Linux Advisory Watch: January 28, 2022

Advisories

Linux Advisory Watch: January 28, 2022

Happy Friday fellow Linux geeks! This week, important updates have been issued for polkit, the Linux kernel and Thunderbird. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150

polkit

The Discovery 

A local privilege escalation vulnerability (CVE-2021-4034) was found by Qualys researchers in polkit's pkexec utility. The current version of pkexec doesn't handle the calling parameters count correctly and ends up trying to execute environment variables as commands.

Pwnkit

The Impact

An attacker can exploit this flaw by crafting environment variables in such a way that will induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation, giving unprivileged users administrative rights on the target machine.

The Fix

Updated polkit packages fix this dangerous vulnerability. Update now!

Your Related Advisories:

Register to Customize Your Advisories

Linux Kernel

The Discovery 

Several vulnerabilities have been discovered in the Linux kernel (CVE-2021-4155, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713 and CVE-2022-0185).
LinuxKernel

The Impact

These issues may lead to privilege escalation attacks, denial of service (DoS), or information leakage.

The Fix

We recommend that you upgrade your Linux packages promptly to protect sensitive information and the security, integrity and availability of your systems.

Your Related Advisories:

Register to Customize Your Advisories

Thunderbird

The Discovery

Several security issues have been found in the Thunderbird mail and newsgroup client.

The ImpactThunderbird

If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these flaws to cause a denial of service (DoS), obtain sensitive information, trick a user into accepting unwanted permissions, conduct header splitting attacks, conduct spoofing attacks, bypass security restrictions, hijack a session, or execute arbitrary code.

The Fix

Thunderbird has released a security update that fixes these dangerous bugs. Update now!

Your Related Advisories:

Register to Customize Your Advisories

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.