Linux Advisory Watch: February 18, 2022

Advisories

Linux Advisory Watch: February 18, 2022

Happy Friday fellow Linux geeks! This week, important updates have been issued for the Linux kernel, Samba and cryptsetup. Read on to learn about these vulnerabilities and how to secure your system against them.

 Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150

Linux Kernel 

The Discovery 

A large number of critical kernel vulnerabilities have been discovered including a remote stack overflow in the net/tipc module (CVE-2022-0435) and an out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c (CVE-2021-39657).

LinuxKernel

The Impact

Exploitation of these vulnerabilities could result in privilege escalation attacks, Denial of Service (DoS) and information leakage.

The Fix

An important Linux kernel update fixes these dangerous bugs. Update now to protect sensitive information and the security, integrity and availability of your systems.

Your Related Advisories:

Register to Customize Your Advisories

Samba

The Discovery 

Several security bugs have been found in Samba including an out-of-bounds heap write vulnerability in the VFS module vfs_fruit (CVE-2021-44142) and a flaw that ​​enables Samba AD users with permission to write to an account to impersonate arbitrary services (CVE-2022-0336).
Samba

The Impact

An attacker could exploit these flaws to remotely execute arbitrary code as root or impersonate arbitrary services.

The Fix

Samba has released a security update fixing these issues. We recommend that you upgrade your Samba packages promptly.

Your Related Advisories:

Register to Customize Your Advisories

cryptsetup

The Discovery

Cryptsetup maintainer Milan Broz discovered a security issue in cryptsetup, the disk encryption configuration tool for Linux (CVE-2021-4122).

The ImpactCryptsetup

This flaw enables an attacker to modify on-disk metadata to simulate decryption in progress with a crashed (unfinished) re-encryption step and persistently decrypt part of the LUKS2 device.

The Fix

A cryptsetup security update mitigates this vulnerability. We recommend that you upgrade your cryptsetup packages as soon as possible to protect the privacy of encrypted information.

Your Related Advisories:

Register to Customize Your Advisories

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.