Happy Friday fellow Linux geeks! This week, important updates have been issued for OpenJDK, the Linux kernel and u-boot. Read on to learn about these vulnerabilities and how to secure your system against them. 

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150 Esm W150

OpenJDK

The Discovery 

Several vulnerabilities have been discovered in the OpenJDK Java runtime (CVE-2022-21540, CVE-2022-21541, CVE-2022-21549 and CVE-2022-34169).

Openjdk Esm W225

The Impact

These issues may result in the execution of arbitrary Java bytecode or the bypass of the Java sandbox.

The Fix

An OpenJDK security update fixes these bugs. We recommend that you update now to protect against attacks and compromise.

Your Related Advisories:

[distro_list_1]

Linux Kernel

The Discovery 

Several important security issues have been found in the Linux kernel.


LinuxKernel Esm W206

The Impact

These vulnerabilities could result in privilege escalation attacks, denial of service (system crash), the execution of arbitrary code, or information leakage.

The Fix

A Linux kernel security update mitigates these flaws. We recommend that you update promptly to protect the security, integrity and availability of your systems.

Your Related Advisories:

[distro_list_2]

u-boot

The Discovery

Two out-of-bounds write vulnerabilities in the IP defragmentation (CVE-2022-30790 and CVE-2022-34835), and a stack buffer overflow vulnerability in the i2c md command (CVE-2022-34835) have been discovered in the u-boot primary boot loader.

The Impact

These critical bugs could result in buffer overflow attacks.

Uboot Esm W196

The Fix

An update for u-boot fixes these flaws. We recommend that you update as soon as possible to avoid potential security incidents that may result from the exploitation of these vulnerabilities.

Your Related Advisories:

[distro_list_3]