This week, important updates have been issued for Ruby, strongSwan and cryptsetup. Read on to learn about these vulnerabilities and how to secure your system against them.
Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
RubyThe DiscoverySeveral security issues have been found in Ruby. It was discovered that Ruby incorrectly handled certain HTML files (CVE-2021-41816), certain regular expressions (CVE-2021-41817) and certain cookie names (CVE-2021-41819). |
strongSwanThe DiscoveryA security bug was discovered in the EAP authentication client code of strongSwan, an IKE/IPsec suite, that may allow an attacker to bypass the client and, in some scenarios, even the server authentication (CVE-2021-45079). The ImpactThis flaw could be exploited to carry out a denial-of-service (DoS) attack or allow unintended access to network services. The FixA strongSwan security update that mitigates this vulnerability has been released. We recommend that you upgrade your strongSwan packages as soon as possible to protect the security of your network and the availability of your systems. Your Related Advisories:Register to Customize Your Advisories |
cryptsetupThe DiscoveryA vulnerability was discovered in cryptsetup that could allow an attacker to modify on-disk metadata to simulate decryption in progress with crashed (unfinished) reencryption step and persistently decrypt part of the LUKS device (CVE-2021-4122). The Impact
|
