Happy Friday fellow Linux geeks! This week, important updates have been issued for rsync, the Linux kernel for Amazon Web Services (AWS) and PostgreSQL. Read on to learn about these vulnerabilities and how to secure your system against them. 

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150 Esm W150

rsync

The Discovery 

It was discovered that zlib incorrectly handled memory when performing certain inflate operations (CVE-2022-37434).

Rsync Esm W200

The Impact

An attacker could use this issue to cause rsync to crash, resulting in a denial of service (DoS), or possibly execute arbitrary code.

The Fix

A security update for rsync fixes this vulnerability. We recommend that you update now to protect the security, integrity and availability of your systems.

Your Related Advisories:

[distro_list_1]

Linux Kernel (AWS)

The Discovery 

​​Several security issues were found in the Linux kernel for Amazon Web Services (AWS) systems (CVE-2022-26365, CVE-2022-33740 and CVE-2022-33741).


LinuxKernel Esm W206

The Impact

A local attacker could use these flaws to expose sensitive information or cause a denial of service (DoS).

The Fix

An important update for the Linux Kernel mitigates these bugs. We recommend that you update as soon as possible to secure your sensitive information and protect against attacks and compromise.

Your Related Advisories:

[distro_list_2]

PostgreSQL

The Discovery

It was discovered that PostgreSQL could be made to run programs when creating or updating extensions (CVE-2022-2625).

The Impact

An attacker could possibly use this issue to execute arbitrary code when extensions are created or updated.

Postgresql Esm W221

The Fix

A security update has been released for PostgreSQL that fixes this vulnerability. We recommend that you update promptly to protect against exploits and compromise.

Your Related Advisories:

[distro_list_3]