Happy Friday fellow Linux geeks! This week, important updates have been issued for NTFS-3G, Chromium, and pcre2. Read on to learn about these vulnerabilities and how to secure your system against them.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
NTFS-3GThe DiscoverySeveral security issues were discovered in the NTFS-3G read/write NTFS driver for FUSE. It was discovered that NTFS-3G incorrectly handled certain return codes (CVE-2022-30783), certain NTFS disk images (CVE-2022-30784, CVE-2022-30786, CVE-2022-30788 and CVE-2022-30789), and certain file handles (CVE-2022-30785 and CVE-2022-30787). The ImpactThese vulnerabilities could result in the interception of protocol traffic between FUSE and the kernel, denial of service (DoS) attacks, the execution of arbitrary code, or an attacker reading and writing arbitrary memory. The FixAn update for NTFS-3G fixes these bugs. We recommend that you update now to protect the security, integrity and availability of your systems. Your Related Advisories:Register to Customize Your Advisories |
ChromiumThe DiscoverySix important security vulnerabilities have been found in Chromium (CVE-2022-2477, CVE-2022-2478, CVE-2022-2479, CVE-2022-2480, CVE-2022-2481 and CVE-2022-2163). The ImpactThese bugs could allow a remote attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page UI interaction, or obtain sensitive information from internal file directories via a crafted HTML page. The FixAn update for Chromium fixes these issues. We recommend that you update promptly to protect against potential exploits. Your Related Advisories:Register to Customize Your Advisories |
pcre2The DiscoveryTwo important vulnerabilities have been discovered in the pcre2 library: an out-of-bounds read in JIT mode when \X is used in non-UTF mode (CVE-2019-20454), and an out-of-bounds read due to a bug in recursions (CVE-2022-1587). The ImpactThese issues could result in the compromise of sensitive information or denial of service (DoS) attacks. The FixAn update for pcre2 mitigates these flaws. We recommend that you update as soon as possible to protect against attacks and compromise. Your Related Advisories:Register to Customize Your Advisories
|