We’re very excited to announce that securing your systems by staying up-to-date on the latest advisories issued by your distro(s) just got easier and far more convenient with the creation of the @LS_advisories Twitter handle! LinuxSecurity Live Advisory Updates is a page that provides live updates on critical Linux security advisories issued by 15 popular Linux distros. Be sure to give it a follow to stay protected against vulnerabilities leading to crashes, malware attacks, the exposure of sensitive information, and other serious security threats.
Distros are still releasing important updates addressing several security vulnerabilities recently discovered in Thunderbird which could result in denial of service (DoS) attacks leading to potentially exploitable crashes, the execution of arbitrary code, or spoofing attacks. Find out if you are impacted, and how to secure your systems against these dangerous bugs.
Continue reading to learn about other significant issues that have been reported and fixed including an actively exploited use after free vulnerability in the Linux kernel, and how to secure your systems against them.
Yours in Open Source,
X.OrgThe DiscoveryA high-impact use-after-free vulnerability has been found in the X.Org X11 X server (CVE-2023-1393). The ImpactThis bug could lead to privilege escalation on systems where the X server is running privileged and remote code execution for SSH X forwarding sessions. The FixA X.Org server security update that fixes this flaw has been released. With a high confidentiality, integrity and availability impact, we strongly recommend that all impacted users apply the X.Org server updates issues by their distro(s) immediately to protect against attacks leading to downtime and compromise. Your Related Advisories:Register to Customize Your Advisories |
Linux KernelThe DiscoveryMultiple high-severity security vulnerabilities were discovered in the Linux kernel. An integer overflow vulnerability was found in the Linux kernel through 6.1.5 (CVE-2023-23559), and it was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs (CVE-2022-2196). The Cybersecurity and Infrastructure Security Agency (CISA) also warns that a use after free vulnerability exists in the ALSA PCM package in the Linux Kernel (CVE-2023-0266), which has been added to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The ImpactThese flaws could result in memory exhaustion, system crashes, denial of service (DoS), the exposure of sensitive information, cross-site scripting (XSS) attacks, privilege escalation attacks, or the execution of arbitrary code. The FixUpdates for the kernel that address these dangerous bugs have been released. We urge all impacted users to apply the Linux kernel updates issued by their distro(s) now to protect the confidentiality, integrity and availability of their systems and their sensitive data. Your Related Advisories:Register to Customize Your Advisories |
ThunderbirdThe DiscoveryDistros are still releasing important security updates addressing several vulnerabilities recently identified in Thunderbird, including a high-impact bug involving the incorrect code generation during JIT compilation (CVE-2023-25751), and high-severity memory safety vulnerabilities present in Thunderbird 102.8 (CVE-2023-28176). The ImpactThese bugs could result in potentially exploitable crashes due to denial of service (DoS) attacks, the execution of arbitrary code, or spoofing attacks. The FixThese issues have been remedied in the latest stable version of Thunderbird, Thunderbird 102.9.0. We urge all impacted users to update to Thunderbird 102.9.0 now if they have not already to protect against exploits leading to downtime, spoofing attacks and other threats to the confidentiality, integrity and availability of their critical systems. Your Related Advisories:Register to Customize Your Advisories |