Linux Advisory Watch: March 11, 2022

Advisories

Linux Advisory Watch: March 11, 2022

Happy Friday fellow Linux geeks! This week, important updates have been issued for the Linux Kernel, GNU C Library and WebKitGTK. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150

Linux Kernel

The Discovery 

Multiple security issues have been discovered in the Linux kernel, one of which has been deemed the most high-severity Linux security vulnerability in years. CVE-2022-0847, which has been named Dirty Pipe, is a bug in the kernel since version 5.8 due to uninitialized variables. It enables anybody to write arbitrary data to arbitrary files, even if the file is O_RDONLY, immutable or on a MS_RDONLY filesystem.

LinuxKernel

The Impact

Dirty Pipe could be exploited to inject code into arbitrary processes, enabling an attacker to install backdoors, create unauthorized user accounts, and modify scripts or binaries used by privileged services or apps. The other flaws that have been identified (CVE-2022-25258 and CVE-2022-25375) could result in memory corruption or information leakage.

The Fix

An important kernel security update mitigates Dirty Pipe and the other bugs that have been found in the kernel. Patch now!

Your Related Advisories:

Register to Customize Your Advisories

GNU C Library

The Discovery 

Several security issues were found in GNU C Library (CVE-2016-10228, CVE-2019-25013, CVE-2020-27618, CVE-2020-29562, CVE-2020-6096, CVE-2021-27645, CVE-2021-3326, CVE-2021-35942, CVE-2021-3998, CVE-2021-3999, CVE-2022-23218 and CVE-2022-23219).
GNUCLibrary

The Impact

Exploitation of these vulnerabilities could result in denial of service (DoS), the execution of arbitrary code, or information leakage. 

The Fix

These flaws in GNU C Library have now been fixed. Update promptly to protect sensitive information and the security, integrity and availability of your systems.

Your Related Advisories:

Register to Customize Your Advisories

WebKitGTK

The Discovery

Several remotely-exploitable security issues were discovered in the WebKitGTK Web and JavaScript engines (CVE-2022-22589, CVE-2022-22590 and CVE-2022-22592).

The ImpactWebkitgtk

If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting (XSS) attacks, denial of service (DoS) attacks and arbitrary code execution.

The Fix

These vulnerabilities have now been fixed in WebKitGTK. Update as soon as possible to protect against DoS and XSS attacks.

Your Related Advisories:

Register to Customize Your Advisories

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.