Hello Linux users, 

A new type of attack called GhostRace that could expose sensitive information on impacted systems has been discovered. This attack affects systems running all versions of Xen and exploits speculative race conditions (SRCs) to leak critical information from a system's memory.

Read on to learn how to mitigate this threat to your sensitive data. You’ll also get updates on other recently identified and fixed issues in your open-source programs and applications that could steal your data or run rogue programs on your computer.

If you gained valuable information from reading today’s newsletter, please share it with a fellow security geek. Do you have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from enthusiastic, insightful community members who share our passion for Linux and security!

Stay safe out there,

Brittany Signature 150 Esm W150

Xen

The Discovery 

Researchers have identified a new type of attack called GhostRace (CVE-2024-2193) that affects systems running all versions of Xen. This attack exploits speculative race conditions (SRCs) to leak sensitive information from a system's memory. In the GhostRace attack, speculative execution is combined with race conditions to bypass synchronization primitives implemented in operating systems, enabling the leakage of critical information.

Xen Esm W400

The Impact

An attacker could exploit this issue to infer the contents of arbitrary host memory, including memory assigned to other guests. This could expose sensitive information.

The Fix

Patches have been released to mitigate this dangerous bug. Given the GhostRace flaw’s threat to affected systems, if left unpatched, we urge all impacted users to apply the updates released by Xen immediately. Doing so will help protect sensitive information against exposure and compromise.

Your Related Advisories:

[distro_list_1]

Chromium

The Discovery 

More severe security issues have been found in Chromium before version 122.0.6261.128. These remotely exploitable vulnerabilities could lead to arbitrary code execution, denial of service, or data corruption.

Chromium Esm W225

The Impact

Exploiting these bugs could result in service disruption and data compromise.

The Fix

A critical Chromium security update, version 122.0.6261.128, has been released to fix these vulnerabilities. Given the severe threat these flaws pose to affected systems if left unpatched, we urge all impacted users to update to Chromium version 122.0.6261.128 now to safeguard sensitive information and protect system availability.

Your Related Advisories:

[distro_list_2]

X.Org

The Discovery 

After recent heap overflow, out-of-bounds write, and privilege escalation flaws brought X.Org into the spotlight, more severe memory safety and code execution vulnerabilities have been identified in the popular X server. These issues affect the X.Org X11 server.

Xorg Esm W251

The Impact

The impact of these flaws could be severe, potentially resulting in service disruption, information disclosure, arbitrary code execution, unauthorized access to your Linux environment, or complete system compromise.

The Fix

An essential X.Org update that fixes these issues has been released. We urge all impacted users to update to the latest version of X.Org as soon as possible. Patching will protect your systems against attacks leading to downtime and compromise.

Your Related Advisories:

[distro_list_3]