Happy Friday fellow Linux geeks! This week, important updates have been issued for Python, Rust, and Thunderbird. Read on to learn about these vulnerabilities and how to secure your system against them.
Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
PythonThe DiscoveryMultiple vulnerabilities have been found in src:python3.5, the Python interpreter v3.5. They include a ReDoS issue on the client side of regex (CVE-2021-3733) and a vulnerability that causes the HTTP client to get stuck infinitely reading len(line) < 64k lines after receiving a '100 Continue' HTTP response (CVE-2021-3737). The ImpactThese flaws could lead to denial of service (DoS) and the HTTP client being a bandwidth sink for anyone in control of a server. The FixPython has released fixes mitigating these issues. We recommend that you upgrade your python3.5 packages as soon as possible to protect the security and availability of your system. Your Related Advisories:Register to Customize Your Advisories |
RustThe DiscoveryA trojan source attack that obfuscates code with BiDi control characters has been discovered in the Rust programming language (CVE-2021-42574). The ImpactThis vulnerability poses a serious threat to system security and integrity. The FixRust 1.56.1 adds mitigation for this flaw. The compiler will now error on such characters in code comments and string/char literals. This update can be installed with the "dnf" update program. Update now! Your Related Advisories:Register to Customize Your Advisories |
ThunderbirdThe DiscoveryMultiple important vulnerabilities have been discovered in the Thunderbird email client. They include an issue where iframe sandbox rules do not apply to XSLT stylesheets (CVE-2021-38503), a use-after-free in file picker dialog (CVE-2021-38504) and a flaw that allows Firefox to go into fullscreen mode without notification or warning (CVE-2021-38506), among other dangerous bugs. The ImpactThis set of vulnerabilities could lead to data corruption and spoofing attacks. The FixAn update that fixes these issues has been released. We recommend upgrading to Thunderbird 91.3.0 immediately. Your Related Advisories:Register to Customize Your Advisories |