Linux Advisory Watch: February 25, 2022

Advisories

Linux Advisory Watch: February 25, 2022

Happy Friday fellow Linux geeks! This week, important updates have been issued for tiff, zsh and the Linux kernel. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150

tiff 

The Discovery 

Eight important security vulnerabilities have been discovered in tiff (CVE-2017-17095, CVE-2019-17546, CVE-2020-19131, CVE-2020-35521, CVE-2020-35522, CVE-2020-35523, ​​CVE-2020-35524 and CVE-2022-22844).

Tiff

The Impact

Exploitation of these flaws could result in buffer overflow attacks, denial of service (DoS) and memory allocation failure.

The Fix

A tiff security update fixes these issues. Update now to protect the security, integrity and availability of your systems.

Your Related Advisories:

Register to Customize Your Advisories

zsh

The Discovery 

It was discovered that zsh, a powerful shell and scripting language, did not prevent recursive prompt expansion (CVE-2021-45444).
Zsh

The Impact

This bug could allow an attacker to execute arbitrary commands into a user's shell, for instance by tricking a vcs_info user into checking out a git branch with a specially crafted name.

The Fix

A zsh security update mitigates this flaw. We recommend that you upgrade your zsh packages promptly to prevent potential attacks and compromise.

Your Related Advisories:

Register to Customize Your Advisories

Linux Kernel

The Discovery

Several security issues have been found in the Linux kernel including a double-free vulnerability in the Packet network protocol implementation (CVE-2021-22600), a race condition in the Unix domain socket implementation (CVE-2021-4083) and a race condition in the the NFC Controller Interface (NCI) implementation, leading to a use-after-free vulnerability (CVE-2021-4202).

The ImpactLinuxKernel

Exploitation of these vulnerabilities could result in denial of service (DoS), the execution of arbitrary code, the exposure of sensitive information or privilege escalation.

The Fix

These dangerous kernel bugs have now been fixed. Update as soon as possible to protect your systems and your sensitive information.

Your Related Advisories:

Register to Customize Your Advisories

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.