Linux Advisory Watch: March 25, 2022

Advisories

Linux Advisory Watch: March 25, 2022

Happy Friday fellow Linux geeks! This week, important updates have been issued for OpenSSL, LibreOffice and Firefox. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150

OpenSSL

The Discovery 

It was discovered that the BN_mod_sqrt() function of OpenSSL could be tricked into an infinite loop (CVE-2019-1551 and CVE-2022-0778).

Openssl

The Impact

This could result in denial of service (DoS) via malformed certificates.

The Fix

An OpenSSL security update fixes this issue, along with an overflow bug in the x64_64 Montgomery squaring procedure. Update now to protect the security, integrity and availability of your systems.

Your Related Advisories:

Register to Customize Your Advisories

LibreOffice

The Discovery 

An incorrect validation of digitally signed documents was discovered in the LibreOffice free and open-source office suite (CVE-2021-25636).
Libreoffice

The Impact

This flaw could allow an attacker to create a digitally signed ODF document which, when opened, would cause LibreOffice to verify using the "KeyValue", but to report verification with the unrelated "X509Data" value.

The Fix

An update for LibreOffice that mitigates this vulnerability is now available. Update as soon as possible to prevent attacks and protect your sensitive information.

Your Related Advisories:

Register to Customize Your Advisories

Firefox

The Discovery

Multiple security issues have been discovered in the open-source Firefox web browser (CVE-2022-0843, CVE-2022-26381, CVE-2022-26382, CVE-2022-26383, CVE-2022-26384, CVE-2022-26385 and CVE-2022-26387). It was found that Firefox could be made to crash or run programs as your login if it opened a malicious website.

The ImpactFirefox

If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these bugs to cause a denial of service (DoS), spoof the browser UI, bypass security restrictions, obtain sensitive information, or execute arbitrary code.

The Fix

A Firefox update fixes these vulnerabilities. We recommend updating as soon as possible to prevent attacks and protect your systems.

Your Related Advisories:

Register to Customize Your Advisories

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.