Linux Advisory Watch: January 21, 2022

Advisories

Linux Advisory Watch: January 21, 2022

Happy Friday fellow Linux geeks! This week, important updates have been issued for Firefox, lxml and gdal. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150

Firefox

The Discovery 

​​Multiple security issues have been found in the Mozilla Firefox web browser (CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748 and CVE-2022-22751).

Firefox

The Impact

These vulnerabilities could potentially result in the execution of arbitrary code, information disclosure, denial of service (DoS) or spoofing.

The Fix

A firefox-esr security update has been released that fixes these flaws. We recommend that you upgrade your firefox-esr packages as soon as possible to protect the security of your sensitive information and the integrity and availability of your systems.

Your Related Advisories:

Register to Customize Your Advisories

lxml

The Discovery 

It was discovered that lxml, a Python binding for the libxml2 and libxslt libraries, does not properly sanitize its input (CVE-2021-43818).
Lxml

The Impact

This vulnerability could lead to cross-site scripting (XSS) attacks.

The Fix

A lxml security update has been released that mitigates this dangerous bug. We recommend that you upgrade your lxml packages promptly to prevent XSS attacks.

Your Related Advisories:

Register to Customize Your Advisories

gdal

The Discovery

Two issues were found in the GDAL geospatial library (CVE-2019-17545 and CVE-2021-45943).

The ImpactGdal

These vulnerabilities could lead to denial of service (DoS) via application crash or possibly the execution of arbitrary code if maliciously crafted data was parsed.

The Fix

A gdal security update that fixes these bugs has been released. We recommend that you upgrade your gdal packages immediately to protect the integrity and availability of your systems.

Your Related Advisories:

Register to Customize Your Advisories

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.