Happy Friday fellow Linux geeks! This week, important updates have been issued for libjpeg-turbo, golang and Chromium. Read on to learn about these vulnerabilities and how to secure your system against them. 

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150 Esm W150

libjpeg-turbo

The Discovery 

Several security issues were found in the libjpeg-turbo library for handling JPEG files (CVE-2018-11813, CVE-2018-14498, CVE-2020-14152 and CVE-2020-17541).

Libjpeg Turbo Esm W185

The Impact

These vulnerabilities could result in excessive memory consumption, denial of service (DoS) attacks and stack-based buffer overflow attacks.

The Fix

An update for libjpeg-turbo fixes these dangerous bugs. We recommend that you update now to protect the security, integrity and availability of your systems.

Your Related Advisories:

[distro_list_1]

golang

The Discovery 

​​An important flaw (CVE-2022-30631) was found in golang. Calling the Reader.Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.


Golang Esm W400

The Impact

This vulnerability could result in stack exhaustion.

The Fix

An update for golang mitigates this issue. We recommend that you update as soon as possible to protect against attacks and compromise.

Your Related Advisories:

[distro_list_2]

Chromium

The Discovery

Multiple security issues were found in the Chromium free and open-source web browser.

The Impact

These vulnerabilities could result in the execution of arbitrary code, denial of service (DoS), or information disclosure.

Chromium Esm W225

The Fix

A Chromium security update fixes these bugs. We recommend that you update promptly to protect the security of your systems and your sensitive information.

Your Related Advisories:

[distro_list_3]