Happy Friday fellow Linux geeks! This week, important updates have been issued for OpenJDK, log4j12 and OpenSSH. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150 Esm W150

OpenJDK

The Discovery 

Several important vulnerabilities have been discovered in the OpenJDK Java runtime (CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586 and CVE-2021-35603).

Openjdk Esm W225The Impact 

Exploitation of these flaws may result in denial of service (DoS), incorrect Kerberos ticket use, selection of weak ciphers or information disclosure.

The Fix

OpenJDK has released an update that fixes these bugs. We recommend that you upgrade your openjdk-11 packages as soon as possible.

Your Related Advisories:

[distro_list_1]

log4j12

The Discovery 

It was discovered that the JMSAppender class from log4j must be disabled to protect against the log4jshell vulnerability (CVE-2021-4104).
ApacheLog4J Esm W400

The Impact

This vulnerability allows attackers to execute malicious software by causing Log4j to write a specially-crafted log entry, enabling malicious actors to steal data, deploy ransomware, install back doors, create botnets, mine cryptocurrencies and conduct other illegal activities.

The Fix

An important update for log4j12 mitigates this issue. Update now!

Your Related Advisories:

[distro_list_2]

OpenSSH

The Discovery

A double free has been found in the OpenSSH ssh-agent (CVE-2021-28041).

The ImpactOpenSSH Esm W190

This flaw could result in memory corruption, modification of data, disclosure of sensitive information, or Denial of Service (DoS).

The Fix

OpenSSH has released an important update that fixes this bug. We recommend updating promptly to protect the security, integrity and availability of your systems.

Your Related Advisories:

[distro_list_3]