Newsletters: Linux Advisory Watch: October 1, 2021

Advisories

Linux Advisory Watch: October 1, 2021

Happy Friday fellow Linux geeks! This week, important updates have been issued for the Linux Kernel, Ghostscript and Chromium. Read on to learn about these vulnerabilities and how to secure your system against them. 

Are you aware that you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure?

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Day Signature

Today’s newsletter sponsor, AlmaLinux, shows how you can get enterprise Linux for free. 


Linux Kernel

The Discovery 

Several vulnerabilities have been discovered in the Linux kernel including a flaw in the driver for Atheros IEEE 802.11n family of chipsets (ath9k) (CVE-2020-3702), a use-after-free in the DCCP protocol implementation in the Linux kernel (CVE-2020-16119) and two vulnerabilities in the KVM hypervisor implementation for AMD processors in the Linux kernel (CVE-2021-3653 & CVE-2021-3656).
ghostscript

The Impact

These flaws could  lead to a privilege escalation, denial of service (DoS) and information leakage.

The Fix

Fixes have been released mitigating these issues. We strongly recommend that you upgrade your Linux packages immediately to protect the security and availability of your system.

Your Related Advisories:

Register to Customize Your Advisories

Ghostscript 

The Discovery 

firefox

A trivial sandbox (enabled with the -dSAFER option) escape vulnerability was identified in the ghostscript interpreter by injecting a specially crafted pipe command (CVE-2021-3781).

The Impact

This bug can be exploited by a remote attacker to execute arbitrary commands through crafted documents, bypassing the interpreter's sandbox.

The Fix

If you haven’t upgraded to ghostscript 9.54.0-3, we urge you to do so as soon as possible to protect against arbitrary code execution.

# pacman -Syu "ghostscript>=9.54.0-3"

Your Related Advisories:

Register to Customize Your Advisories

Chromium 

The Discovery

libsndfile

Twenty-eight important security vulnerabilities have been discovered in the Chromium web browser, which have now been resolved in Chromium 93.

The Impact

These flaws could result in information leakage, buffer overflow attacks, out of bounds memory access and spoofing attacks, among other security threats.

The Fix

Update to Chromium 93 promptly to ensure that your system remains secure!

Your Related Advisories:

Register to Customize Your Advisories

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.