Happy Friday fellow Linux geeks! This week, important updates have been issued for Thunderbird, PHP and OpenSSL. Read on to learn about these vulnerabilities and how to secure your system against them.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
ThunderbirdThe DiscoveryMultiple security issues have been discovered in Mozilla Thunderbird, including a a use-after-free in nsSHistory (CVE-2022-34470), potential integer overflow in ReplaceElementsAt (CVE-2022-34481), CSP bypass enabling stylesheet injection (CVE-2022-31744) and memory safety bugs in Thunderbird 91.11 and Thunderbird 102 (CVE-2022-34484), among other dangerous vulnerabilities. |
PHPThe DiscoveryTwo important security vulnerabilities have been found in php7: uninitialized pointers free in the Postgres extension (CVE-2022-31625) and a fixed buffer overflow via a user-supplied password when using the pdo_mysql extension with the mysqlnd driver (CVE-2022-31626).
The ImpactThese flaws could be exploited to carry out buffer overflow attacks, remote code execution (RCE), or denial of service (DoS) attacks. The FixAn update for php7 mitigates these issues. We recommend that you update as soon as possible to protect against potential attacks and compromise. Your Related Advisories:Register to Customize Your Advisories |
OpenSSLThe DiscoveryIt was discovered that OpenSSL incorrectly handled AES OCB mode when using the AES-NI assembly optimized implementation on 32-bit x86 platforms (CVE-2022-2097). The ImpactA remote attacker could possibly use this issue to obtain sensitive information. |
