Linux Advisory Watch: September 10, 2021

Thank you for reading the LinuxSecurity Linux Advisory Watch newsletter! 

Today’s newsletter is sponsored by AlmaLinux, the forever-free enterprise Linux distribution, focused on long-term stability, and providing a robust production-grade platform.

This week, important updates have been issued for QEMU, java-11-openjdk and python39.

We recommend that you visit our Advisories page frequently to see the latest security advisories that have been issued by your Linux distro(s). We also now offer the ability to personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select. 

On behalf of the LinuxSecurity.com administrative team, I would like to extend a warm welcome to our site!

Yours in Open Source,

QEMU The Discovery  Several security vulnerabilities have been found in QEMU, a fast processor emulator. These bugs include an out-of-bounds write flaw in the UAS (USB Attached SCSI) device emulation of QEMU (CVE-2021-3 713), a vulnerability in the USB redirector device emulation of QEMU that occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full (CVE-2021-3682), a flaw in the USB redirector device (usb-redir) of QEMU (CVE-2021-3527) and invalid pointer initialization issues in the SLiRP networking implementation of QEMU (CVE-2021-3594, CVE-2021-3592 and CVE-2021-3595). The Impact These vulnerabilities could be exploited by a malicious actor to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host, perform an excessive allocation on the stack, resulting in denial of service (DoS) conditions, or gain access to host memory. The Fix QEMU has released an update fixing these serious issues. We recommend that you upgrade your QEMU packages as soon as possible to protect the confidentiality of your sensitive data and prevent attacks. Your Related Advisories: Register to Customize Your Advisories

java-11-openjdk The Discovery  Three important vulnerabilities have been discovered in java-11-openjdk. They include a JAR file handling problem containing multiple MANIFEST.MF files (CVE-2021-2369), a flaw inside the Hotspot component that performs range check elimination (CVE-2021-2388) and a vulnerability in the FtpClient (CVE-2021-2341). The Impact These flaws can be exploited to gain unauthorized read access to a subset of Java SE and perform an unauthorized update, insert or delete access to some of Java SE, and compromise sensitive data. The Fix An update for java-11-openjdk that fixes these issues has been released. Update immediately to protect your data and keep your system secure. Your Related Advisories: Register to Customize Your Advisories

python39 The Discovery Improper input validation of octal string IP addresses was discovered in python39 (CVE-2021-29921). The Impact This issue could allow an attacker to bypass access control that is based on IP addresses. The Fix An important update for python39 that mitigates this problem with two fixes is now available. Update promptly to protect the integrity of your data and the availability of your system. Your Related Advisories: Register to Customize Your Advisories