Linux Advisory Watch: November 26, 2021 | LinuxSecurity.com

Advisories

Linux Advisory Watch: November 26, 2021

Happy Friday fellow Linux geeks! This week, important updates have been issued for Thunderbird, the axis SOAP implementation in Java and the NTFS-3G read-write NTFS driver for FUSE. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Day Signature

Thunderbird

The Discovery 

Multiple security issues were discovered in the popular Thunderbird open-source mail and newsgroup client (CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507 and CVE-2021-38509).


ghostscriptThe Impact

If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these vulnerabilities to cause a denial of service (DoS), bypass security restrictions, spoof the UI, confuse the user, conduct phishing attacks, or execute arbitrary code.

The Fix

These issues have been fixed in Thunderbird. Update your Thunderbird packages now to prevent attacks and protect the integrity and availability of your system. After a standard system update, you will need to restart Thunderbird to make all the necessary changes.

Your Related Advisories:

Register to Customize Your Advisories

axis

The Discovery 

An issue has been found in the default servlet/services in axis, a SOAP implementation in Java (CVE-2018-8032).
firefox

The Impact

This vulnerability can result in cross-site scripting (XSS) attacks.

The Fix

 A security update for axis fixes this flaw. We recommend that you upgrade your axis packages immediately to prevent XSS attacks.

Your Related Advisories:

Register to Customize Your Advisories

NTFS-3G

The Discovery

Several vulnerabilities were discovered in NTFS-3G, a read-write NTFS driver for FUSE (CVE-2021-33285, CVE-2021-33286, CVE-2021-33287 and CVE-2021-33289).

The Impactlibsndfile

A local user can take advantage of these flaws for local root privilege escalation.

The Fix

A NTFS-3G security update fixes these issues. We recommend that you upgrade your ntfs-3g packages as soon as possible to prevent privilege escalation attacks.

Your Related Advisories:

Register to Customize Your Advisories

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.