Thank you for reading the LinuxSecurity Linux Advisory Watch newsletter! 

Today’s newsletter is sponsored by Uptycs. To close security observibility gaps across your cloud attack surface, check out the Uptycs Security Analytics Platform.

This week, important updates have been issued for Firefox, Thunderbird and the cpio general file archiver utility.

We recommend that you visit our Advisories page frequently to see the latest security advisories that have been issued by your Linux distro(s). We also now offer the ability to personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select. 

On behalf of the LinuxSecurity.com administrative team, I would like to extend a warm welcome to our site!

Yours in Open Source,

Firefox

The Discovery 

Firefox

Various remotely-exploitable memory safety bugs in Firefox before version 91 have been discovered by Mozilla developers and community members (CVE-2021-29980, CVE-2021-29981, CVE-2021-29982 and CVE-2021-29984).

The Impact

A remote attacker could exploit these flaws to execute arbitrary code or trick users into accepting additional site permissions through maliciously crafted webcontent.

The Fix

These problems have been fixed upstream in Firefox version 91.0. Upgrade Firefox to version 91.0-1 immediately to protect sensitive data and prevent system compromise.

# pacman -Syu "firefox>=91.0-1"

Your Related Advisories:

Register to Customize Your Advisories

Thunderbird
The Discovery 

Thunderbird

Multiple important security vulnerabilities have been discovered in the Thunderbird mail and newsgroup client. These issues include uninitialized memory in a canvas object (CVE-2021-29980), incorrect instruction reordering during JIT optimization (CVE-2021-29984), a race condition when resolving DNS names (CVE-2021-29986), incorrect style treatment (CVE-2021-29988), use-after-free media channels (CVE-2021-29985) and memory safety bugs (CVE-2021-29989).

The Impact

These flaws could result in memory corruption and the execution of arbitrary code.

The Fix

These problems have been fixed in Thunderbird version 78.13.0. Upgrade to Thunderbird 78.13.0 now to protect the security and integrity of your system.

Your Related Advisories:

Register to Customize Your Advisories

cpio
The Discovery

SUSE

SUSE and openSUSE users are at heightened risk this week, as critical regressions in previous updates for the cpio general file archiver utility remedying CVE-2021-38185 have been discovered, leaving SUSE and openSUSE systems vulnerable to attack.

The Impact

These issues could result in remote code execution (RCE) due to an integer overflow, a segmentation fault in cpio and system crashes.

The Fix

SUSE and openSUSE have released updates fixing these regressions. We urge users to update immediately to protect against these serious threats to the security and availability of their systems.

Your Related Advisories:

Register to Customize Your Advisories