Happy Friday fellow Linux geeks! This week, important updates have been issued for gdk-pixbuf, connman and zlib. Read on to learn about these vulnerabilities and how to secure your system against them.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Managing encrypted Linux devices across your entire organization? Join us for a discussion with Linux experts on how to make this process easier for your enterprise - next Wednesday at 2pm EST. There are only a few spots left- Save Your Spot Now!
Yours in Open Source,
gdk-pixbufThe DiscoverySeveral vulnerabilities were discovered in the GDK Pixbuf library gdk-pixbuf, including heap-based buffer overflow vulnerabilities when decoding the lzw compressed stream of image data (CVE-2021-44648) and when compositing or clearing frames in GIF files (CVE-2021-46829). |
connmanThe DiscoveryTwo security issues were discovered in connman, an Internet connection manager for embedded devices running Linux. It was found that remote attackers able to send HTTP requests to the gweb component were able to exploit a heap-based buffer overflow in the received_data function to execute code (CVE-2022-32292). A man-in-the-middle attack against a WISPR HTTP query which could be used to trigger a use-after-free in WISPR handling (CVE-2022-32293) was also discovered.
The ImpactThese bugs could result in remote code execution (RCE) attacks, man-in-the-middle attacks, or crashes. The FixA security update is available for connman that fixes these dangerous flaws. We recommend that you update as soon as possible to protect against attacks and compromise. Your Related Advisories:Register to Customize Your Advisories |
zlibThe DiscoveryA heap-based buffer overflow vulnerability was discovered in the inflate operation in zlib (CVE-2022-37434). The ImpactThis issue could result in denial of service (DoS) or the execution of arbitrary code. |
