Happy Friday fellow Linux geeks! This week, important updates have been issued for Thunderbird, PHP and OpenSSL. Read on to learn about these vulnerabilities and how to secure your system against them.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
ThunderbirdThe DiscoveryMultiple security issues have been discovered in Mozilla Thunderbird, including a a use-after-free in nsSHistory (CVE-2022-34470), potential integer overflow in ReplaceElementsAt (CVE-2022-34481), CSP bypass enabling stylesheet injection (CVE-2022-31744) and memory safety bugs in Thunderbird 91.11 and Thunderbird 102 (CVE-2022-34484), among other dangerous vulnerabilities. The ImpactThese flaws could result in denial of service (DoS) or the execution of arbitrary code. The FixA Thunderbird security update fixes these bugs. We recommend that you upgrade your Thunderbird packages now to protect the security, integrity and availability of your systems. Your Related Advisories:Register to Customize Your Advisories |
PHPThe DiscoveryTwo important security vulnerabilities have been found in php7: uninitialized pointers free in the Postgres extension (CVE-2022-31625) and a fixed buffer overflow via a user-supplied password when using the pdo_mysql extension with the mysqlnd driver (CVE-2022-31626). The ImpactThese flaws could be exploited to carry out buffer overflow attacks, remote code execution (RCE), or denial of service (DoS) attacks. The FixAn update for php7 mitigates these issues. We recommend that you update as soon as possible to protect against potential attacks and compromise. Your Related Advisories:Register to Customize Your Advisories |
OpenSSLThe DiscoveryIt was discovered that OpenSSL incorrectly handled AES OCB mode when using the AES-NI assembly optimized implementation on 32-bit x86 platforms (CVE-2022-2097). The ImpactA remote attacker could possibly use this issue to obtain sensitive information. The FixAn OpenSSL security update fixes this bug. We recommend that you update promptly to protect your sensitive information and prevent compromise. Your Related Advisories:Register to Customize Your Advisories
|