Linux Advisory Watch: December 24, 2021 | LinuxSecurity.com

Advisories

Linux Advisory Watch: December 24, 2021

Happy Friday fellow Linux geeks! This week, important updates have been issued for apache-log4j2, the Linux kernel and Samba. Another dangerous attack vector has been discovered in apache-log4j2 that requires an additional update. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Day Signature

apache-log4j2

The Discovery 

It was found that the fix to address CVE-2021-44228 in Apache Log4j, a Logging Framework for Java, was incomplete in certain non-default configurations.

ghostscriptThe Impact 

This issue could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack.

The Fix

An update for apache-log4j2 has been released that fixes this problem. We recommend that you upgrade your apache-log4j2 packages immediately to secure your systems against this dangerous bug.

Your Related Advisories:

Register to Customize Your Advisories

Linux Kernel

The Discovery 

Several vulnerabilities have been discovered in the Linux kernel including a flaw in the driver for Atheros IEEE 802.11n family of chipsets (CVE-2020-3702), a use-after-free in the DCCP protocol implementation in the Linux kernel (CVE-2020-16119), a race condition in the local sockets (AF_UNIX) subsystem (CVE-2021-0920) and a flaw in the joystick input subsystem (CVE-2021-3612).
firefox

The Impact

Exploitation of these bugs could result in privilege escalation, denial of service (DoS), or information leaks.

The Fix

Updates have been released mitigating these issues. We recommend that you upgrade your Linux packages as soon as possible to protect your data and the security, integrity and availability of your systems.

Your Related Advisories:

Register to Customize Your Advisories

Samba

The Discovery

Two important vulnerabilities have been found in Samba. It was discovered that an Active Directory (AD) domain user could become root on domain members (CVE-2020-25717), and that SMB1 client connections can be downgraded to plaintext authentication (CVE-2016-2124).

The Impactlibsndfile

These flaws could be exploited to carry out privilege escalation attacks.

The Fix

Samba has released an update that fixes these issues. Update now!

Your Related Advisories:

Register to Customize Your Advisories

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.