Happy Friday fellow Linux geeks! This week, important updates have been issued for log4j, singularity and Apache HTTP Server. and Read on to learn about these vulnerabilities and how to secure your system against them.
Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
log4jThe DiscoveryIt was discovered that Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to RCE when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server (CVE-2021-44832). |
singularityThe DiscoveryThree security vulnerabilities (CVE-2021-29136, CVE-2021-32635 and CVE-2021-41190) have been found in the singularity container platform. The ImpactThese bugs could allow an attacker to modify host files or execute malicious containers. The FixUpdated singularity packages fix these dangerous flaws. Update now! Your Related Advisories:Register to Customize Your Advisories |
Apache HTTP ServerThe DiscoveryIt was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests (CVE-2021-44224), and that the Apache HTTP Server Lua module incorrectly handled memory in the multipart parser (CVE-2021-44790). The Impact
|
