Happy Friday fellow Linux geeks! This week, important updates have been issued for apache-log4j2, the Linux kernel and Samba. Another dangerous attack vector has been discovered in apache-log4j2 that requires an additional update. Read on to learn about these vulnerabilities and how to secure your system against them.
Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
apache-log4j2The DiscoveryIt was found that the fix to address CVE-2021-44228 in Apache Log4j, a Logging Framework for Java, was incomplete in certain non-default configurations.
|
Linux KernelThe DiscoverySeveral vulnerabilities have been discovered in the Linux kernel including a flaw in the driver for Atheros IEEE 802.11n family of chipsets (CVE-2020-3702), a use-after-free in the DCCP protocol implementation in the Linux kernel (CVE-2020-16119), a race condition in the local sockets (AF_UNIX) subsystem (CVE-2021-0920) and a flaw in the joystick input subsystem (CVE-2021-3612). The ImpactExploitation of these bugs could result in privilege escalation, denial of service (DoS), or information leaks. The FixUpdates have been released mitigating these issues. We recommend that you upgrade your Linux packages as soon as possible to protect your data and the security, integrity and availability of your systems. Your Related Advisories:Register to Customize Your Advisories |
SambaThe DiscoveryTwo important vulnerabilities have been found in Samba. It was discovered that an Active Directory (AD) domain user could become root on domain members (CVE-2020-25717), and that SMB1 client connections can be downgraded to plaintext authentication (CVE-2016-2124). The Impact
|
