Hello Linux users, 

Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL. These flaws affect the tool's cross-site scripting and multi-factor authentication features, allowing attackers to compromise your critical systems and steal your sensitive data.

Read on to learn how to secure your systems against these dangerous bugs. You’ll also get updates on other issues impacting your open-source programs and applications that threaten your sensitive information and system security. 

If you gained valuable information from reading today’s newsletter, please share it with a fellow security geek. Do you have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from enthusiastic, insightful community members who share our love for Linux and security!

Stay safe out there,

Brittany Signature 150 Esm W150

PostgreSQL

The Discovery 

Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL. These flaws affect the tool's cross-site scripting and multi-factor authentication features.

Postgresql Esm W221

The Impact

These bugs could enable attackers to compromise your critical systems and steal your sensitive data.

The Fix

An essential PostgreSQL security update has been released to mitigate these issues. We urge all impacted users to patch now to secure their sensitive information and protect their critical Linux systems against attacks leading to compromise.

Your Related Advisories:

Register to Customize Your Advisories

apache2

The Discovery 

Distros continue releasing updates addressing several recently identified vulnerabilities in the widely used Apache HTTP Server. These flaws involve the mishandling of inputs and the potential to inject malicious code. Another bug impacts the Apache HTTP Server's HTTP/2 module and could overwhelm the server with endless data streams, leading to denial of service attacks.

Apache2 Esm W364

The Impact

These remotely exploitable issues could disrupt the server and inject malicious code, leading to service disruption and data compromise.

The Fix

Critical apache2 bug fixes have been released to remedy these issues. We urge all impacted users to update now to protect their sensitive information and the availability of their servers.

Your Related Advisories:

Register to Customize Your Advisories

Chromium

The Discovery 

Have you updated to secure your systems against severe vulnerabilities recently identified in Chromium, the open-source web browser project providing the vast majority of code for Google Chrome? These flaws include a critical Type Confusion vulnerability in the ANGLE graphics layer engine, an out-of-bounds read in the V8 API, and a use-after-free condition in the Dawn implementation of the WebGPU standard.

Chromium Esm W225

The Impact

These bugs could enable remote attackers to execute arbitrary code or perform sandbox escapes, leading to unauthorized access, data theft, corruption, or full system compromise.

The Fix

Critical security patch updates for Chromium have been released to fix these issues. We strongly recommend that all impacted users update promptly to secure their sensitive data and fortify their systems against attacks.

Your Related Advisories:

Register to Customize Your Advisories