Happy Friday fellow Linux geeks! This week, important updates have been issued for Intel Microcode, QEMU and Apache HTTP Server. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150

Intel Microcode

The Discovery 

Several serious security issues have been discovered in Intel Microcode processor microcode for Intel CPUs (CVE-2021-0127, CVE-2021-0145, CVE-2021-0146, CVE-2021-33117, CVE-2021-33120, CVE-2022-21123, CVE-2022-21127, CVE-2022-21151 and CVE-2022-21166).

Intel

The Impact

These flaws could result in denial of service (DoS), privilege escalation attacks and information leakage.

The Fix

An important Intel Microcode security update fixes these vulnerabilities. We recommend that you update now to protect your sensitive information and the security, integrity and availability of your systems.

Your Related Advisories:

Register to Customize Your Advisories

QEMU

The Discovery 

Multiple security vulnerabilities have been found in the QEMU machine emulator and virtualizer (CVE-2021-3507, CVE-2021-3929, CVE-2021-4206, CVE-2021-4207, CVE-2022-0358, CVE-2022-26353 and CVE-2022-26354).


Qemu

The Impact

These issues could result in information leakage, denial of service (DoS) attacks, privilege escalation, or the execution of arbitrary code.

The Fix

A QEMU update mitigates these flaws. We recommend that you update as soon as possible to protect against attacks and compromise.

Your Related Advisories:

Register to Customize Your Advisories

Apache HTTP Server

The Discovery

Several security bugs have been identified in Apache HTTP Server (CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556 and CVE-2022-31813).

The Impact

These vulnerabilities could result in HTTP Request Smuggling attacks, denial of service (DoS) attacks, the execution of arbitrary code, authentication bypass and information leakage.

Apache2

The Fix

An important Apache HTTP Server security update fixes these issues. Update now to protect the security, integrity and availability of your systems and the privacy of your sensitive information.

Your Related Advisories:

Register to Customize Your Advisories