Happy Friday fellow Linux geeks! This week, important updates have been issued for python-numpy, Ark and OpenLDAP. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150 Esm W150

python-numpy

The Discovery 

Three important security vulnerabilities have been discovered in python-numpy, including buffer overflows in PyArray_NewFromDescr_int function of ctors.c and array_from_pyobj function of fortranobject.c (CVE-2021-33430 and CVE-2021-41496).

Python Esm W225

The Impact

These bugs could result in denial of service (DoS) attacks.

The Fix

An update for python-numpy fixes these issues. We recommend that you update now to protect the security and availability of your systems.

Your Related Advisories:

[distro_list_1]

Ark

The Discovery 

It was found that the Ark archive manager did not sanitize extraction paths (CVE-2020-16116 and CVE-2020-24654).


Ark Esm W225

The Impact

This could result in maliciously crafted archives with symlinks writing outside the extraction directory.

The Fix

An Ark security update mitigates these flaws. We recommend that you upgrade your Ark packages as soon as possible to protect against potential directory traversal attacks leading to compromise.

Your Related Advisories:

[distro_list_2]

OpenLDAP

The Discovery

SQL injection in back-sql has been discovered in openldap2 (CVE-2022-29155).

The ImpactOpenLDAP Esm W180

This flaw could result in SQL injection attacks.

The Fix

An important update for openldap2 fixes this bug. Update promptly to protect the security and integrity of your systems.

Your Related Advisories:

[distro_list_3]