Attention Linux Security Enthusiasts! Guess what? Several remotely exploitable security issues were found in the Bind Internet Domain Name Server, and they're not something to ignore! These bugs could let remote attackers consume memory or to cause Bind to crash, resulting in a denial of service (DoS). And with low attack complexity and high impact on availability, they've earned a "High" severity rating from the National Vulnerability Database. Don't wait - update your systems now to stay safe and secure!

But wait, there's more! We uncover other significant discoveries and fixes, including four critical use after free and type confusion flaws found in Chromium, and DoS and remote code execution bugs in the VLC multimedia player and streamer that could lead to downtime and potential system compromise. Keep reading to learn more about these issues and how to protect against them.  

Yours in Open Source,

Brittany Signature 150 Esm W150

Bind

The Discovery 

Several remotely exploitable security issues were found in the Bind Internet Domain Name Server. It was discovered that Bind incorrectly handled the cache size limit (CVE-2023-2828) and the recursive-clients quota (CVE-2023-2911). With a low attack complexity and a high availability impact, these bugs have received a National Vulnerability Database severity rating of “High”.

Bind Esm W294

The Impact

A remote attacker could possibly use these issues to consume memory or to cause Bind to crash, resulting in a denial of service (DoS).

The Fix

An important Bind security update that fixes these DoS bugs has been released. We strongly recommend that all impacted users apply the Bind updates issued by their distro(s) now to prevent downtime due to an attack.

Your Related Advisories:

[distro_list_1]

VLC

The Discovery 

Multiple remotely exploitable denial of service (DoS) and code execution vulnerabilities have been found in the VLC multimedia player and streamer. These bugs have been classified as “high-severity” by the National Vulnerability Database due to their high confidentiality, integrity and availability impact.

Vlc Esm W211

The Impact

These flaws could result in crashes leading to denial of service and the execution of arbitrary code. 

The Fix

Important updates for VLC that mitigate these issues have been released. We urge all impacted users to apply the VLC updates issued by their distro(s) immediately to prevent attacks leading to downtime and compromise.

Your Related Advisories:

[distro_list_2]

Chromium

The Discovery 

Four critical security vulnerabilities have been discovered in Chromium, including use after free bugs in Autofill payments, WebRTC and WebXR, and a type confusion flaw in V8.

Chromium Esm W225

The Impact

These issues could allow a remote attacker to exploit heap corruption via a crafted HTML page. 

The Fix

An important update for Chromium that fixes these severe vulnerabilities is now available. We strongly encourage all impacted users to apply the Chromium updates issued by their distro(s) as soon as possible to protect the confidentiality, integrity and availability of their systems.

Your Related Advisories:

[distro_list_3]