Linux Advisory Watch

Don't want to miss that crucial security notice?. The editorial staff at Guardian Digital will bring you complete coverage and in-depth
descriptions of all security bulletins, vulnerabilities and updated packages, all in one convenient weekly newsletter.

Linux Advisory Watch: July 16, 2021

Thank you for reading the LinuxSecurity Linux Advisory Watch newsletter! 

Today’s newsletter is sponsored by RoseHosting. For fast, secure and fully-managed Linux hosting, check out RoseHosting VPS hosting.

This week, important updates have been issued for PHP, polkit and djvulibre.

We recommend that you visit our Advisories page frequently to see the latest security advisories that have been issued by your Linux distro(s). We also now offer the ability to personalize your User Profile to include the latest advisories for the distros you select. 

On behalf of the administrative team, I would like to extend a warm welcome to our newly redesigned site!

Yours in Open Source,

Brittany Day Signature

The Discovery PHP

Several remotely exploitable vulnerabilities have been discovered in the php7.0 and php5 HTML-embedded scripting language interpreters. These flaws include incorrect handling of certain PHAR files (CVE-2020-7068), URLs with passwords (CVE-2020-7071), certain malformed XML data when being parsed by the SOAP extension (CVE-2021-21702), the pdo_firebase module (CVE-2021-21704) and the FILTER_VALIDATE_URL check (CVE-2021-21705).

The Impact

These issues could allow a remote attacker to cause PHP to crash, resulting in a denial of service (DoS), perform a server-side request forgery attack, or possibly obtain sensitive information.

The Fix

These problems can be corrected by updating your php7.0 and php5 package versions. In general, a standard system update will make all the necessary changes.

Your Related Advisories:

Register to Customize Your Advisories


PolkitThe Discovery 

A high-severity vulnerability in polkit, a toolkit for managing policies related to unprivileged processes communicating with privileged processes, has been discovered (CVE-2021-3560). The issue involves the function polkit_system_bus_name_get_creds_sync() being called without checking for errors, temporarily treating the authentication request as if it were coming from root.

The Impact

This flaw could lead to local root privilege escalation.

The Fix

All polkit users should upgrade to the latest version:

 # emerge --sync

  # emerge --ask --oneshot --verbose ">=sys-auth/polkit-0.119"

Your Related Advisories:

Register to Customize Your Advisories

The DiscoveryDjvulibre

An out-of-bounds write bug has been found in DJVU::DjVuTXT::decode() in DjVuText.cpphe in the djvulibre DjVu image format library and tools.

The Impact

An attacker could potentially exploit this flaw to execute arbitrary code or cause a crash.

The Fix

Users should upgrade their djvulibre packages to fix this issue. In general, a standard system update will make all the necessary changes.

Your Related Advisories:

Register to Customize Your Advisories

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.