Happy Friday fellow Linux geeks! This week, important updates have been issued for ghostscript, php7-pear and HAProxy. Read on to learn about these vulnerabilities and how to secure your system against them.
Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
ghostscriptThe DiscoveryA trivial sandbox (enabled with the -dSAFER option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command (CVE-2021-3781). The ImpactThis vulnerability enables a remote attacker to execute arbitrary commands through crafted documents, bypassing the interpreter's sandbox. The FixUpgrade to ghostscript 9.54.0-3 immediately to protect against arbitrary command execution. # pacman -Syu "ghostscript>=9.54.0-3" Your Related Advisories:Register to Customize Your Advisories |
php7-pearThe Discovery
An important Archive_Tar vulnerability due to inadequate checking of symbolic links (CVE-2020-36193) has been discovered in php7-pear. The ImpactThis flaw could result in directory traversal attacks leading to the compromise of sensitive information. The FixUpdates have been released mitigating this flaw. Users impacted by this bug should implement the updates released by their distro(s) immediately to safeguard sensitive information and prevent attacks. Your Related Advisories:Register to Customize Your Advisories |
HAProxyThe Discovery
A critical security vulnerability (CVE-2021-40346) has been found in HAProxy, a popular open-source load balancer and proxy server. The Integer Overflow flaw, which involves HAProxy incorrectly handling HTTP header name length encoding, has a severity rating of 8.6 on the CVSS scoring system. The ImpactA remote attacker could exploit this bug to inject a duplicate content-length header and perform request smuggling or response splitting attacks, resulting in unauthorized access to sensitive data and execution of arbitrary commands. The FixHAProxy has released an upgrade mitigating this flaw by adding size checks for name and value lengths. We strongly encourage you to upgrade your HAProxy packages as soon as possible to protect sensitive information and prevent attacks. Users who cannot upgrade HAProxy to version 2.0.25, 2.2.17, 2.3.14 or 2.4.4.are recommended to add the following snippet to the proxy's configuration: http-request deny if { req.hdr_cnt(content-length) gt 1 } http-response deny if { res.hdr_cnt(content-length) gt 1 } Your Related Advisories:Register to Customize Your Advisories |
