Happy Friday fellow Linux geeks! This week, important updates have been issued for squashfs-tools, ruby2.3 and Chromium. Read on to learn about these vulnerabilities and how to secure your system against them.
Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
squashfs-toolsThe DiscoveryIt has been discovered that unsquashfs in squashfs-tools, the tools to create and extract Squashfs filesystems, does not check for duplicate filenames within a directory (CVE-2021-41072). The Impact
An attacker could exploit this flaw for writing to arbitrary files to the filesystem if a malformed Squashfs image is processed. The FixSquashfs-tools has released a fix for this bug. We strongly recommend that you upgrade your squashfs-tools packages as soon as possible to protect your filesystem. Your Related Advisories:Register to Customize Your Advisories |
ruby2.3The DiscoveryMultiple vulnerabilities (CVE-2021-31799, CVE-2021-31810 and CVE-2021-32066) have been found in ruby2.3, an interpreter of object-oriented scripting language Ruby. The ImpactThese issues could result in the execution of arbitrary code, the extraction of information about services that are otherwise private and not disclosed and man-in-the-middle attacks bypassing the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command. The FixRuby2.3 has released mitigations for these flaws. We urge you to upgrade your ruby2.3 packages promptly to protect sensitive information and prevent attacks. Your Related Advisories:Register to Customize Your Advisories |
ChromiumThe DiscoveryIt was discovered that debugging check functions turned on upstream in Chromium 94 were failing and causing the program to crash, along with a pile of other notable security vulnerabilities (CVE-2021-37974, CVE-2021-37975, CVE-2021-37976, CVE-20 The ImpactThese issues could cause Chromium to crash, result in a use after free in Safe Browsing, V8 and Garbage Collection, leak sensitive information, and enable malicious actors to carry out heap buffer overflow attacks. The FixUpdate to Chromium 94.0.4606.81 immediately to protect the security and availability of your system. This update can be installed at the Command Line with the "dnf" update program. Your Related Advisories:Register to Customize Your Advisories |
21-37977, CVE-2021-37978, CVE-2021-37979 and CVE-2021-37980).
