LFS Security Advisories for LFS 11.2 and the current development books.
LFS-11.2 was released on 2022-09-01
- There are currently no known security vulnerabilities for LFS-11.1.
dbus
11.2 018 dbus (LFS and BLFS) Date: 2022-10-28 Severity: Medium
In dbus-1.14.4, three security vulnerabilities were fixed that could allow for unprivileged attackers to cause denial-of-service conditions (system dbus-daemon crashes, as well as crashes of any programs which use the libdbus library). Update to dbus-1.14.4 or later. 11.2-018
Expat
11.2 030 Expat Date: 2022-11-01 Severity: High
In expat-2.5.0, a security vulnerability was fixed that could allow for arbitrary code execution or denial of service when a system is running low on memory while processing a DTD. Update to expat-2.5.0. 11.2-030
11.2 009 Expat Date: 2022-09-23 Severity: Critical
In expat-2.4.9, a critical security vulnerability was fixed in the doContent function that could allow for arbitrary code execution or denial of service. Update to expat-2.4.9 immediately. 11.2-009
Inetutils
11.2 031 Inetutils (LFS) Date: 2022-11-01 Severity: High
In inetutils-2.4, two security vulnerabilities were fixed that could allow for denial of service or remote code execution. Note that additional bugfixes were implemented as well which fix crashes with the 'ftp' and 'tftp' programs. Update to inetutils-2.4 if you use telnet, telnetd, ftp, or tftp. 11.2-031
Linux Kernel
11.2 070 Linux Kernel (LFS) Date: 2023-01-19 Severity: Critical
In Linux-6.1.6 (and Linux-5.15.89), several security vulnerabilities were fixed in a variety of subsystems, including drivers, core networking, multimedia, /proc filesystem, networking daemons, and the sysctl subsystem. Update to Linux-6.1.6 or Linux-5.15.89 (LTS) immediately. 11.2-070
11.2 049 Linux Kernel (LFS) Date: 2022-12-04 Severity: Medium
In Linux-6.0.11, a security vulnerability was fixed, which affects 12th gen intel processors integrated graphics. It allows an attacker to get unauthorized access to physical memory through the GPU. Update to Linux-6.0.11 or Linux-5.15.81 (LTS). 11.2-049
11.2 047 Linux Kernel (LFS) Date: 2022-11-23 Severity: Medium
In Linux-6.0.8, three security vulnerabilities were fixed including one that allows local unprivileged attackers to cause a kernel panic (and potential arbitary code execution if KASLR is disabled or bypassed) with a malicious USB device. Update to Linux-6.0.8 or Linux-5.15.78 (LTS). 11.2-047
11.2 029 Linux Kernel (LFS) Date: 2022-11-01 Severity: Medium
In Linux-6.0.6, a security vulnerability was fixed that allows local unprivileged attackers to cause a kernel panic when using an ext4 filesystem. Update to Linux-6.0.6 or Linux-5.15.76 (LTS). 11.2-020
11.2 016 Linux Kernel (LFS) Date: 2022-10-28 Severity: Critical
In Linux-6.0.2, several security vulnerabilities were fixed that could allow for denial of service, arbitrary code execution (especially when using WiFi networks), and the ability to read memory from anywhere on the system. Update to Linux-6.0.2 or Linux-5.15.75 (LTS) immediately. 11.2-016
OpenSSL
11.2 032 OpenSSL (LFS) Date: 2022-11-01 Severity: High
In OpenSSL-3.0.7, three security vulnerabilities were fixed which could allow for remote code execution, denial of service, and for NULL encryption. Update to OpenSSL-3.0.7 immediately on ANY system which has OpenSSL-3 installed. 11.2-032
Python3
11.2 060 Python3 (LFS and BLFS) Date: 2022-12-26 Severity: High or Critical
In Python-3.11.1 five vulnerabilities were fixed, with one rated as High. Because updating from an old Python3 series to a new one requires rebuilding all the modules, if you are remaining on Python-3.10 you should update to Python-3.10.9 which includes a Critical fix as well as an additional fix rated as High and already fixed in 3.11.0. Update to 3.11.1 or later, or 3.10.9 or later as appropriate. 11.2-060
11.2 021 Python3 (LFS and BLFS) Date: 2022-10-28 Severity: High
In Python-3.10.8, three security vulnerabilities were fixed that could allow for integer overflows, shell code injection, and unsafe text injection when some modules are used. Update to Python-3.10.8 or later. 11.2-021
11.2 005 Python3 (LFS and BLFS) Date: 2022-09-14 Severity: High
In Python-3.10.7, a security vulnerability was fixed that could allow for a denial of service (application crash) due to algorithmic complexity. Update to Python-3.10.7 or later. 11.2-005
systemd
11.2 061 systemd (LFS and BLFS) Date: 2022-12-28 Severity: High
In systemd-241 and higher, a security vulnerability was discovered that could allow for a local information leak and privilege escalation due to systemd-coredump not respecting a kernel option. Rebuild systemd with the patch. 11.2-061
zlib
11.2 036 zlib (LFS) Date: 2022-11-09 Severity: Critical
In zlib-1.2.13, a security vulnerability was fixed that could allow for trivial arbitrary code execution due to a buffer-overflow when calling inflateGetHeader. Update to zlib-1.2.13 immediately and take note of the special instructions for stripping. 11.2-036