Linux Advisory Watch: November 26, 2021

Happy Friday fellow Linux geeks! This week, important updates have been issued for Thunderbird, the axis SOAP implementation in Java and the NTFS-3G read-write NTFS driver for FUSE. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Thunderbird The Discovery  Multiple security issues were discovered in the popular Thunderbird open-source mail and newsgroup client (CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507 and CVE-2021-38509). The Impact If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these vulnerabilities to cause a denial of service (DoS), bypass security restrictions, spoof the UI, confuse the user, conduct phishing attacks, or execute arbitrary code. The Fix These issues have been fixed in Thunderbird. Update your Thunderbird packages now to prevent attacks and protect the integrity and availability of your system. After a standard system update, you will need to restart Thunderbird to make all the necessary changes. Your Related Advisories: Register to Customize Your Advisories

axis The Discovery  An issue has been found in the default servlet/services in axis, a SOAP implementation in Java (CVE-2018-8032). The Impact This vulnerability can result in cross-site scripting (XSS) attacks. The Fix  A security update for axis fixes this flaw. We recommend that you upgrade your axis packages immediately to prevent XSS attacks. Your Related Advisories: Register to Customize Your Advisories

NTFS-3G The Discovery Several vulnerabilities were discovered in NTFS-3G, a read-write NTFS driver for FUSE (CVE-2021-33285, CVE-2021-33286, CVE-2021-33287 and CVE-2021-33289). The Impact A local user can take advantage of these flaws for local root privilege escalation. The Fix A NTFS-3G security update fixes these issues. We recommend that you upgrade your ntfs-3g packages as soon as possible to prevent privilege escalation attacks. Your Related Advisories: Register to Customize Your Advisories