Attention, fellow Linux admins,

Today, I’m alerting you of multiple security vulnerabilities recently discovered in the X.Org server before 21.1.11 and Xwayland display implementations before 23.2.4. ​​The potential consequences of ignoring these flaws could be severe, ranging from unauthorized access to your Linux environment to system compromise. The article I link to here contains the technical details you may want to know about these bugs.

Read on to learn how to mitigate these vulnerabilities and find out about other impactful issues recently found and fixed in your open-source programs and applications. 

Are your friends and fellow admins aware of these security risks? Share this newsletter with them just to be sure! Do you have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from passionate, insightful community members who share our enthusiasm for Linux and security!

Stay safe out there,

Brittany Signature 150 Esm W150

X.Org

The Discovery 

Multiple security vulnerabilities have been discovered in the X.Org server before 21.1.11 and Xwayland display implementations before 23.2.4. These flaws could result in heap overflows, out-of-bounds writes, and local privilege escalation, enabling attackers to view additional infrastructure to attack, add or delete users, or modify permissions of files or other users.

Xorg Esm W251

The Impact

​​The potential consequences of ignoring these vulnerabilities could be severe, ranging from unauthorized access to your Linux environment to system compromise.

The Fix

An essential X.Org security update has been released to fix these severe bugs. Given these vulnerabilities’ threat to affected systems, if left unpatched, we strongly recommend that all impacted users update to xorg-server v21.1.11 or xwayland v23.2.4 now. Patching will protect against the compromise of your critical Linux systems.

Your Related Advisories:

[distro_list_1]

BlueZ

The Discovery 

Have you updated to mitigate the recent zero-click Bluetooth flaw that enables attackers to secretly pair with devices such as keyboards and inject keystrokes without user interaction or knowledge (CVE-2023-45866)?

Bluez Esm W180

The Impact

The consequences of this vulnerability are far-reaching and significant, given the prevalence of Bluetooth technologies worldwide. This bug exposes a potential attack vector that could compromise a wide range of devices. 

The Fix

Distros continue to release advisories regarding a crucial BlueZ security update that has been released to fix this impactful Bluetooth bug. Given this vulnerability’s threat to affected systems, if left unpatched, we urge all impacted users to update immediately. Doing so will protect against attacks potentially resulting in the compromise of your critical Linux-powered devices.

Your Related Advisories:

[distro_list_2]

Linux Kernel

The Discovery 

Multiple significant security issues have recently been identified in the Linux kernel. These vulnerabilities include a new kernel vulnerability allowing attackers to gain root privileges on affected systems and a critical information disclosure flaw in the Linux kernel up to 5.17. 

LinuxKernel Esm W206

The Impact

These bugs could compromise your sensitive information or result in privilege escalation attacks on your systems, enabling attackers to view additional infrastructure to attack, add or delete users, or modify permissions of files or other users.

The Fix

Important updates for the Linux kernel have been released to fix these issues. Given the above vulnerabilities’ threat to affected systems, if left unpatched, we urge all impacted users to update promptly. Doing so will protect against data theft and system compromise.

Your Related Advisories:

[distro_list_3]