Vulnerabilities in widely used standards and protocols can have a severe, far-reaching impact. We want to alert you of a critical vulnerability in the OpenDMARC open-source implementation of the DMARC specification that a remote attacker could use to carry out DoS attacks on impacted systems (CVE-2020-12460).

This dangerous flaw has received a National Vulnerability Database base score of 9.8 out of 10. But don't panic just yet! As LinuxSecurity.com Content Editor, I've got your back. Read on to ensure your systems are updated and secure.

We also have other significant discoveries and fixes for you, including mitigations for a critical BusyBox stack overflow bug that could allow an attacker to execute arbitrary code or cause a denial of service and fixes for two remotely exploitable DoS vulnerabilities found in the Poppler PDF rendering library. It's crucial that you stay up-to-date on these issues to protect your system from any potential harm. 

Did you find value in today’s newsletter? If so, please pay it forward and share it with a fellow security geek to help ensure their systems are updated and secure. We also welcome feedback on how we could improve our newsletters. If you have any comments or suggestions, please share them with us. Have a Linux security-related topic you'd like to cover and share with our audience? We welcome contributions from insightful community members who share our passion for Linux security!

Stay safe out there,

Brittany Signature 150

OpenDMARC

The Discovery 

A critical vulnerability was found in the OpenDMARC open-source implementation of the DMARC specification. It was discovered that OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 incorrectly handled certain inputs, resulting in remote memory corruption in certain situations (CVE-2020-12460). This vulnerability has received a National Vulnerability Database base score of 9.8 out of 10 (“Critical” severity).

6.EmailConnection Touch

The Impact

A remote attacker could possibly use this issue to cause a denial of service.

The Fix

Essential OpenDMARC updates have been released to mitigate this severe bug. We urge all impacted users to apply these updates immediately to prevent loss of access to their critical systems.

Your Related Advisories:

Register to Customize Your Advisories

BusyBox

The Discovery 

Distros continue to release updates addressing a critical stack overflow vulnerability recently discovered in ash.c:6030 in BusyBox before 1.35 (CVE-2022-48174). Due to its ease of exploitation and severe threat to the confidentiality, integrity, and availability of affected systems, this bug has received a National Vulnerability Database base score of 9.8 out of 10 (“Critical” severity). It was also discovered that BusyBox incorrectly handled certain malformed gzip archives (CVE-2021-28831).

Busybox

The Impact

These issues could allow a remote attacker to cause BusyBox to crash, resulting in a denial of service, or to execute arbitrary code.

The Fix

Crucial updates for BusyBox have been released to fix these severe issues. We strongly recommend that all impacted users apply these updates as soon as possible to prevent attacks leading to downtime or system compromise.

Your Related Advisories:

Register to Customize Your Advisories

Poppler

The Discovery 

Two remotely exploitable security issues involving incorrect handling of certain malformed PDF files have been identified in the Poppler PDF rendering library (CVE-2020-36023 and CVE-2020-36024). 

Poppler

The Impact

These bugs could lead to crashes, resulting in denial of service (DoS).

The Fix

Significant updates have been released for Poppler that address these issues. We strongly recommend that all impacted users apply these updates now to protect against inconvenient, costly downtime.

Your Related Advisories:

Register to Customize Your Advisories