Linux Advisory Watch: January 28, 2022
Happy Friday fellow Linux geeks! This week, important updates have been issued for polkit, the Linux kernel and Thunderbird. Read on to learn about these vulnerabilities and how to secure your system against them.
Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
polkitThe DiscoveryA local privilege escalation vulnerability (CVE-2021-4034) was found by Qualys researchers in polkit's pkexec utility. The current version of pkexec doesn't handle the calling parameters count correctly and ends up trying to execute environment variables as commands. The ImpactAn attacker can exploit this flaw by crafting environment variables in such a way that will induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation, giving unprivileged users administrative rights on the target machine. The FixUpdated polkit packages fix this dangerous vulnerability. Update now! Your Related Advisories:Register to Customize Your Advisories |
Linux KernelThe DiscoverySeveral vulnerabilities have been discovered in the Linux kernel (CVE-2021-4155, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713 and CVE-2022-0185). The ImpactThese issues may lead to privilege escalation attacks, denial of service (DoS), or information leakage. The FixWe recommend that you upgrade your Linux packages promptly to protect sensitive information and the security, integrity and availability of your systems. Your Related Advisories:Register to Customize Your Advisories |
ThunderbirdThe DiscoverySeveral security issues have been found in the Thunderbird mail and newsgroup client. The Impact
If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these flaws to cause a denial of service (DoS), obtain sensitive information, trick a user into accepting unwanted permissions, conduct header splitting attacks, conduct spoofing attacks, bypass security restrictions, hijack a session, or execute arbitrary code. The FixThunderbird has released a security update that fixes these dangerous bugs. Update now! Your Related Advisories:Register to Customize Your Advisories |