Happy Friday fellow Linux geeks! This week, important updates have been issued for Apache HTTP Server, Firefox and Libntlm. Read on to learn about these vulnerabilities and how to secure your system against them.
Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
Apache HTTP ServerThe DiscoveryIt was discovered that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient (CVE-2021-42013), enabling an attacker to use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. The ImpactThis zero-day vulnerability could lead to remote code execution (RCE The FixA fix has been included in Apache HTTP Server version 2.4.50, which was made available on October 4th. We strongly recommend upgrading your software builds as soon as possible to prevent attacks. Your Related Advisories:Register to Customize Your Advisories |
FirefoxThe DiscoveryMultiple security issues were found in Firefox (CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501). It was discovered that Firefox could be made to crash or run programs as your login if it opened a malicious website. The ImpactIf a user were tricked into opening a specially crafted website, an attacker could potentially exploit these flaws to cause a denial of service (DoS), spoof another origin, or execute arbitrary code. The FixUpdated Firefox packages fix these issues. We urge you to upgrade your firefox-esr packages promptly to protect against these dangerous vulnerabilities. Your Related Advisories:Register to Customize Your Advisories |
LibntlmThe Discovery
It was discovered that the Libntlm NTLM authentication library incorrectly handled specially crafted NTLM requests (CVE-2019-17455). The ImpactAn attacker could exploit this flaw to cause Libntlm to crash or to execute arbitrary code. The FixLibntlm has released a fix for this vulnerability. We recommend updating your system now to protect the security, integrity and availability of your system. In general, a standard system update will make all the necessary changes. Your Related Advisories:Register to Customize Your Advisories |
) if CGI scripts are also enabled for these aliased paths. Additionally, this flaw could leak the source of interpreted files such as CGI scripts.
