Happy Friday fellow Linux geeks! This week, important updates have been issued for QEMU, Firefox and zlib. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150 Esm W150

QEMU

The Discovery 

Several security issues were discovered in the QEMU fast processor emulator (CVE-2021-3593, CVE-2021-3748, CVE-2021-3930 and CVE-2021-20196).

Qemu Esm W275

The Impact

These vulnerabilities could result in denial of service (DoS), information disclosure or the execution of arbitrary code.

The Fix

We recommend that you upgrade your QEMU packages as soon as possible to protect your sensitive information and the security, integrity and availability of your systems.

Your Related Advisories:

[distro_list_1]

Firefox

The Discovery 

Multiple security issues have been found in the Mozilla Firefox web browser (CVE-2022-1097, CVE-2022-1196, CVE-2022-24713 and CVE-2022-28281).
Firefox Esm W220

The Impact

These vulnerabilities could potentially result in the execution of arbitrary code, information disclosure or spoofing.

The Fix

A Firefox security update fixes these issues. We recommend upgrading promptly to secure your systems and prevent attacks.

Your Related Advisories:

[distro_list_2]

zlib

The Discovery

A remotely exploitable out-of-bounds access flaw (CVE-2018-25032) was found in zlib before 1.2.12, which allows memory corruption when deflating if the input has many distant matches. For some rare inputs with a large number of distant matches, the buffer into which the compressed or deflated data is written can overwrite the distance symbol table which it overlays.

The ImpactZlib Esm W400

This issue results in corrupted output due to invalid distances, which leads to out-of-bound access, corrupting the memory and crashing the application or potentially resulting in the execution of arbitrary code.

The Fix

This problem has been fixed upstream in zlib version 1.2.12. We recommend that you upgrade to 1:1.2.12-1 as soon as possible to protect the security, integrity and availability of this application and your systems as a whole. 

Your Related Advisories:

[distro_list_3]