Happy Friday fellow Linux geeks! This week, important updates have been issued for the Linux kernel, libxstream-java and OpenJDK. Read on to learn about these vulnerabilities and how to secure your system against them.
Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
Linux KernelThe DiscoveryMultiple security issues have been discovered in the Linux kernel, including a use-after-free vulnerability in the NFC stack (CVE-2021-3760), a flaw in the SCTP stack where a blind attacker may be able to kill an existing SCTP association through invalid chunks (CVE-2021-3772), a heap buffer overflow in the kernel's AMD Radeon graphics card driver (CVE-2021-42327), a flaw was in the cryptographic receive code in the kernel's implementation of transparent interprocess communication (CVE-2021-43267) and an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (CVE-2021-43389). The ImpactThese vulnerabilities could result in privilege escalation, spoofing attacks, system crash and memory corruption, posing a threat to the confidentiality, integrity and availability of impacted systems. The FixAn update based on upstream 5.10.78 that fixes these issues has been released. Update now! Your Related Advisories:Register to Customize Your Advisories |
libxstream-javaThe DiscoveryMultiple remotely-exploitable security vulnerabilities have been discovered in XStream, a Java library used to serialize objects to XML and back again. The ImpactThese vulnerabilities may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. The FixWe recommend that you upgrade your libxstream-java packages immediately to protect against remote code execution (RCE). Your Related Advisories:Register to Customize Your Advisories |
OpenJDKThe DiscoverySeveral vulnerabilities have been discovered in the OpenJDK Java runtime, including issues with cryptographic hashing, TLS client handshaking, and various other issues (CVE-2021-35550, CVE-2021-35556, CVE-2021-35559 and CVE-2021-35561). The ImpactThese flaws pose a threat to the security and privacy of impacted systems. The FixWe recommend that you upgrade your openjdk-8 packages as soon as possible. Your Related Advisories:Register to Customize Your Advisories |