Linux Advisory Watch: May 13, 2022

Brittany Day

Application 1: Debian LTS, Fedora, Mageia, Oracle, Red Hat, Ubuntu, SuSE
Application 2: Debian LTS, Mageia, openSUSE, Red Hat, SuSE
Application 3: Archlinux, Debian LTS, Gentoo, Mageia, openSUSE, Oracle, Red Hat, SuSE, Ubuntu

1 - 2 min read 05/13/2022

Happy Friday fellow Linux geeks! This week, important updates have been issued for libarchive, golang and libslirp. Read on to learn about these vulnerabilities and how to secure your system against them.

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150

libarchive

The Discovery

Three issues have been found in the libarchive multi-format archive and compression library. It was discovered that symbolic links are incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive (CVE-2021-31566), extracting a symlink with ACLs modifies ACLs of the target (CVE-2021-23177), and an incorrect mbrtowc or mbtowc call results in an out-of-bounds read (CVE-2019-19221).

The Impact

These flaws could result in privilege escalation and denial of service (DoS) attacks.

The Fix

A libarchive security update fixes these bugs. Update now to prevent attacks and compromise.

Your Related Advisories:

golang

The Discovery

Several vulnerabilities have been discovered in the Go programming language, including an overflow in Rat.SetString in math/big (CVE-2022-23772), Curve.IsOnCurve in crypto/elliptic incorrectly returns true in situations with a big.Int value that is not a valid field element (CVE-2022-23806), and regexp.Compile allows stack exhaustion via a deeply nested expression (CVE-2022-24921).
Golang

The Impact

These flaws could result in Uncontrolled Memory Consumption and stack exhaustion.

The Fix

A golang security update mitigates these issues. We recommend updating as soon as possible to protect the security, integrity and availability of your systems.

Your Related Advisories:

libslirp

The Discovery

Three invalid pointer initialization vulnerabilities have been found in the libslirp user-mode networking library (CVE-2021-3592, CVE-2021-3594 and CVE-2021-3595).

The Impact

These flaws could result in information disclosure.

The Fix

An important update for libslirp solves these issues. Update promptly to protect your sensitive information.

What Are You Looking For?

Linux Advisory Watch: May 13, 2022

Brittany Day

libarchive

The Discovery

The Impact

The Fix

Your Related Advisories:

golang

The Discovery

The Impact

The Fix

Your Related Advisories:

libslirp

The Discovery

The Impact

The Fix

Your Related Advisories:

LinuxSecurity Poll

Do you use passkeys or passwords?

News

Advisories

HOWTOs

Features

Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!

Unlocking the Future of Authentication: Passkeys vs. Passwords

Empowering MSPs with Straightforward Linux Device Management

A Complete Guide to Torrenting Safely in 2024

Cloud Security Basics for Small Businesses

About Us

Powered By

What Are You Looking For?

Linux Advisory Watch: May 13, 2022

Brittany Day

libarchive

The Discovery

The Impact

The Fix

Your Related Advisories:

golang

The Discovery

The Impact

The Fix

Your Related Advisories:

libslirp

The Discovery

The Impact

The Fix

Your Related Advisories:

Get the Latest News & Insights

LinuxSecurity Poll

Do you use passkeys or passwords?

News

Advisories

HOWTOs

Features

Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!

Unlocking the Future of Authentication: Passkeys vs. Passwords

Empowering MSPs with Straightforward Linux Device Management

A Complete Guide to Torrenting Safely in 2024

Cloud Security Basics for Small Businesses

About Us

Powered By