Linux Advisory Watch: May 13, 2022

Advisories

Linux Advisory Watch: May 13, 2022

Happy Friday fellow Linux geeks! This week, important updates have been issued for libarchive, golang and libslirp. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150

libarchive

The Discovery 

Three issues have been found in the libarchive multi-format archive and compression library. It was discovered that ​​symbolic links are incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive (CVE-2021-31566), extracting a symlink with ACLs modifies ACLs of the target (CVE-2021-23177), and an incorrect mbrtowc or mbtowc call results in an out-of-bounds read (CVE-2019-19221).

Libarchive

The Impact

These flaws could result in privilege escalation and denial of service (DoS) attacks.

The Fix

A libarchive security update fixes these bugs. Update now to prevent attacks and compromise.

Your Related Advisories:

Register to Customize Your Advisories

golang

The Discovery 

​​Several vulnerabilities have been discovered in the Go programming language, including an overflow in Rat.SetString in math/big (CVE-2022-23772), Curve.IsOnCurve in crypto/elliptic incorrectly returns true in situations with a big.Int value that is not a valid field element (CVE-2022-23806), and regexp.Compile allows stack exhaustion via a deeply nested expression (CVE-2022-24921).
Golang

The Impact

These flaws could result in Uncontrolled Memory Consumption and stack exhaustion.

The Fix

A golang security update mitigates these issues. We recommend updating as soon as possible to protect the security, integrity and availability of your systems.

Your Related Advisories:

Register to Customize Your Advisories

libslirp

The Discovery

Three invalid pointer initialization vulnerabilities have been found in the libslirp user-mode networking library (CVE-2021-3592, CVE-2021-3594 and CVE-2021-3595).

The ImpactLibslirp

These flaws could result in information disclosure.

The Fix

An important update for libslirp solves these issues. Update promptly to protect your sensitive information.

Your Related Advisories:

Register to Customize Your Advisories

 

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.