Happy Friday fellow Linux geeks! This week, important updates have been issued for ISC DHCP, Thunderbird and the Linux kernel. Read on to learn about these vulnerabilities and how to secure your system against them. 

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Check out the new Remote Access Plus solution from ManageEngine to help admins secure their servers against vulnerabilities like these by automating security patches.

Yours in Open Source,

Brittany Signature 150

 

ISC DHCP

The Discovery 

Several vulnerabilities have been discovered in the ISC DHCP client, relay and server. It was found that the DHCP server does not correctly perform option reference counting when configured with "allow leasequery;" (CVE-2022-2928), and that the DHCP server is prone to a memory leak flaw when handling contents of option 81 (fqdn) data received in a DHCP packet (CVE-2022-2929).

Linuxsec

The Impact

A remote attacker could exploit these flaws to cause a denial of service (daemon crash), or to cause DHCP servers to consume resources, resulting in denial of service (DoS).

The Fix

A isc-dhcp security update that fixes these dangerous bugs is now available. We recommend that you upgrade your isc-dhcp packages promptly to protect against attacks and compromise.

Your Related Advisories:

Register to Customize Your Advisories

Thunderbird

The Discovery 

Several security issues were found in the Thunderbird open-source mail and newsgroup client (CVE-2022-2505, CVE-2022-3032, CVE-2022-3033, CVE-2022-3034, CVE-2022-36059, CVE-2022-36318, CVE-2022-36319, CVE-2022-38472, CVE-2022-38473, CVE-2022-38476, CVE-2022-38477 and CVE-2022-38478).
Thunderbird

The Impact

If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these flaws to cause a denial of service (DoS), spoof the mouse pointer position, obtain sensitive information, spoof the contents of the addressbar, bypass security restrictions, or execute arbitrary code.

The Fix

These vulnerabilities have now been addressed with an update for Mozilla Thunderbird. We recommend that you update now to protect the security, integrity and availability of your systems and the confidentiality of your sensitive information.

Your Related Advisories:

Register to Customize Your Advisories

Linux Kernel

The Discovery

Multiple security issues were discovered in the Linux kernel (CVE-2021-33655, CVE-2022-1012, CVE-2022-1729, CVE-2022-2503, CVE-2022-32296 and CVE-2022-36946).

The Impact

Exploitation of these bugs could lead to denial of service (system crash), the execution of arbitrary code, or the exposure of sensitive information.

LinuxKernel

The Fix

An update for the Linux kernel that mitigates these flaws has been released. We recommend that you update as soon as possible to protect against potential security incidents and disruptive downtime.

Your Related Advisories:

Register to Customize Your Advisories