Happy Friday fellow Linux geeks! This week, important updates have been issued for Nginx, Mako and Go. Read on to learn about these vulnerabilities and how to secure your system against them. 

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Check out the new Remote Access Plus solution from ManageEngine to help admins secure their servers against vulnerabilities like these by automating security patches.

Yours in Open Source,

Brittany Signature 150 Esm W150

Nginx

The Discovery 

Parsing errors in the mp4 module of Nginx, a high-performance web and reverse proxy server, were discovered (CVE-2022-41741 and CVE-2022-41742).

Nginx Esm W209

The Impact

These vulnerabilities could result in denial of service (DoS), memory disclosure, or potentially the execution of arbitrary code when processing a malformed mp4 file.

The Fix

A Nginx security update has been released that fixes these bugs. We recommend that you upgrade your Nginx packages now to protect the security, integrity and availability of your systems.

Your Related Advisories:

[distro_list_1]

Mako

The Discovery 

It was discovered that Mako, a fast and lightweight template for the Python platform, incorrectly handled certain regular expressions (CVE-2022-40023).


Mako Esm W400

The Impact

An attacker could possibly use this issue to cause a denial of service (DoS).

The Fix

This bug has now been fixed. We recommend that you update promptly to protect against attacks and prevent disruptive downtime.

Your Related Advisories:

[distro_list_2]

Go

The Discovery

It was discovered that Go incorrectly handled certain inputs (CVE-2020-16845).

The Impact

An attacker could possibly use this issue to cause Go applications to hang or crash, resulting in a denial of service (DoS).

Go Esm W400

The Fix

An update is now available that mitigates this flaw. We recommend that you update as soon as possible to protect against exploits and compromise.

Your Related Advisories:

[distro_list_3]