Hello Linux users, 

Four severe and actively exploited zero-day flaws have recently been identified in Chromium, the open-source web browser project that is the foundation of Google Chrome. These vulnerabilities could lead to data breaches and system disruption and “are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise”, according to CISA.

Read on to learn how to secure your systems against these impactful bugs. You’ll also get updates on other issues affecting your open-source programs and applications that threaten your sensitive data and system security.

If you gained valuable information from reading today’s newsletter, please share it with a fellow security geek. Do you have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from enthusiastic, insightful community members who share our love for Linux and security!

Stay safe out there,

Brittany Signature 150 Esm W150

Chromium

The Discovery 

Four severe and actively exploited zero-day flaws have recently been identified in Chromium, the open-source web browser project that is the foundation of Google Chrome. According to CISA, "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise."

Chromium Esm W225

The Impact

These bugs could result in system disruption and data breaches.

The Fix

Critical Chromium security patch updates have been released to fix these vulnerabilities. We urge all impacted users to update now to protect their sensitive data and system availability.

Your Related Advisories:

[distro_list_1]

Thunderbird

The Discovery 

Have you updated to mitigate recent denial of service and information disclosure vulnerabilities in Thunderbird? These bugs include the potential exploitation of users accessing maliciously crafted websites and memory management issues in Thunderbird's handling of HTTP/2 CONTINUATION frames.

Thunderbird Esm W226

The Impact

These flaws could allow attackers to steal sensitive information or disrupt services.

The Fix

Thunderbird security updates have been released to fix these vulnerabilities. We strongly encourage all impacted users to update immediately to protect their sensitive data and system availability.

Your Related Advisories:

[distro_list_2]

apache2

The Discovery 

Multiple remotely and easily exploitable vulnerabilities were recently identified in the widely used apache2 server. These bugs involve the mishandling of inputs and the potential to inject malicious code. Another bug affects apache2's HTTP/2 module and could lead to denial-of-service attacks by overwhelming the server with endless data streams. A mod_macro module's memory management flaw allows remote attackers to crash the server, resulting in a denial-of-service attack.

Apache2 Esm W400

The Impact

These flaws could disrupt the server and inject malicious code, leading to data theft and service disruption.

The Fix

Distros continue to release security advisory updates for apache2 to mitigate these bugs. We urge all impacted users to update promptly to safeguard their sensitive data and protect the availability of their apache2 servers.

Your Related Advisories:

[distro_list_3]