Critical Security Updates: Linux Advisories for DoS and More

Today we have awesome news for the security-conscious Linux sysadmin: securing your systems by staying up-to-date on the latest advisories issued by your distro(s) just got easier and far more convenient with the creation of the @LS_advisories Twitter handle! LinuxSecurity Live Advisory Updates is a page that provides live updates on critical Linux security advisories issued by 15 popular Linux distros.
This week, distros continue to release important updates addressing several security vulnerabilities recently discovered in Thunderbird which could result in denial of service (DoS) attacks leading to potentially exploitable crashes, the execution of arbitrary code, or spoofing attacks. Learn if you are impacted, and how to secure your systems against these dangerous bugs.
Continue reading to learn about other significant issues that have been reported and fixed, and how to secure your systems against them.
Yours in Open Source,

ThunderbirdThe DiscoveryDistros continue to release important updates addressing several security vulnerabilities recently discovered in Thunderbird, including a high-impact bug involving the incorrect code generation during JIT compilation (CVE-2023-25751), and high-severity memory safety vulnerabilities present in Thunderbird 102.8 (CVE-2023-28176). |
ChromiumThe DiscoverySeveral remotely exploitable use after free and out of bounds read vulnerabilities have been found in Chromium. These issues have received a Chromium security severity rating of High because of the significant threat that they pose to the confidentiality, integrity and availability of impacted systems.
The ImpactThese flaws could result in the execution of arbitrary code, denial of service (DoS), or information disclosure. The FixA Chromium security update that addresses these bugs has been released. We urge all impacted users to apply the Chromium security updates released by their distro(s) as soon as possible to prevent potential downtime and data compromise. Your Related Advisories:[distro_list_2] |
XenThe DiscoveryMultiple vulnerabilities have been discovered in the Xen hypervisor. One of these issues (CVE-2022-42331) involves the original Spectre/Meltdown security work on Xen including one entrypath that performs its speculation-safety actions too late, resulting in unprotected RET instruction, which can be exploited with a variety of speculative attacks. |



