Attention Linux Security Enthusiasts! Guess what? 14 crucial vulnerabilities have been found in Chromium, and they're not something to ignore! These sneaky bugs, including use-after-free and type confusion issues, could let remote attackers exploit heap corruption. And with low attack complexity and high impact on confidentiality, integrity, and availability, they've earned a "High" severity rating from the National Vulnerability Database. Don't wait - update your systems now to stay safe and secure!

But wait, there's more! We uncover other significant discoveries and fixes, like multiple OpenSSL DoS vulnerabilities and two Ruby bugs that might expose your sensitive info, even if you don't use these applications directly. Keep reading to learn more about these bugs and how to protect against them.

Yours in Open Source,

Brittany Signature 150

Chromium

The Discovery 

Fourteen important vulnerabilities have been discovered in Chromium, including multiple use-after-free and type confusion bugs. With a low attack complexity and a high confidentiality, integrity and availability impact, these issues have received a National Vulnerability Database severity rating of “High”.

Chromium

The Impact

These vulnerabilities could allow a remote attacker to potentially exploit heap corruption via a crafted PDF file or a crafted HTML page.

The Fix

An update for Chromium that fixes these severe vulnerabilities has been released. We strongly recommend that all impacted users apply the Chromium updates issued by their distro(s) now to protect the confidentiality, integrity and availability of their systems.

Your Related Advisories:

Register to Customize Your Advisories

Ruby

The Discovery 

Two important security bugs have been found in Ruby. It was discovered that an HTTP response splitting flaw exists in the Ruby cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 (CVE-2021-3362). It was also discovered that a buffer over-read occurs in String-to-Float conversion in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2 (CVE-2022-28739). With a low attack complexity and a high confidentiality and integrity impact, these bugs have received a National Vulnerability Database severity rating of “High”.

Ruby

The Impact

An attacker could exploit these flaws to maliciously modify the response a user would receive from a vulnerable application, or to expose sensitive information.

The Fix

A Ruby security update has been released that mitigates these issues. We strongly recommend that all impacted users apply the Ruby updates issued by their distro(s) immediately to protect against attacks threatening the confidentiality and integrity of their systems and their sensitive data.

Your Related Advisories:

Register to Customize Your Advisories

OpenSSL

The Discovery 

Distros continue to release updates addressing multiple important denial of service (DoS) vulnerabilities (CVE-2023-0464 and CVE-2023-2650) recently discovered in the OpenSSL Secure Sockets Layer toolkit. These bugs are easy to exploit and have a high availability impact.

Openssl

The Impact

An attacker could exploit these vulnerabilities to carry out DoS attacks resulting in loss of system access and potential compromise.

The Fix

An OpenSSL security update that mitigates these issues has been released. We urge all impacted users to apply the OpenSSL updates issued by their distro(s) as soon as possible to protect against attacks leading to system downtime and compromise.

Your Related Advisories:

Register to Customize Your Advisories