OpenSSH announced two remote code execution vulnerabilities that rank among the most critical and have the most severe potential impact on your systems we've seen in a long time, with an NVD rating of 9.8 of 10. These exploits can lead to an attacker executing code or gaining complete control over your machine, so don't get caught off guard.

We also have other significant discoveries and fixes for you, including mitigations for the Zenbleed Microcode information disclosure flaw, as well as fixes for several denial of service and code execution vulnerabilities in Vim, which could result in crashes leading to loss of system access, the corruption of sensitive information, or arbitrary code execution. It's essential that you stay up-to-date on these issues to protect your system from any potential harm.

Be sure to check out our Linux security analysis with industry experts to gain critical insights into the past, present, and future of Linux security.

Found this newsletter helpful? Please pay it forward and share it with a fellow security geek! We also welcome feedback on how we could improve our newsletters. If you have any comments or thoughts, please share them with us.

Yours in Open Source,

Brittany Signature 150 Esm W150

OpenSSH

The Discovery 

Two critical remote code execution (RCE) vulnerabilities have been found in OpenSSH (CVE-2023-28531 and CVE-2023-38408). Because these bugs are simple to exploit and pose a severe threat to impacted systems' confidentiality, integrity, and availability, they have received a National Vulnerability Database base score of 9.8 out of 10 (“Critical” severity).

OpenSSH Esm W190

The Impact

These flaws could lead to remote code execution (RCE) attacks, potentially resulting in malware execution or an attacker gaining complete control over a compromised machine.

The Fix

An important OpenSSH update is available that mitigates these dangerous bugs. It is crucial that all impacted users upgrade to the latest version of OpenSSH by applying the updates issued by their distro(s) now to protect against attacks leading to potential system downtime and compromise.

Your Related Advisories:

[distro_list_1]

Microcode

The Discovery 

Distros continue to release updates for CVE-2023-20593, also known as Zenbleed. Due to this severe flaw, under specific microarchitectural circumstances, a register in "Zen 2" CPUs might not be written to 0 correctly, potentially causing data from another process and/or thread to be stored in the YMM register.

2.Motherboard Esm W400

The Impact

This bug threatens the confidentiality and integrity of sensitive data.

The Fix

Updated microcode packages that mitigate this flaw are now available. Because this vulnerability threatens the confidentiality of sensitive information, it is critical that all impacted users apply the updates issued by their distro(s) immediately to protect against data compromise.

Your Related Advisories:

[distro_list_2]

Vim

The Discovery 

Several denial of service (DoS) and code execution vulnerabilities have been discovered in the Vim enhanced vi editor.

Vim Esm W224

The Impact

These bugs could result in crashes leading to loss of system access, the corruption of sensitive information, or arbitrary code execution.

The Fix

An important update for Vim that fixes these issues is now available. Because these vulnerabilities pose a significant threat to the confidentiality, integrity, and availability of your systems and critical data, it is essential that all impacted users apply the updates issued by their distro(s) as soon as possible to protect against loss of system access and potential security threats.

Your Related Advisories:

[distro_list_3]