LFS Security Advisories for LFS 11.0 and the current development books.
LFS-11.0 was released on 2021-09-01
Expat
11.0 086 Expat Date: 2022-02-24 Severity: Critical
In expat-2.4.5, five security vulnerabilities have been fixed which can allow for trivial remote code execution and for denial of service. Update to expat-2.4.6 as soom as possible. See 11.0-086
11.0 068 Expat Date: 2022-02-13 Severity: Critical
Two signed integer overflow vulnerabilities, both of which rated as Critical, have been fixed in expat-2.4.4. Update as soon as possible. See 11.0-068
11.0 064 Expat Date: 2022-02-01 Severity: Critical
Several vulnerabilities, three rated as Critical, have been fixed in expat-2.4.3. See 11.0-064
glibc
11.0 069 glibc Date: 2022-02-13 Severity: Critical
In glibc-2.35, four security vulnerabilities were fixed that could lead to remote code execution, denial of service, privilege escalation and information disclosure when running applications that use the SunRPC module or use getcwd() to get the current working directory. Updating glibc with the patch can be tricky, and making a full system backup is advised before attempting to update it. See 11.0-069 for more details.
Linux kernel
11.0 065 Linux Kernel (LFS) Date: 2022-02-01 Severity: High
Some privilege escalation vulnerabilities have been reported in the linux kernel. These can be fixed by upgrading to linux-5.16.4 or later, or equivalent long-term stable releases. 11.0-065
Python 3
11.0 007 Python (LFS and BLFS) Date: 2021-09-22 Severity: Moderate
In Python3 before 3.9.7, three security vulnerabilities exist that could allow for crashes, resource exhaustion, and SMTP command injection. Update to Python-3.9.7 or later. 11.0-007
systemd
11.0 054 systemd Date: 2022-01-13 Severity: High
In systemd-249 (and systemd-250), a security vulnerability was discovered that allows for symlink attacks and infinite recursion (leading to a crash of systemd-tmpfiles). The BLFS Editors have developed patches for 249 and 250. See the advisory for instructions on updating your system. 11.0-054
util-linux
11.0 082 util-linux Date: 2022-02-24 Severity: Moderate
In util-linux-2.37.4, a security vulnerability was fixed that could allow for local unprivileged users to gain access to privileged information or for privilege escalation. Update to util-linux-2.37.4. For additional information, please read the advisory. 11.0-082
11.0 062 util-linux Date: 2021-06-28 Severity: High
Two bugs in libmount since version 2.33 have been discovered. These require the use of fuse and can be used to unmount /tmp. To fix these, please read the advisory. 11.0-062
VIM
11.0 081 VIM (LFS and BLFS) Date: 2022-02-22 Severity: High
Another heap-based buffer overflow, causing a crash when repeatedly using :retab, was fixed in vim-8.2.4359. To fix this update to vim-8.2.4383 or later. 11.0-081
11.0 063 VIM (LFS and BLFS) Date: 2022-02-01 Severity: High
Many security vulnerabilities in vim have been fixed in versions up to vim-8.2.4236. Fifteen of these have been rated as High by the NVD. Unfortunately, the details are minimal. 11.0-063
11.0 015 VIM (LFS and BLFS) Date: 2021-10-18 Severity: High
In vim-8.2.3508, three security vulnerabilities were fixed that could allow for crashes or arbitrary code execution. Updating to VIM-8.2.3508 is suggested if you use UTF-8 encoded files or modify XML files. 11.0-015