Two critical flaws were also recently found and fixed in the ClamAV open-source antivirus engine that could lead to remote code execution (RCE) and remote information leakage on susceptible devices. Learn if you are a risk, and how to protect yourself now!
Important Python and WebKitGTK updates have also been released to address remotely exploitable bugs that could lead to arbitrary code execution, denial of service (DoS), and cross-site scripting (XSS) attacks. It is crucial that all impacted users update immediately to protect against downtime and compromise.
Our own Dave Wreski also evaluated Vali Cyber's ZeroLock, the latest ransomware protection developed specifically for Linux servers, and how it can be used to keep your critical systems and sensitive data protected from the dramatic increase in attacks against Linux we've seen over the last year.
Continue reading to learn about other significant issues that have been fixed, and how to secure your systems against them.
Yours in Open Source,
ClamAVThe DiscoveryTwo critical flaws were recently found in the ClamAV open-source antivirus engine, including a vulnerability in the HFS+ file parser (CVE-2023-20032) and a vulnerability in the DMG file parser (CVE-2023-20052). |
PythonThe DiscoverySeveral high-severity security issues were found in Python involving the incorrect handling of certain inputs (CVE-2015-20107, CVE-2021-28861, CVE-2022-37454, CVE-2022-42919, CVE-2022-45061 and CVE-2023-24329).
The ImpactThese vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial of service (DoS). The FixAn update for Python that fixes these issues is now available. We strongly recommend that you update immediately to protect against these bugs, which have a high confidentiality, integrity and availability impact on affected systems. Your Related Advisories:Register to Customize Your Advisories |
WebKitGTKThe DiscoveryAn important type confusion vulnerability was discovered in the WebKitGTK Web and JavaScript engines (CVE-2023-23529). |
