Thank you for reading the LinuxSecurity Linux Advisory Watch newsletter! 

Today’s newsletter is sponsored by RoseHosting. For fast, secure and fully-managed Linux hosting, check out RoseHosting VPS hosting.

This week, important updates have been issued for the Linux kernel, apache2 and file-roller.

We recommend that you visit our Advisories page frequently to see the latest security advisories that have been issued by your Linux distro(s). We also now offer the ability to personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select. 

On behalf of the LinuxSecurity.com administrative team, I would like to extend a warm welcome to our newly redesigned site!

Yours in Open Source,

Brittany Signature 150

Linux Kernel
The Discovery LinuxKernel

Multiple important vulnerabilities have been discovered in the Linux kernel, including a use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034), a security bypass in certs/blacklist.c and certs/system_keyring.c (CVE-2020-26541), improper handling of VM_IO|VM_PFNMAP vmas in KVM (CVE-2021-22543) and a race condition in net/can/bcm.c (CVE-2021-3609).

The Impact

These flaws can result in local privilege escalation and the bypass RO checks, among other serious threats to the security of your system.

The Fix

To mitigate these kernel bugs and prevent exploits, users impacted by these vulnerabilities should apply the updates issued by their distro(s) immediately.

Your Related Advisories:

Register to Customize Your Advisories

apache2

Apache2The Discovery 

Several vulnerabilities have been found in the Apache HTTP server including a MergeSlashes regression (CVE-2021-30641), a NULL pointer dereference on specially crafted HTTP/2 requests (CVE-2021-31618), a mod_proxy NULL pointer dereference (CVE-2020-13950), a single zero byte stack overflow in mod_auth_digest (CVE-2020-35452), a mod_session NULL pointer dereference in parser (CVE-2021-26690) and a heap overflow in mod_session (CVE-2021-26691).

The Impact

These bugs could result in denial of service (DoS) and possible execution of arbitrary code.

The Fix

We recommend that apache2 users upgrade their apache2 packages as soon as possible. In general, a standard system update will make all the necessary changes.

Your Related Advisories:

Register to Customize Your Advisories

div for preview ad-image
@TODO use resized image dimensions here Banner 1 690x80 1708123077

file-roller
The Discovery

FilerollerA path traversal vulnerability was found in file-roller, a tool for viewing and creating archives, due to an incomplete fix for CVE-2020-11.

The Impact

This issue could allow an attacker to extract files outside of the intended directory in the case of malicious archives containing symbolic links, posing a serious threat to data integrity and system availability.

The Fix

Updated file-roller packages fix this vulnerability. Users affected by this flaw should apply the updates that have been issued by their distro(s) immediately.

Your Related Advisories:

Register to Customize Your Advisories