Happy Friday fellow Linux geeks! This week, important updates have been issued for QEMU, apache2 and the Linux kernel. Read on to learn about these vulnerabilities and how to secure your system against them.
Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
QEMUThe DiscoveryMultiple security issues (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546 and CVE-2021-3638) were discovered in the QEMU fast processor emulator. The ImpactExploitation of these vulnerabilities could result in denial of service (DoS) or the execution of arbitrary code. The FixQEMU has released mitigations for these flaws. We recommend that you upgrade your QEMU packages immediately to prevent attacks. Your Related Advisories:Register to Customize Your Advisories |
apache2The DiscoverySeveral vulnerabilities were found in the Apache HTTP server. It was discovered that malformed requests may cause the server to dereference a NULL pointer (CVE-2021-34798), ap_escape_quotes() may write beyond the end of a buffer when given malicious input (CVE-2021-39275) and a crafted request uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user. The ImpactThese flaws could enable an attacker to send proxied requests to arbitrary servers, corrupt memory in some setups involving third-party modules, and cause the server to crash. The FixApache has released fixes for these issues. Upgrade your apache2 packages as soon as possible to protect the security, integrity and availability of your system. Your Related Advisories:Register to Customize Your Advisories |
Linux KernelThe DiscoveryMultiple important Linux kernel security issues have been identified and fixed in the 5.14.9 stable kernel update. The ImpactExploitation of these flaws could result in privilege escalation, denial of service (DoS), or information leakage. The FixUpdate to 5.14.9 promptly to protect sensitive information and prevent attacks. This update also contains additional hardware support and various new features. Your Related Advisories:Register to Customize Your Advisories |