Happy Friday fellow Linux geeks! This week, Firefox announced serious vulnerabilities that affect your privacy when browsing online have been fixed. We encourage everyone to update their browsers immediately. Multiple high-severity remote code execution vulnerabilities that affect PostgreSQL 10.x versions have also been fixed this week.
Read on to learn about how you can update your systems to obtain these fixes for your distribution.
Yours in Open Source,
python-djangoThe DiscoverySeveral security vulnerabilities have been found in python-django. It was discovered that Storage.save allowed directory traversal if crafted filenames were passed directly to it (CVE-2021-45452), the {% debug %} template tag did not properly encode the current context (CVE-2022-22818), and the HTTP MultiPartParser had a issue whereby certain inputs to multipart forms could result in an infinite loop when parsing uploaded files (CVE-2022-23833). |
FirefoxThe DiscoveryMultiple security issues have been discovered in the Mozilla Firefox web browser (CVE-2022-45403, CVE-2022-45404, CVE-2022-45405 and CVE-2022-45406).
The ImpactThese bugs could potentially result in the execution of arbitrary code, information disclosure, or spoofing. The FixA security update for Firefox has been released that mitigates these flaws. We recommend that you upgrade your firefox-esr packages as soon as possible to protect the security and integrity of your systems and the privacy of your sensitive information. Your Related Advisories:Register to Customize Your Advisories |
PostgreSQLThe DiscoveryMultiple high-severity vulnerabilities have been discovered in PostgreSQL (CVE-2021-3677, CVE-2021-23214, CVE-2021-23222, CVE-2021-32027, CVE-2021-32028, CVE-2022-1552 and CVE-2022-2625). The ImpactThese bugs could result in remote code execution. |
