Linux Advisory Watch: December 31, 2021 | LinuxSecurity.com

Advisories

Linux Advisory Watch: December 31, 2021

Happy Friday fellow Linux geeks! This week, important updates have been issued for OpenJDK, log4j12 and OpenSSH. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Day Signature

OpenJDK

The Discovery 

Several important vulnerabilities have been discovered in the OpenJDK Java runtime (CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586 and CVE-2021-35603).

ghostscriptThe Impact 

Exploitation of these flaws may result in denial of service (DoS), incorrect Kerberos ticket use, selection of weak ciphers or information disclosure.

The Fix

OpenJDK has released an update that fixes these bugs. We recommend that you upgrade your openjdk-11 packages as soon as possible.

Your Related Advisories:

Register to Customize Your Advisories

log4j12

The Discovery 

It was discovered that the JMSAppender class from log4j must be disabled to protect against the log4jshell vulnerability (CVE-2021-4104).
firefox

The Impact

This vulnerability allows attackers to execute malicious software by causing Log4j to write a specially-crafted log entry, enabling malicious actors to steal data, deploy ransomware, install back doors, create botnets, mine cryptocurrencies and conduct other illegal activities.

The Fix

An important update for log4j12 mitigates this issue. Update now!

Your Related Advisories:

Register to Customize Your Advisories

OpenSSH

The Discovery

A double free has been found in the OpenSSH ssh-agent (CVE-2021-28041).

The Impactlibsndfile

This flaw could result in memory corruption, modification of data, disclosure of sensitive information, or Denial of Service (DoS).

The Fix

OpenSSH has released an important update that fixes this bug. We recommend updating promptly to protect the security, integrity and availability of your systems.

Your Related Advisories:

Register to Customize Your Advisories

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.