Linux Advisory: Libarchive, Golang, And Libslirp Security Issues
May 13, 2022
•
Brittany Day
1 - 2 min read
Happy Friday fellow Linux geeks! This week, important updates have been issued for libarchive, golang and libslirp. Read on to learn about these vulnerabilities and how to secure your system against them.
Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
libarchiveThe DiscoveryThree issues have been found in the libarchive multi-format archive and compression library. It was discovered that symbolic links are incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive (CVE-2021-31566), extracting a symlink with ACLs modifies ACLs of the target (CVE-2021-23177), and an incorrect mbrtowc or mbtowc call results in an out-of-bounds read (CVE-2019-19221). |
golangThe DiscoverySeveral vulnerabilities have been discovered in the Go programming language, including an overflow in Rat.SetString in math/big (CVE-2022-23772), Curve.IsOnCurve in crypto/elliptic incorrectly returns true in situations with a big.Int value that is not a valid field element (CVE-2022-23806), and regexp.Compile allows stack exhaustion via a deeply nested expression (CVE-2022-24921). The ImpactThese flaws could result in Uncontrolled Memory Consumption and stack exhaustion. The FixA golang security update mitigates these issues. We recommend updating as soon as possible to protect the security, integrity and availability of your systems. Your Related Advisories:[distro_list_2] |
libslirpThe DiscoveryThree invalid pointer initialization vulnerabilities have been found in the libslirp user-mode networking library (CVE-2021-3592, CVE-2021-3594 and CVE-2021-3595).
The Impact
|
PREVIOUS
NEXT
