Zerolock 1 Security Done Right 1028x280 1676299316 Esm W690

Today we have awesome news for the security-conscious Linux sysadmin: securing your systems by staying up-to-date on the latest advisories issued by your distro(s) just got easier and far more convenient with the creation of the @LS_advisories Twitter handle! LinuxSecurity Live Advisory Updates is a page that provides live updates on critical Linux security advisories issued by 15 popular Linux distros.

This week, distros continue to release important updates addressing several security vulnerabilities recently discovered in Thunderbird which could result in denial of service (DoS) attacks leading to potentially exploitable crashes, the execution of arbitrary code, or spoofing attacks. Learn if you are impacted, and how to secure your systems against these dangerous bugs.

Continue reading to learn about other significant issues that have been reported and fixed, and how to secure your systems against them.

Yours in Open Source,

Brittany Signature 150 Esm W150

Thunderbird

The Discovery 

Distros continue to release important updates addressing several security vulnerabilities recently discovered in Thunderbird, including a high-impact bug involving the incorrect code generation during JIT compilation (CVE-2023-25751), and high-severity memory safety vulnerabilities present in Thunderbird 102.8 (CVE-2023-28176).

Thunderbird Esm W226

The Impact

These flaws could result in denial of service (DoS) attacks leading to potentially exploitable crashes, the execution of arbitrary code, or spoofing attacks.

The Fix

These issues have been fixed in the latest stable version of the Thunderbird email client, Thunderbird 102.9.0. We urge all impacted users to update to Thunderbird 102.9.0 now to protect against exploits leading to downtime, spoofing attacks and other threats to the confidentiality, integrity and availability of their systems. 

Your Related Advisories:

Register to Customize Your Advisories

Chromium

The Discovery 

Several remotely exploitable use after free and out of bounds read vulnerabilities have been found in Chromium. These issues have received a Chromium security severity rating of High because of the significant threat that they pose to the confidentiality, integrity and availability of impacted systems.

Chromium Esm W225

The Impact

These flaws could result in the execution of arbitrary code, denial of service (DoS), or information disclosure.

The Fix

A Chromium security update that addresses these bugs has been released. We urge all impacted users to apply the Chromium security updates released by their distro(s) as soon as possible to prevent potential downtime and data compromise.

Your Related Advisories:

Register to Customize Your Advisories

Xen

The Discovery 

Multiple vulnerabilities have been discovered in the Xen hypervisor. One of these issues (CVE-2022-42331) involves the original Spectre/Meltdown security work on Xen including one entrypath that performs its speculation-safety actions too late, resulting in unprotected RET instruction, which can be exploited with a variety of speculative attacks.

Xen Esm W344

The Impact

These bugs could lead to privilege escalation, denial of service (DoS) attacks, or information leaks.

The Fix

Xen has released a security update that mitigates these flaws. We urge all impacted users to apply the Xen security updates issued by their distro(s) immediately to protect the security, integrity and availability of their systems and the confidentiality of their sensitive information. 

Your Related Advisories:

Register to Customize Your Advisories