Attention Linux Security Enthusiasts! Guess what? Distros continue to release updates addressing multiple important vulnerabilities discovered in Chromium, and they're not something to ignore! These stealthy bugs, including use-after-free and type confusion issues, could let remote attackers exploit heap corruption. And with low attack complexity and high impact on confidentiality, integrity, and availability, they've earned a "High" severity rating from the National Vulnerability Database. Don't wait - update your systems now to stay safe and secure!

But wait, there's more! We uncover other significant discoveries and fixes, including  several important OpenJDK denial of service (DoS) and information disclosure vulnerabilities, and a DoS bug in c-ares that could lead to downtime due to loss of access to impacted systems if unaddressed. Keep reading to learn more about these issues and how to protect against them. 

Yours in Open Source,

Brittany Signature 150 Esm W150

OpenJDK

The Discovery 

Several important denial of service (DoS) and information disclosure vulnerabilities have been discovered in the OpenJDK Java runtime. These bugs require no privileges or user interaction to exploit, and have been classified by the National Vulnerability Database as having a high confidentiality, integrity and availability impact on affected systems.

Openjdk Esm W225

The Impact

These issues could result in the compromise of sensitive information, loss of access to impacted systems, or bypass of sandbox restrictions.

The Fix

An OpenJDK security update has been released that mitigates these flaws. We strongly recommend that all impacted users apply the OpenJDK updates issued by their distro(s) now to protect against attacks threatening the confidentiality, integrity and availability of their systems and their sensitive data.

Your Related Advisories:

[distro_list_1]

Chromium

The Discovery 

Distros continue to release advisories for several important vulnerabilities that have been found in Chromium, including multiple use-after-free and type confusion bugs. With a low attack complexity and a high confidentiality, integrity and availability impact, these issues have received a National Vulnerability Database severity rating of “High”.

Chromium Esm W225

The Impact

These bugs could allow a remote attacker to potentially exploit heap corruption via a crafted PDF file or a crafted HTML page.

The Fix

A critical update for Chromium that fixes these flaws has been released. We urge all impacted users to apply the Chromium updates issued by their distro(s) immediately to protect the confidentiality, integrity and availability of their systems.

Your Related Advisories:

[distro_list_2]

c-ares

The Discovery 

A significant denial of services (DoS) vulnerability has been discovered in c-ares. With low attack complexity, no privileges or user interaction required to exploit, and a high availability impact, this flaw should not be left unaddressed.

C Ares Esm W400

The Impact

This issue could lead to downtime due to loss of access to impacted systems. 

The Fix

An important c-ares update that mitigates this bug has been released. We strongly recommend all impacted users to apply the c-ares updates issued by their distro(s) as soon as possible to prevent loss of access to their critical systems.

Your Related Advisories:

[distro_list_3]