This week, important updates have been issued for the Linux kernel, systemd and OpenJDK.
We recommend that you visit our Advisories page frequently to see the latest security advisories that have been issued by your Linux distro(s). We also now offer the ability to personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select.
On behalf of the LinuxSecurity.com administrative team, I would like to extend a warm welcome to our newly redesigned site!
Yours in Open Source,
Linux Kernel The Discovery
A size_t-to-int type conversion vulnerability dubbed Sequoia (CVE-2021-33909) has been discovered in the Linux kernel’s filesystem. Sequoia can be used against most Linux distributions in their default configurations.
This dangerous flaw can be exploited by any unprivileged user to gain root privileges, corrupt data, crash a hijacked system, or execute unauthorized code.
A patch has been released for Sequoia in the Linux kernel 5.13.4 release. This fix is also now available in most Linux distributions.
Two security issues have been discovered in the systemd system and service manager. It was discovered that systemd incorrectly handled certain mount paths (CVE-2021-33910), as well as DHCP FORCERENEW packets (CVE-2020-13529).
CVE-2020-13529 could allow a remote attacker to reconfigure vulnerable servers, while CVE-2021-33910 could be exploited by a local attacker to cause systemd to crash, resulting in a denial of service (DoS).
Many distros have released updates mitigating these problems. Users who are impacted by these flaws should update their systems immediately.