Linux Advisory Watch: December 3, 2021 | LinuxSecurity.com

Advisories

Linux Advisory Watch: December 3, 2021

Happy Friday fellow Linux geeks! This week, important updates have been issued for OpenJDK, postgresql and redis. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Day Signature

OpenJDK

The Discovery 

Several vulnerabilities have been discovered in the OpenJDK Java runtime (CVE-2021-35567, CVE-2021-35578, CVE-2021-35586 and CVE-2021-35603).

ghostscriptThe Impact 

These flaws could result in denial of service (DoS), incorrect Kerberos ticket use, selection of weak ciphers or information disclosure.

The Fix

An update has been released that fixes these issues. We recommend that you upgrade your openjdk-17 packages immediately to protect sensitive information and the integrity and availability of your systems.

Your Related Advisories:

Register to Customize Your Advisories

postgresql

The Discovery 

It was discovered that the postgresql server processes unencrypted bytes from a man-in-the-middle attacker (CVE-2021-23214 and CVE-2021-23222).
firefox

The Impact

These bugs could result in man-in-the-middle attacks and the compromise of sensitive data.

The Fix

Updated postgresql packages that fix these two flaws have been released. Update now to protect confidential information and prevent attacks.

Your Related Advisories:

Register to Customize Your Advisories

redis

The Discovery

Eight important security vulnerabilities have been found in redis (CVE-2021-32626, CVE-2021-32627, CVE-2021-32628, CVE-2021-32672, CVE-2021-32675, CVE-2021-32687, CVE-2021-32762 and CVE-2021-41099).

The Impactlibsndfile

These flaws could result in heap buffer overflow and Denial of Service (DoS) attacks.

The Fix

Redis has released an update that fixes these issues. We recommend updating as soon as possible to protect the security and availability of your systems.

Your Related Advisories:

Register to Customize Your Advisories

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.