Happy Friday fellow Linux geeks! This week, important updates have been issued for nss, vim and mailman. Read on to learn about these vulnerabilities and how to secure your system against them.
Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
nssThe DiscoveryIt was discovered that nss, the Mozilla Network Security Service library, is prone to a heap overflow flaw when verifying DSA or RSA-PPS signatures (CVE-2021-43527). The ImpactThis critical vulnerability could result in denial of service (DoS) or the execution of arbitrary code. The FixA nss security update has been released that fixes this dangerous bug. We recommend that you upgrade your nss packages as soon as possible to protect the security and availability of your systems. Your Related Advisories:Register to Customize Your Advisories |
vimThe DiscoveryMultiple heap-based buffer overflows, stack-based buffer overflows and a use after free have been discovered in the vim text editor program (CVE-2021-3872, CVE-2021-3875, CVE-2021-3903, CVE-2021-3927, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973 and CVE-2021-3974). The ImpactThese flaws could result in buffer overflow attacks and the compromise of the vim program. The FixA vim security update that mitigates these issues has been released. We encourage you to update your vim packages promptly to protect the security and integrity of your systems. Your Related Advisories:Register to Customize Your Advisories |
mailmanThe DiscoveryThree important flaws in the mailman mailing list manager have been identified. They include two CSRF token bypass vulnerabilities (CVE-2021-42097 and CVE-2021-44227) and missing CSRF protection in the user options page (CVE-2016-6893). The ImpactExploitation of these bugs could result in CSRF attacks, account takeover and admin takeover. The FixA mailman security update that fixes these issues has been released. Update immediately to prevent attacks and compromise. Your Related Advisories:Register to Customize Your Advisories |