Happy Friday fellow Linux geeks! This week, important updates have been issued for OpenJDK, gzip and OpenSSL. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150 Esm W150

OpenJDK

The Discovery 

Multiple security bugs have been discovered in the OpenJDK Java runtime (CVE-2022-21426, CVE-2022-21434, CVE-2022-21443 and CVE-2022-21476).

Openjdk Esm W225

The Impact

These vulnerabilities could result in denial of service (DoS) or information disclosure.

The Fix

An OpenJDK security update mitigates these issues. Update now to protect your sensitive information and the security and availability of your systems.

Your Related Advisories:

[distro_list_1]

gzip

The Discovery 

An important arbitrary-file-write vulnerability (CVE-2022-1271) has been found in the gzip file compression and decompression application.
Gzip Esm W225

The Impact

This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

The Fix

A gzip security update fixes this bug. We recommend updating as soon as possible to project the confidentiality, integrity and availability of your files and your system.

Your Related Advisories:

[distro_list_2]

OpenSSL

The Discovery

It was discovered that The c_rehash script does not properly sanitize shell metacharacters to prevent command injection (CVE-2022-1292).

The ImpactOpenssl Esm W240

This flaw could result in an attacker being able to execute arbitrary commands with the privileges of the script.

The Fix

An OpenSSL security update mitigates this issue. We recommend that you upgrade your OpenSSL packages promptly to protect against attacks and compromise.

Your Related Advisories:

[distro_list_3]