommend that you update promptly to protect against potential exploits. Your Related Advisories:Register to Customize Your Advisories |
pcre2The DiscoveryTwo important vulnerabilities have been discovered in the pcre2 library: an out-of-bounds read in JIT mode when \X is used in non-UTF mode (CVE-2019-20454), and an out-of-bounds read due to a bug in recursions (CVE-2022-1587). The ImpactThese issues could result in the compromise of sensitive information or denial of service (DoS) attacks. |
