Happy Friday fellow Linux geeks! This week, important updates have been issued for Thunderbird, open-vm-tools and WebKitGTK. Read on to learn about these vulnerabilities and how to secure your system against them. 

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Interested in learning about how to manage encrypted Linux devices across the entire organization? Join Garry McCracken CISSP, VP of Technology & CISO, WinMagic and Dave Wreski, Linux security expert and CEO of Guardian Digital for a webinar on Enterprise Linux Encryption Management for Businesses Wednesday October 12th at 2 PM EST. Get Your Spot Now!

Yours in Open Source,

Brittany Signature 150 Esm W150

Thunderbird

The Discovery 

Multiple security issues were discovered in Thunderbird (CVE-2022-38472, CVE-2022-38473 and CVE-2022-38478).

Thunderbird Esm W226

The Impact

These vulnerabilities could result in denial of service (DoS) or the execution of arbitrary code.

The Fix

A Thunderbird security update that fixes these bugs has been released. We recommend that you update now to protect the security, integrity and availability of your systems.

Your Related Advisories:

[distro_list_1]

open-vm-tools

The Discovery 

An important security vulnerability was found in ​​open-vm-tools (CVE-2022-31676).


LinuxKernel Esm W206

The Impact

This issue could allow unprivileged users inside a virtual machine to escalate privileges.

The Fix

An update for open-vm-tools mitigates this dangerous flaw. We recommend that you update as soon as possible to protect against attacks and compromise.

Your Related Advisories:

[distro_list_2]

WebKitGTK

The Discovery

It was discovered that maliciously crafted web content may lead to arbitrary code execution (CVE-2022-32893).

The Impact

Exploitation of this high-priority bug could result in the execution of arbitrary code.

Webkitgtk Esm W225

The Fix

An update is available for WebKitGTK that fixes this issue, along with several crashes and rendering issues (CVE-2022-32793). We recommend that you update immediately to protect against potential security issues.

Your Related Advisories:

[distro_list_3]