Happy Friday fellow Linux geeks! This week, important updates have been issued for OpenSSL, SpiderMonkey and the Linux kernel. Read on to learn about these vulnerabilities and how to secure your system against them. 

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150 Esm W150

OpenSSL

The Discovery 

It was discovered that the c_rehash script included in OpenSSL did not sanitize shell meta characters (CVE-2022-2068).

Openssl Esm W240

The Impact

This could result in the execution of arbitrary commands.

The Fix

An OpenSSL security update fixes this issue. We recommend that you update now to protect the security and integrity of your systems.

Your Related Advisories:

[distro_list_1]

SpiderMonkey

The Discovery 

Several remotely exploitable security issues have been identified in the SpiderMonkey JavaScript library. It was found that SpiderMonkey incorrectly generated certain assembly code (CVE-2022-28285 and CVE-2022-31740).


SpiderMonkey Logo Esm W220

The Impact

A remote attacker could possibly use this issue to cause a crash or expose sensitive information.

The Fix

A SpiderMonkey update mitigates these dangerous vulnerabilities. Update as soon as possibly to secure your systems and your sensitive information.

Your Related Advisories:

[distro_list_2]

Linux Kernel

The Discovery

It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free (CVE-2022-28388).

The Impact

This issue could be exploited to cause a denial of service (system crash).

LinuxKernel Esm W206

The Fix

A Linux kernel security update fixes this flaw. Update now to protect against denial of service (DoS) attacks.

Your Related Advisories:

[distro_list_3]