Linux Advisory Watch: December 10, 2021 | LinuxSecurity.com

Advisories

Linux Advisory Watch: December 10, 2021

Happy Friday fellow Linux geeks! This week, important updates have been issued for nss, vim and mailman. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Day Signature

nss

The Discovery 

It was discovered that nss, the Mozilla Network Security Service library, is prone to a heap overflow flaw when verifying DSA or RSA-PPS signatures (CVE-2021-43527).

ghostscriptThe Impact 

This critical vulnerability could result in denial of service (DoS) or the execution of arbitrary code.

The Fix

A nss security update has been released that fixes this dangerous bug. We recommend that you upgrade your nss packages as soon as possible to protect the security and availability of your systems.

Your Related Advisories:

Register to Customize Your Advisories

vim

The Discovery 

Multiple heap-based buffer overflows, stack-based buffer overflows and a use after free have been discovered in the vim text editor program (CVE-2021-3872, CVE-2021-3875, CVE-2021-3903, CVE-2021-3927, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973 and CVE-2021-3974).
firefox

The Impact

These flaws could result in buffer overflow attacks and the compromise of the vim program.

The Fix

A vim security update that mitigates these issues has been released. We encourage you to update your vim packages promptly to protect the security and integrity of your systems.

Your Related Advisories:

Register to Customize Your Advisories

mailman

The Discovery

Three important flaws in the mailman mailing list manager have been identified. They include two CSRF token bypass vulnerabilities (CVE-2021-42097 and CVE-2021-44227) and missing CSRF protection in the user options page (CVE-2016-6893).

The Impactlibsndfile

Exploitation of these bugs could result in CSRF attacks, account takeover and admin takeover.

The Fix

A mailman security update that fixes these issues has been released. Update immediately to prevent attacks and compromise.

Your Related Advisories:

Register to Customize Your Advisories

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.