Happy Friday fellow Linux geeks! This week, important updates have been issued for OpenSSL, LibreOffice and Firefox. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150 Esm W150

OpenSSL

The Discovery 

It was discovered that the BN_mod_sqrt() function of OpenSSL could be tricked into an infinite loop (CVE-2019-1551 and CVE-2022-0778).

Openssl Esm W240

The Impact

This could result in denial of service (DoS) via malformed certificates.

The Fix

An OpenSSL security update fixes this issue, along with an overflow bug in the x64_64 Montgomery squaring procedure. Update now to protect the security, integrity and availability of your systems.

Your Related Advisories:

[distro_list_1]

LibreOffice

The Discovery 

An incorrect validation of digitally signed documents was discovered in the LibreOffice free and open-source office suite (CVE-2021-25636).
Libreoffice Esm W300

The Impact

This flaw could allow an attacker to create a digitally signed ODF document which, when opened, would cause LibreOffice to verify using the "KeyValue", but to report verification with the unrelated "X509Data" value.

The Fix

An update for LibreOffice that mitigates this vulnerability is now available. Update as soon as possible to prevent attacks and protect your sensitive information.

Your Related Advisories:

[distro_list_2]

Firefox

The Discovery

Multiple security issues have been discovered in the open-source Firefox web browser (CVE-2022-0843, CVE-2022-26381, CVE-2022-26382, CVE-2022-26383, CVE-2022-26384, CVE-2022-26385 and CVE-2022-26387). It was found that Firefox could be made to crash or run programs as your login if it opened a malicious website.

The ImpactFirefox Esm W220

If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these bugs to cause a denial of service (DoS), spoof the browser UI, bypass security restrictions, obtain sensitive information, or execute arbitrary code.

The Fix

A Firefox update fixes these vulnerabilities. We recommend updating as soon as possible to prevent attacks and protect your systems.

Your Related Advisories:

[distro_list_3]