Linux Advisory Watch: January 14, 2022

Advisories

Linux Advisory Watch: January 14, 2022

Happy Friday fellow Linux geeks! This week, important updates have been issued for log4j, singularity and Apache HTTP Server. and Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150

log4j

The Discovery 

It was discovered that Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to RCE when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server (CVE-2021-44832).

ApacheLog4J

The Impact

Exploitation of this flaw could result in remote code execution (RCE) attacks via JDBC Appender (when an attacker controls config).

The Fix

A security update has been released for log4j that fixes this issue. Update to log4j-2.17.1 as soon as possible!

Your Related Advisories:

Register to Customize Your Advisories

singularity

The Discovery 

Three security vulnerabilities (CVE-2021-29136, CVE-2021-32635 and CVE-2021-41190) have been found in the singularity container platform.
Singularity

The Impact

These bugs could allow an attacker to modify host files or execute malicious containers.

The Fix

Updated singularity packages fix these dangerous flaws. Update now!

Your Related Advisories:

Register to Customize Your Advisories

Apache HTTP Server

The Discovery

It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests (CVE-2021-44224), and that the Apache HTTP Server Lua module incorrectly handled memory in the multipart parser (CVE-2021-44790). 

The ImpactApache2

A remote attacker could exploit these issues to cause the server to crash, resulting in a denial of service (DoS), or possibly perform a Server Side Request Forgery attack or execute arbitrary code.

The Fix

Apache has released updated package versions that correct these issues. Update immediately to protect the security, integrity and availability of your systems!

Your Related Advisories:

Register to Customize Your Advisories

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.