Linux Advisory Watch: June 3, 2022

Happy Friday fellow Linux geeks! This week, important updates have been issued for python-numpy, Ark and OpenLDAP. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

python-numpy The Discovery  Three important security vulnerabilities have been discovered in python-numpy, including buffer overflows in PyArray_NewFromDescr_int function of ctors.c and array_from_pyobj function of fortranobject.c (CVE-2021-33430 and CVE-2021-41496). The Impact These bugs could result in denial of service (DoS) attacks. The Fix An update for python-numpy fixes these issues. We recommend that you update now to protect the security and availability of your systems. Your Related Advisories: Register to Customize Your Advisories

Ark The Discovery  It was found that the Ark archive manager did not sanitize extraction paths (CVE-2020-16116 and CVE-2020-24654). The Impact This could result in maliciously crafted archives with symlinks writing outside the extraction directory. The Fix An Ark security update mitigates these flaws. We recommend that you upgrade your Ark packages as soon as possible to protect against potential directory traversal attacks leading to compromise. Your Related Advisories: Register to Customize Your Advisories

OpenLDAP The Discovery SQL injection in back-sql has been discovered in openldap2 (CVE-2022-29155). The Impact This flaw could result in SQL injection attacks. The Fix An important update for openldap2 fixes this bug. Update promptly to protect the security and integrity of your systems. Your Related Advisories: Register to Customize Your Advisories