Happy Friday fellow Linux geeks! This week, important updates have been issued for PHP, OpenJDK and Bind. Read on to learn about these vulnerabilities and how to secure your system against them.
Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
PHPThe DiscoveryIt was discovered that PHP-FPM in PHP could be made to run a program as an administrator if it received specially crafted input (CVE-2021-21703). The ImpactAn attacker could exploit this out-of-bounds read and write flaw to execute arbitrary code or cause a crash. The FixWe recommend that you upgrade your php7.0 packages immediately to protect the security, integrity and availability of your system. In general, a standard system update will make all the necessary changes. Your Related Advisories:Register to Customize Your Advisories |
OpenJDKThe DiscoveryMultiple important security bugs have been found in the OpenJDK Java runtime environment and software development kit. The ImpactThese issues result in a loop in HTTP Server triggered during TLS session close (CVE-2021-35565), excessive memory allocation (CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35586), non-constant comparison and unexpected exception raised during TLS handshakes (CVE-2021-35603, CVE-2021-35578) and incorrect principal selection when using Kerberos Constrained Delegation (CVE-2021-35567). The FixThe vulnerabilities have been remedied in OpenJDK 11.0.13. Update now! This update can be installed with the "dnf" update program. Your Related Advisories:Register to Customize Your Advisories |
BindThe DiscoveryIt was discovered that the lame server cache in BIND, a DNS server implementation, can be abused by an attacker to significantly degrade resolver performance (CVE-2021-25219). The ImpactExploitation of this flaw can result in Denial of Service (large delays for responses for client queries and DNS timeouts on client hosts). The FixBind has released a fix for this vulnerability. In general, a standard system update will make all the necessary changes. Your Related Advisories:Register to Customize Your Advisories |