This week, important updates have been issued for Ruby, strongSwan and cryptsetup. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150 Esm W150

Ruby

The Discovery 

Several security issues have been found in Ruby. It was discovered that Ruby incorrectly handled certain HTML files (CVE-2021-41816), certain regular expressions (CVE-2021-41817) and certain cookie names (CVE-2021-41819).

Ruby Esm W150

The Impact

Exploitation of these vulnerabilities could result in information disclosure or denial of service (DoS).

The Fix

A Ruby security update that fixes these issues has been released. We recommend that you upgrade your ruby2.7 packages now to protect sensitive information and the availability of your systems.

Your Related Advisories:

[distro_list_1]

strongSwan

The Discovery 

A security bug was discovered in the EAP authentication client code of strongSwan, an IKE/IPsec suite, that may allow an attacker to bypass the client and, in some scenarios, even the server authentication (CVE-2021-45079).
Strongswan Esm W225

The Impact

This flaw could be exploited to carry out a denial-of-service (DoS) attack or allow unintended access to network services.

The Fix

A strongSwan security update that mitigates this vulnerability has been released. We recommend that you upgrade your strongSwan packages as soon as possible to protect the security of your network and the availability of your systems.

Your Related Advisories:

[distro_list_2]

cryptsetup

The Discovery

A vulnerability was discovered in cryptsetup that could allow an attacker to modify on-disk metadata to simulate decryption in progress with crashed (unfinished) reencryption step and persistently decrypt part of the LUKS device (CVE-2021-4122).

The ImpactCryptsetup Esm W400

An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.

The Fix

Updated cryptsetup packages fix this dangerous vulnerability. Update now to protect the privacy of your encrypted information!

Your Related Advisories:

[distro_list_3]