Linux Advisory Watch: October 21, 2022

Happy Friday fellow Linux geeks! This week, important updates have been issued for Poppler, Expat and Firefox. Read on to learn about these vulnerabilities and how to secure your system against them. 

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Check out the new Remote Access Plus solution from ManageEngine to help admins secure their servers against vulnerabilities like these by automating security patches.

Yours in Open Source,

Poppler The Discovery  Several security vulnerabilities have been discovered in the Poppler PDF rendering library (CVE-2018-18897, CVE-2018-19058, CVE-2018-20650 and CVE-2019-9903). The Impact These issues could lead to denial of service (DoS) or possibly other unspecified impact when processing maliciously crafted documents. The Fix Poppler has released a security update that fixes these bugs. We recommend that you upgrade your poppler packages now to protect the security, integrity and availability of your systems. Your Related Advisories: Register to Customize Your Advisories

Expat The Discovery  A heap use-after-free vulnerability in function doContent has been found in Expat (CVE-2022-40674). The Impact Exploitation of this bug could result in denial of service (DoS) or arbitrary code execution. The Fix An Expat security update mitigates this flaw. We recommend that you update as soon as possible to secure your systems against attacks and compromise. Your Related Advisories: Register to Customize Your Advisories

Firefox The Discovery Thirty-four important security vulnerabilities have been discovered in Mozilla Firefox. The Impact These bugs could result in spoofing attacks, memory corruption, and potential code execution, among other threats. The Fix A Firefox security update fixes these dangerous flaws. We recommend that you update immediately to protect against potential security issues. Your Related Advisories: Register to Customize Your Advisories