Linux Advisory Watch: October 1, 2021

Linux Kernel

The Discovery 

Several vulnerabilities have been discovered in the Linux kernel including a flaw in the driver for Atheros IEEE 802.11n family of chipsets (ath9k) (CVE-2020-3702), a use-after-free in the DCCP protocol implementation in the Linux kernel (CVE-2020-16119) and two vulnerabilities in the KVM hypervisor implementation for AMD processors in the Linux kernel (CVE-2021-3653 & CVE-2021-3656).

The Impact

These flaws could  lead to a privilege escalation, denial of service (DoS) and information leakage.

The Fix

Fixes have been released mitigating these issues. We strongly recommend that you upgrade your Linux packages immediately to protect the security and availability of your system.

Your Related Advisories:

Register to Customize Your Advisories

Ghostscript 

The Discovery 

A trivial sandbox (enabled with the -dSAFER option) escape vulnerability was identified in the ghostscript interpreter by injecting a specially crafted pipe command (CVE-2021-3781).

The Impact

This bug can be exploited by a remote attacker to execute arbitrary commands through crafted documents, bypassing the interpreter's sandbox.

The Fix

If you haven’t upgraded to ghostscript 9.54.0-3, we urge you to do so as soon as possible to protect against arbitrary code execution.

# pacman -Syu "ghostscript>=9.54.0-3"

Your Related Advisories:

Register to Customize Your Advisories

Chromium 

The Discovery

Twenty-eight important security vulnerabilities have been discovered in the Chromium web browser, which have now been resolved in Chromium 93.

The Impact

These flaws could result in information leakage, buffer overflow attacks, out of bounds memory access and spoofing attacks, among other security threats.

The Fix

Update to Chromium 93 promptly to ensure that your system remains secure!

Your Related Advisories:

Register to Customize Your Advisories