Distros have released fixes for two critical security issues discovered in Git that an attacker could exploit to cause a crash or execute arbitrary code. With a base score of 9.8 out of 10 in the National Vulnerability Database, it's crucial that all users update their systems now. Has your distro released a patch for these vulnerabilities? You can customize your LinuxSecurity advisories based on the distro(s) you use to find out now!
Distros have also released updates for OpenSSL to fix a high-severity type confusion vulnerability, among other issues, and WebKitGTK to mitigate three bugs with a high confidentiality, integrity and availability impact, that could result in arbitrary code execution. Continue reading to learn how to secure your systems against these dangerous issues.
Yours in Open Source,
OpenSSLThe DiscoverySeveral vulnerabilities were discovered in OpenSSL, including a high-severity type confusion vulnerability (CVE-2023-0286). |
GitThe DiscoveryIt was discovered that Git incorrectly handles certain gitattributes (CVE-2022-23521) and certain commands (CVE-2022-41903).
The ImpactAn attacker could possibly use these critical issues, which both received a base score of 9.8 out of 10 in the National Vulnerability Database, to cause a crash or execute arbitrary code. The FixAn important Git security update fixes these flaws. We recommend that you update now to protect against attacks leading to downtime or compromise. Your Related Advisories:Register to Customize Your Advisories |
WebKitGTKThe DiscoveryThree vulnerabilities that could allow for the processing of maliciously crafted web content have been found in the WebKitGTK web engine (CVE-2022-42826, CVE-2023-23517 and CVE-2023-23518). |
