Linux Advisory Watch: May 20, 2022

Advisories

Linux Advisory Watch: May 20, 2022

Happy Friday fellow Linux geeks! This week, important updates have been issued for OpenJDK, Thunderbird and libwmf. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150

OpenJDK

The Discovery 

Several vulnerabilities have been discovered in the OpenJDK Java runtime (CVE-2022-21496, CVE-2022-21476, CVE-2022-21449, CVE-2022-21443, CVE-2022-21434 and CVE-2022-21426).

Openjdk

The Impact

These issues may result in information disclosure or denial of service (DoS).

The Fix

An OpenJDK security update fixes these flaws. ​​We recommend that you upgrade your openjdk-11 packages as soon as possible to protect sensitive information and prevent attacks.

Your Related Advisories:

Register to Customize Your Advisories

Thunderbird

The Discovery 

Multiple security issues have been found in Mozilla Thunderbird, including incorrect security status shown after viewing an attached email (CVE-2022-1520), leaking browser history with CSS variables (CVE-2022-29916), iframe sandbox bypass (CVE-2022-29911), and memory safety bugs in Thunderbird 91.9 (CVE-2022-29917). 
Thunderbird

The Impact

These vulnerabilities could result in the probing of browser history, sandbox bypass, memory corruption and the execution of arbitrary code.

The Fix

Updated Thunderbird packages mitigate these flaws. Update now to protect the security and integrity of your systems.

Your Related Advisories:

Register to Customize Your Advisories

libwmf

The Discovery

Two important security bugs have been discovered in libwmf (CVE-2016-9011 and CVE-2019-6978).

The ImpactLinuxKernel

These issues could allow remote attackers to cause a denial of service (application crash) via a crafted wmf file, which triggers a memory allocation failure.

The Fix

An update for libwmf that mitigates these flaws is now available. Update immediately to protect against attacks and compromise.

Your Related Advisories:

Register to Customize Your Advisories

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.