Happy Friday fellow Linux geeks! This week, important updates have been issued for polkit, the Linux kernel and Thunderbird. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150 Esm W150

polkit

The Discovery 

A local privilege escalation vulnerability (CVE-2021-4034) was found by Qualys researchers in polkit's pkexec utility. The current version of pkexec doesn't handle the calling parameters count correctly and ends up trying to execute environment variables as commands.

Pwnkit Esm W299

The Impact

An attacker can exploit this flaw by crafting environment variables in such a way that will induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation, giving unprivileged users administrative rights on the target machine.

The Fix

Updated polkit packages fix this dangerous vulnerability. Update now!

Your Related Advisories:

[distro_list_1]

Linux Kernel

The Discovery 

Several vulnerabilities have been discovered in the Linux kernel (CVE-2021-4155, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713 and CVE-2022-0185).
LinuxKernel Esm W206

The Impact

These issues may lead to privilege escalation attacks, denial of service (DoS), or information leakage.

The Fix

We recommend that you upgrade your Linux packages promptly to protect sensitive information and the security, integrity and availability of your systems.

Your Related Advisories:

[distro_list_2]

Thunderbird

The Discovery

Several security issues have been found in the Thunderbird mail and newsgroup client.

The ImpactThunderbird Esm W226

If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these flaws to cause a denial of service (DoS), obtain sensitive information, trick a user into accepting unwanted permissions, conduct header splitting attacks, conduct spoofing attacks, bypass security restrictions, hijack a session, or execute arbitrary code.

The Fix

Thunderbird has released a security update that fixes these dangerous bugs. Update now!

Your Related Advisories:

[distro_list_3]