Distros have released fixes for two critical security issues discovered in Git that an attacker could exploit to cause a crash or execute arbitrary code. With a base score of 9.8 out of 10 in the National Vulnerability Database, it's crucial that all users update their systems now. Has your distro released a patch for these vulnerabilities? You can customize your LinuxSecurity advisories based on the distro(s) you use to find out now!

Distros have also released updates for OpenSSL to fix a high-severity type confusion vulnerability, among other issues, and WebKitGTK to mitigate three bugs with a high confidentiality, integrity and availability impact, that could result in arbitrary code execution. Continue reading to learn how to secure your systems against these dangerous issues.

Yours in Open Source,

Brittany Signature 150 Esm W150

OpenSSL

The Discovery 

Several vulnerabilities were discovered in OpenSSL, including a high-severity type confusion vulnerability (CVE-2023-0286).

Openssl Logo Esm W240

The Impact

These issues could allow an attacker to read and disclose private memory contents, enact a denial of service attack, or decrypt application data.

The Fix

An OpenSSL securitry update that fixes these dangerous flaws has been released. We recommend that you update immediatly to protect against potential security issues and disruptive downtime.

Your Related Advisories:

[distro_list_1]

Git

The Discovery 

It was discovered that Git incorrectly handles certain gitattributes (CVE-2022-23521) and certain commands (CVE-2022-41903).

Git Esm W139

The Impact

An attacker could possibly use these critical issues, which both received a base score of 9.8 out of 10 in the National Vulnerability Database, to cause a crash or execute arbitrary code.

The Fix

An important Git security update fixes these flaws. We recommend that you update now to protect against attacks leading to downtime or compromise.

Your Related Advisories:

[distro_list_2]

WebKitGTK

The Discovery 

Three vulnerabilities that could allow for the processing of maliciously crafted web content have been found in the WebKitGTK web engine (CVE-2022-42826, CVE-2023-23517 and CVE-2023-23518).

Webkitgtk Esm W225

The Impact

These bugs, which have received a base score of 8.8 out of 10 in the National Vulnerability Database and have a high confidentiality, integrity and availability impact, could result in arbitrary code execution.

The Fix

A WebKitGTK security update that mitigates these issues has been released. We urge you to update as soon as possible to protect the security, integrity and availability of your systems.

Your Related Advisories:

[distro_list_3]