Linux Advisory Watch: June 17, 2022

Advisories

Linux Advisory Watch: June 17, 2022

Happy Friday fellow Linux geeks! This week, important updates have been issued for Firefox, cifs-utils and python-twisted-web. Read on to learn about these vulnerabilities and how to secure your system against them.

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150

Firefox

The Discovery 

Eight important security vulnerabilities have been discovered in Mozilla Firefox, including a heap buffer overflow in WebGL (CVE-2022-31737), browser window spoof using fullscreen mode (CVE-2022-31738), attacker-influenced path traversal when saving downloaded files (CVE-2022-31739), memory safety bugs in Firefox 101 and Firefox ESR 91.10 (CVE-2022-31747), and more.

Firefox

The Impact

These issues could result in buffer overflow attacks, spoofing attacks, memory corruption and information leakage, among other threats.

The Fix

An update is available for Mozilla Firefox that fixes these flaws. We recommend that you update as soon as possible to protect your systems against attacks and compromise.

Your Related Advisories:

Register to Customize Your Advisories

cifs-utils

The Discovery 

Several security issues have been found in cifs-utils (Common Internet File System utilities). It was discovered that cifs-utils invoked a shell when requesting a password (CVE-2020-14342), incorrectly used host credentials when mounting a krb5 CIFS file system from within a container (CVE-2021-20208), incorrectly handled certain command-line arguments (CVE-2022-27239), and incorrectly handled verbose logging (CVE-2022-29869).
LinuxKernel

The Impact

These vulnerabilities could result in privilege escalation attacks and the compromise of sensitive information.

The Fix

An update has been released for cifs-utils that mitigates these bugs. Update now to protect the security and integrity of your systems and your sensitive information.

Your Related Advisories:

Register to Customize Your Advisories

python-twisted-web

The Discovery

An important security bug has been discovered in the python-twisted-web web server (CVE-2022-24801).

The ImpactTwisted

This vulnerability could result in possible http request smuggling.

The Fix

A ​​python-twisted-web security update that fixes this issue is now available. We urge you to update promptly to protect against potential security issues.

Your Related Advisories:

Register to Customize Your Advisories

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.