Happy Friday fellow Linux geeks! This week, important updates have been issued for Firefox, GnuTLS and libphp-adodb. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150 Esm W150

Firefox

The Discovery 

Many critical security vulnerabilities have been discovered in Mozilla Firefox including an expat Integer overflow in storeRawNames() (CVE-2022-25315). It was also found that malformed 2- and 3-byte UTF-8 sequences and namespace-separator characters in "xmlns[:prefix]" attribute values in expat can lead to arbitrary code execution (CVE-2022-25235 and (CVE-2022-25236).

Firefox Esm W220

The Impact

Exploitation of these flaws could result in arbitrary code execution, spoofing attacks and sandbox bypass.

The Fix

A  Firefox security and bug fix update mitigates these serious issues. Update now!

Your Related Advisories:

[distro_list_1]

GnuTLS

The Discovery 

A null pointer dereference in MD_UPDATE has been found in the GnuTLS free software implementation of the TLS, SSL and DTLS protocols (CVE-2021-4209).
GnuTLS Esm W235

The Impact

This vulnerability can be exploited by an attacker to maliciously crash a process to cause a denial of service (DoS) attack.

The Fix

A GnuTLS security update fixes this dangerous bug. Update promptly to protect the security, integrity and availability of your systems.

Your Related Advisories:

[distro_list_2]

libphp-adodb

The Discovery

It was discovered that libphp-adodb, a PHP database abstraction layer library, allows for the injection of values into a PostgreSQL connection string (CVE-2021-3850).

The ImpactPHP Esm W400

Depending on how the library is used, this flaw can result in authentication bypass, reveal a server IP address or have other unspecified impact.

The Fix

A security update is available for libphp-adodb that mitigates this issue. We recommend updating as soon as possible to protect your security and privacy.

Your Related Advisories:

[distro_list_3]