Happy Friday fellow Linux geeks! This week, important updates have been issued for QEMU, apache2 and the Linux kernel. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150

QEMU

The Discovery 

Multiple security issues (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546 and CVE-2021-3638) were discovered in the QEMU fast processor emulator.
Qemu

The Impact

Exploitation of these vulnerabilities could result in denial of service (DoS) or the execution of arbitrary code.

The Fix

QEMU has released mitigations for these flaws. We recommend that you upgrade your QEMU packages immediately to prevent attacks.

Your Related Advisories:

Register to Customize Your Advisories

apache2

The Discovery 

Apache2

Several vulnerabilities were found in the Apache HTTP server. It was discovered that malformed requests may cause the server to dereference a NULL pointer (CVE-2021-34798), ap_escape_quotes() may write beyond the end of a buffer when given malicious input (CVE-2021-39275) and a crafted request uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.

The Impact

These flaws could enable an attacker to send proxied requests to arbitrary servers, corrupt memory in some setups involving third-party modules, and cause the server to crash.

The Fix

Apache has released fixes for these issues. Upgrade your apache2 packages as soon as possible to protect the security, integrity and availability of your system.

Your Related Advisories:

Register to Customize Your Advisories

Linux Kernel 

The Discovery

LinuxKernel

Multiple important Linux kernel security issues have been identified and fixed in the 5.14.9 stable kernel update.

The Impact

Exploitation of these flaws could result in privilege escalation, denial of service (DoS), or information leakage.

The Fix

Update to 5.14.9 promptly to protect sensitive information and prevent attacks. This update also contains additional hardware support and various new features.

Your Related Advisories:

Register to Customize Your Advisories