Linux Advisory Watch: October 22, 2021 | LinuxSecurity.com

Advisories

Linux Advisory Watch: October 22, 2021

Happy Friday fellow Linux geeks! This week, important updates have been issued for squashfs-tools, ruby2.3 and Chromium. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Day Signature

squashfs-tools

The Discovery 

It has been discovered that unsquashfs in squashfs-tools, the tools to create and extract Squashfs filesystems, does not check for duplicate filenames within a directory (CVE-2021-41072).

The Impact
ghostscript

An attacker could exploit this flaw for writing to arbitrary files to the filesystem if a malformed Squashfs image is processed.

The Fix

Squashfs-tools has released a fix for this bug. We strongly recommend that you upgrade your squashfs-tools packages as soon as possible to protect your filesystem.

Your Related Advisories:

Register to Customize Your Advisories

ruby2.3

The Discovery 

Multiple vulnerabilities (CVE-2021-31799, CVE-2021-31810 and CVE-2021-32066) have been found in ruby2.3, an interpreter of object-oriented scripting language Ruby.
firefox

The Impact

These issues could result in the execution of arbitrary code, the extraction of information about services that are otherwise private and not disclosed and man-in-the-middle attacks bypassing the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command.

The Fix

Ruby2.3 has released mitigations for these flaws. We urge you to upgrade your ruby2.3 packages promptly to protect sensitive information and prevent attacks. 

Your Related Advisories:

Register to Customize Your Advisories

Chromium

The Discovery

It was discovered that debugging check functions turned on upstream in Chromium 94 were failing and causing the program to crash, along with a pile of other notable security vulnerabilities (CVE-2021-37974, CVE-2021-37975, CVE-2021-37976, CVE-20libsndfile21-37977, CVE-2021-37978, CVE-2021-37979 and CVE-2021-37980).

The Impact

These issues could cause Chromium to crash, result in a use after free in Safe Browsing, V8 and Garbage Collection, leak sensitive information, and enable malicious actors to carry out heap buffer overflow attacks. 

The Fix

Update to Chromium 94.0.4606.81 immediately to protect the security and availability of your system. This update can be installed at the Command Line with the "dnf" update program.

Your Related Advisories:

Register to Customize Your Advisories

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.