Happy Friday fellow Linux geeks! This week, important updates have been issued for OpenJDK, gzip and OpenSSL. Read on to learn about these vulnerabilities and how to secure your system against them.
Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
OpenJDKThe DiscoveryMultiple security bugs have been discovered in the OpenJDK Java runtime (CVE-2022-21426, CVE-2022-21434, CVE-2022-21443 and CVE-2022-21476). The ImpactThese vulnerabilities could result in denial of service (DoS) or information disclosure. The FixAn OpenJDK security update mitigates these issues. Update now to protect your sensitive information and the security and availability of your systems. Your Related Advisories:Register to Customize Your Advisories |
gzipThe DiscoveryAn important arbitrary-file-write vulnerability (CVE-2022-1271) has been found in the gzip file compression and decompression application. The ImpactThis flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. The FixA gzip security update fixes this bug. We recommend updating as soon as possible to project the confidentiality, integrity and availability of your files and your system. Your Related Advisories:Register to Customize Your Advisories |
OpenSSLThe DiscoveryIt was discovered that The c_rehash script does not properly sanitize shell metacharacters to prevent command injection (CVE-2022-1292). The ImpactThis flaw could result in an attacker being able to execute arbitrary commands with the privileges of the script. The FixAn OpenSSL security update mitigates this issue. We recommend that you upgrade your OpenSSL packages promptly to protect against attacks and compromise. Your Related Advisories:Register to Customize Your Advisories |