Thank you for reading the LinuxSecurity Linux Advisory Watch newsletter! 

Today’s newsletter is sponsored by Uptycs. To close security observibility gaps across your cloud attack surface, check out the Uptycs Security Analytics Platform.

This week, important updates have been issued for OpenJDK, Lasso and Thunderbird.

We recommend that you visit our Advisories page frequently to see the latest security advisories that have been issued by your Linux distro(s). We also now offer the ability to personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select. 

On behalf of the LinuxSecurity.com administrative team, I would like to extend a warm welcome to our newly redesigned site!

Yours in Open Source,

Brittany Signature 150

OpenJDK

OpenJDK
The Discovery 

Several dangerous vulnerabilities have been discovered in the OpenJDK 11 Java Runtime Environment (CVE-2021-2341, CVE-2021-2369 and CVE-2021-2388).

The Impact

These issues could result in bypass of sandbox restrictions, incorrect validation of signed Jars, or information disclosure.

The Fix

We recommend that you upgrade your openjdk-11 packages to OpenJDK 11.0.12 (2021-07-20) immediately to mitigate these flaws.

Your Related Advisories:

Register to Customize Your Advisories
Lasso

Lasso
The Discovery 

An important XML signature wrapping vulnerability when parsing SAML responses (CVE-2021-28091) has been discovered in the Lasso library, which implements the Liberty Alliance Single SignOn standards, including the SAML and SAML2 specifications.

The Impact

This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.

The Fix

Lasso has released an update that fixes this issue. Users should update their systems as soon as possible to protect sensitive data and prevent downtime.

Your Related Advisories:

Register to Customize Your Advisories
Thunderbird

Thunderbird
The Discovery

Several important security issues have been discovered in the Mozilla Thunderbird mail and newsgroup client. 

The Impact

These vulnerabilities include a out of bounds write in ANGLE impacting the Chromium browser (CVE-2021-30547), a use-after-free in accessibility features of a document (CVE-2021-29970), memory safety bugs in Firefox 90 and Firefox ESR 78.12, and a flaw that could allow IMAP server responses sent by a MITM prior to STARTTLS to be processed (CVE-2021-29969).

The Fix

Mozilla has released an update upgrading Thunderbird to version 78.12.0, which fixes these issues. Update Thunderbird now to prevent attacks and protect sensitive information.

Your Related Advisories:

Register to Customize Your Advisories