Distros have released fixes for several critical/high-severity security issues that have been discovered in the Linux kernel, including a critical vulnerability in the Xen netback driver in the kernel that could lead to denial of service (DoS). With a base score of 10 out of 10, it's crucial that all users update their systems now. Has your distro released a patch for this flaw? You can customize your LinuxSecurity advisories based on the distro(s) you use to find out now!

Distros have also released updates for the Curl client-side URL transfer library to fix a critical information disclosure/DoS flaw that has received a base score of 9.8 out of 10, and Chromium to mitigate multiple bugs including two high-severity use after free vulnerabilities that could be remotely exploited to cause memory leakage/corruption. Continue reading to learn how to secure your systems against these dangerous issues.

Yours in Open Source,

Brittany Signature 150

Linux Kernel

The Discovery 

Several critical/high-severity security issues have been discovered in the Linux kernel. A vulnerability in the Xen netback driver in the kernel (CVE-2022-3643) that could result in improper handling of packets structured in certain ways has received a base score of 10 out of 10. Other vulnerabilities found include a stack-based buffer overflow in the sysctl implementation in the kernel (CVE-2022-4378), multiple use-after-free vulnerabilities in the Bluetooth L2CAP handshake implementation in the kernel (CVE-2022-42896), and an integer overflow vulnerability in the Bluetooth subsystem in the kernel (CVE-2022-45934). 

LinuxKernel

The Impact

These flaws could result in denial of service (DoS) or the execution of arbitrary code.

The Fix

An important update for the kernel that fixes these dangerous bugs has been released. It is crucial that you update immediately to prevent downtime and protect against attacks leading to compromise.

Your Related Advisories:

Register to Customize Your Advisories

Curl 

The Discovery 

Multiple vulnerabilities were discovered in the Curl client-side URL transfer library, the worst of which may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free, and has received a base score of 9.8 out of 10 (CVE-2022-32221).
Curl

The Impact

These issues could result in denial of service (DoS) or information disclosure.

The Fix

A Curl security update that mitigates these flaws has been released. We strongly recommend that all users update now to protect the privacy of their sensitive information and prevent disruptive downtime.

Your Related Advisories:

Register to Customize Your Advisories

Chromium

The Discovery 

Four security bugs have been found in Chromium, including high-severity use after frees in WebTransport in Google Chrome (CVE-2023-0471) and in WebRTC (CVE-2023-0472).

Chromium

The Impact

These flaws could allow a remote attacker to exploit heap corruption via a crafted HTML page, or enable an attacker who convinced a user to install a malicious extension to exploit heap corruption via a Chrome web app, leading to memory leakage/corruption.

The Fix

An important patch for Chromium that fixes these vulnerabilities has been released. We urge all users to update as soon as possible to protect the security and integrity of their systems.

Your Related Advisories:

Register to Customize Your Advisories