Happy Friday fellow Linux geeks! This week, important updates have been issued for apache-log4j2, the Linux kernel and Samba. Another dangerous attack vector has been discovered in apache-log4j2 that requires an additional update. Read on to learn about these vulnerabilities and how to secure your system against them.
Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
apache-log4j2The DiscoveryIt was found that the fix to address CVE-2021-44228 in Apache Log4j, a Logging Framework for Java, was incomplete in certain non-default configurations. The ImpactThis issue could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. The FixAn update for apache-log4j2 has been released that fixes this problem. We recommend that you upgrade your apache-log4j2 packages immediately to secure your systems against this dangerous bug. Your Related Advisories:Register to Customize Your Advisories |
Linux KernelThe DiscoverySeveral vulnerabilities have been discovered in the Linux kernel including a flaw in the driver for Atheros IEEE 802.11n family of chipsets (CVE-2020-3702), a use-after-free in the DCCP protocol implementation in the Linux kernel (CVE-2020-16119), a race condition in the local sockets (AF_UNIX) subsystem (CVE-2021-0920) and a flaw in the joystick input subsystem (CVE-2021-3612). The ImpactExploitation of these bugs could result in privilege escalation, denial of service (DoS), or information leaks. The FixUpdates have been released mitigating these issues. We recommend that you upgrade your Linux packages as soon as possible to protect your data and the security, integrity and availability of your systems. Your Related Advisories:Register to Customize Your Advisories |
SambaThe DiscoveryTwo important vulnerabilities have been found in Samba. It was discovered that an Active Directory (AD) domain user could become root on domain members (CVE-2020-25717), and that SMB1 client connections can be downgraded to plaintext authentication (CVE-2016-2124). The ImpactThese flaws could be exploited to carry out privilege escalation attacks. The FixSamba has released an update that fixes these issues. Update now! Your Related Advisories:Register to Customize Your Advisories |