Happy Friday fellow Linux geeks! This week, important updates have been issued for djvulibre, aria2 and log4j. Read on to learn about these vulnerabilities and how to secure your system against them.
Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
djvulibreThe DiscoverySeveral dangerous vulnerabilities were discovered in djvulibre, a library and set of tools to handle documents in the DjVu format (CVE-2019-15142, CVE-2019-15143, CVE-2019-15144 and CVE-2019-15145). |
aria2The DiscoveryIt was discovered in the download utility aria2 that --log was leaking HTTP user credentials in local log files (CVE-2019-3500). The ImpactThis bug could result in the compromise of sensitive information that could be used for malicious purposes. The FixA security update released for aria2 mitigates this flaw. We urge you to upgrade your aria2 packages promptly. Your Related Advisories:Register to Customize Your Advisories |
log4jThe DiscoveryA security bug has been found in Log4j 1.x when the application is configured to use JMSAppender (CVE-2021-4104). JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data when an attacker has write access to the Log4j configuration. The Impact
|
