Hello Intel CPU users,

Today, I’m alerting you of a severe bug in a sequence of processor instructions for some Intel processors, dubbed "Reptar," which could expose sensitive information or cause system crashes, resulting in a denial of service.

This flaw leads to unexpected behavior that could allow an authenticated local user to escalate privileges, granting them complete control over your Linux systems and access to your confidential data. Thus, immediately installing the updates Intel has released is essential in protecting your security and privacy. 

Read on to learn about other impactful vulnerabilities recently discovered and fixed in your open-source programs and applications.

Give your friends the gift of security this holiday season! If you found today’s newsletter useful and informative, please share it with a fellow security geek. Do you have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from passionate and insightful community members who share our enthusiasm for Linux security!

Stay safe out there,

Brittany Signature 150

Intel Microcode

The Discovery 

It was discovered that a sequence of processor instructions for some Intel processors leads to unexpected behavior that could allow an authenticated local user to escalate privileges (CVE-2023-23583)

Intel Microcode

The Impact

This bug, dubbed “Reptar,” could expose sensitive information or cause system crashes, resulting in a denial of service. 

The Fix

An important Intel Microcode update has been released to mitigate this severe bug. Given this vulnerability's damaging repercussions on impacted systems, if left unpatched, we urge all affected users to update now to protect against information disclosure and loss of access to their critical systems.

Your Related Advisories:

Register to Customize Your Advisories

Chromium

The Discovery 

Chromium was in the spotlight last week due to a severe use-after-free vulnerability (CVE-2023-5472) in the popular open-source web browser. Two additional use-after-free bugs have been discovered in Chromium in Garbage Collection (CVE-2023-5997) and Navigation (CVE-2023-6112). These bugs have received a Chromium security severity rating of “High” due to their significant threat to sensitive data on impacted systems.

Chromium

The Impact

These dangerous flaws enable malicious actors to access portions of your computer's memory without authorization, potentially allowing cybercriminals to share your personal information without your knowledge.

The Fix

Chromium has released a significant update that fixes these issues. Given these vulnerabilities’ severe threat to affected systems, if left unpatched, we urge all impacted users to update to the latest version of Chromium immediately. Updating promptly will protect against loss of system access and data compromise.

Your Related Advisories:

Register to Customize Your Advisories

Squid 

The Discovery 

Have you updated to protect against the recent critical vulnerabilities found in the popular Squid caching proxy? These include request/response smuggling in HTTP/1.1 and ICAP (CVE-2023-46846), denial of service in HTTP Digest Authentication (CVE-2023-46847), and denial of service in FTP (CVE-2023-46848). CVE-2023-46846 and CVE-2023-46847 have received a National Vulnerability Database base score of 9.8 out of 10 due to their potential to lead to security breaches or other system instability or unavailability. These bugs are among the worst we’ve seen in a while, so don’t delay patching!

Squid

The Impact

These severe vulnerabilities could result in the compromise and theft of your sensitive information and loss of access to your critical systems.

The Fix

Squid has released a critical security update addressing these impactful flaws. Given these vulnerabilities’ severe threat to affected systems, if left unpatched, we strongly recommend that all impacted users update as soon as possible. Doing so will protect against inconvenient, costly downtime, system compromise, and data theft.

Your Related Advisories:

Register to Customize Your Advisories