Happy Friday fellow Linux geeks! This week, important updates have been issued for Firefox, GnuTLS and libphp-adodb. Read on to learn about these vulnerabilities and how to secure your system against them.
Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
FirefoxThe DiscoveryMany critical security vulnerabilities have been discovered in Mozilla Firefox including an expat Integer overflow in storeRawNames() (CVE-2022-25315). It was also found that malformed 2- and 3-byte UTF-8 sequences and namespace-separator characters in "xmlns[:prefix]" attribute values in expat can lead to arbitrary code execution (CVE-2022-25235 and (CVE-2022-25236). |
GnuTLSThe DiscoveryA null pointer dereference in MD_UPDATE has been found in the GnuTLS free software implementation of the TLS, SSL and DTLS protocols (CVE-2021-4209). The ImpactThis vulnerability can be exploited by an attacker to maliciously crash a process to cause a denial of service (DoS) attack. The FixA GnuTLS security update fixes this dangerous bug. Update promptly to protect the security, integrity and availability of your systems. Your Related Advisories:Register to Customize Your Advisories |
libphp-adodbThe DiscoveryIt was discovered that libphp-adodb, a PHP database abstraction layer library, allows for the injection of values into a PostgreSQL connection string (CVE-2021-3850). The Impact
|
