Linux Advisory Watch: November 12, 2021 | LinuxSecurity.com

Advisories

Linux Advisory Watch: November 12, 2021

Happy Friday fellow Linux geeks! This week, important updates have been issued for Python, Rust, and Thunderbird. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Day Signature

Python

The Discovery 

Multiple vulnerabilities have been found in src:python3.5, the Python interpreter v3.5. They include a ReDoS issue on the client side of regex (CVE-2021-3733) and a vulnerability that causes the HTTP client to get stuck infinitely reading len(line) < 64k lines after receiving a '100 Continue' HTTP response (CVE-2021-3737).ghostscript

The Impact

These flaws could lead to denial of service (DoS) and the HTTP client being a bandwidth sink for anyone in control of a server. 

The Fix

Python has released fixes mitigating these issues. We recommend that you upgrade your python3.5 packages as soon as possible to protect the security and availability of your system.

Your Related Advisories:

Register to Customize Your Advisories

Rust

The Discovery 

A trojan source attack that obfuscates code with BiDi control characters has been discovered in the Rust programming language (CVE-2021-42574).
firefox

The Impact

This vulnerability poses a serious threat to system security and integrity.

The Fix

Rust 1.56.1 adds mitigation for this flaw. The compiler will now error on such characters in code comments and string/char literals. This update can be installed with the "dnf" update program. Update now!

Your Related Advisories:

Register to Customize Your Advisories

Thunderbird

The Discovery

Multiple important vulnerabilities have been discovered in the Thunderbird email client. They include an issue where iframe sandbox rules do not apply to XSLT stylesheets (CVE-2021-38503), a use-after-free in file picker dialog (CVE-2021-38504) and a flaw that allows Firefox to go into fullscreen mode without notification or warning (CVE-2021-38506), among other dangerous bugs.
libsndfile

The Impact

This set of vulnerabilities could lead to data corruption and spoofing attacks.

The Fix

An update that fixes these issues has been released. We recommend upgrading to Thunderbird 91.3.0 immediately.

Your Related Advisories:

Register to Customize Your Advisories

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.