Happy Friday fellow Linux geeks! This week, Chromium announced multiple important security issues that threaten the confidentiality of your sensitive information and the availability of your systems. We encourage Chromium users to update immediately. An important security vulnerability in PostgreSQL that could allow a remote attacker to inject arbitrary SQL queries when a connection is first established has also been fixed this week.

Read on to learn about how you can update your systems to obtain these fixes for your distribution.

Have you customized your LinuxSecurity advisories based on the distro(s) you use? If not, we encourage you to do so now!

Yours in Open Source,

Brittany Signature 150 Esm W150

Chromium

The Discovery 

Multiple important security issues were discovered in Chromium.

Chromium Esm W225

The Impact

These vulnerabilities could result in the execution of arbitrary code, denial of service (DoS), or information disclosure.

The Fix

A Chromium security update that fixes these bugs has been released. We recommend that you upgrade your Chromium packages now to protect the privacy of your sensitive data and the security, integrity and availability of your systems.

Your Related Advisories:

[distro_list_1]

libxml2

The Discovery 

It was discovered that the libxml2 GNOME XML library incorrectly handled certain XML files (CVE-2022-40303 and CVE-2022-40304).
Libxml2 Esm W225

The Impact

An attacker could possibly use these issues to expose sensitive information, cause a crash, or execute arbitrary code.

The Fix

An update is available for libxml2 that fixes these flaws. We urge you to update promptly to protect against attacks and compromise.

Your Related Advisories:

[distro_list_2]

PostgreSQL

The Discovery

An important security vulnerability has been identified in the PostgreSQL object-relational SQL database. It was discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption (CVE-2021-23222).

The Impact

A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established.

Postgresql Esm W221

The Fix

An update for PostgreSQL that fixes this dangerous bug has been released. We strongly recommend that you update immediately to protect against exploits leading to compromise.

Your Related Advisories:

[distro_list_3]