LFS Security Advisories for LFS 11.1 and the current development books.

LFS-11.1 was released on 2022-03-01

gzip

11.1 028 gzip (LFS) Date: 2022-04-15 Severity: Critical

In gzip-1.12, a critical security vulnerability was fixed that could allow for remote attackers to execute commands on your system (or overwrite existing files) when 'zgrep' is run on a crafted archive. The BLFS team has independently verified that the vulnerability is trivial to exploit. Update to gzip-1.12 as soon as possible. 11.1-028

Linux kernel

11.1 101 Linux Kernel (LFS) Date: 2022-08-24 Severity: High

In Linux-6.0-rc2, there is a fix for a vulnerability which could be exploited to write into read-only memory mappings and cause privilege escalation. As no fixes are backported into stable releases so far, disable CONFIG_USERFAULTFD as a workaround. 11.1-102

11.1 099 Linux Kernel (LFS) Date: 2022-08-23 Severity: High

In Linux-5.19.2 (and 5.18.19, 5.15.62, 5.10.137) there are fixes for four vulnerabilities which could be exploited to cause denial-of-service or privilege escalation. One of those vulnerabilities can be exploited by an unprivileged user to cause a kernel panic easily. Update to the latest stable or LTS kernel immediately. 11.1-099

11.1 082 Linux Kernel (LFS) Date: 2022-04-24 Severity: Medium

In Linux-5.18.14.3 (and 5.15.57) are fixes for speculative vulnerabilities which might lead to information disclosure and have been named 'RETBleed'. Please read 11.1-082 to see if your processor is affected, and what mitigations are available.

11.1 027 Linux Kernel (LFS) Date: 2022-04-15 Severity: Moderate

In Linux-5.17.3 (and 5.16.20, 5.15.34 and other stable releases on 2022-04-13), fixes were made for three vulnerabilities in the kernel's ax25 networking subsystem, all of which rated as Moderate and can cause remotely-exploitable kernel panics. Upgrade to at least Linux-5.17.3 (or 5.15.34 or other stable kernels released on 2022-04-13) if you are using ax25 networking. 11.1-027

11.1 017 Linux Kernel (LFS) Date: 2022-04-04 Severity: High

In Linux-5.17.1 (and 5.16.18, 5.15.32 and other stable relases on 2022-03-28), fixes were made for for two vulnerabilities in the kernel's nf_tables code, one rated as high. To fix these, upgrade to at least linux-5.17.1 (or 5.15.32 or other stable kernels released on 2022-03-28). 11.1-017

11.1 011 Linux Kernel (LFS) Date: 2022-03-15 Severity: Medium

In Linux-5.16.14, workarounds for hardware vulnerabilities named Branch History Injection have been added. These vulnerabilities may be exploited to cause sensitive information leakage. To work around these vulnerabilities, update to at least linux-5.16.14 (or 5.15.28, 5.10.105, 5.4.184, 4.19.234, 4.14.271, 4.9.306 for older systems using LTS stable kernels), and disable unprivileged bpf syscall. 11.1-011

11.1 009 Linux Kernel (LFS) Date: 2022-03-09 Severity: High

In Linux since 5.8, a local privilege escalation vulnerability known as 'Dirty Pipe' has been discovered. To fix this, update to at least linux-5.16.11 (or 5.15.25, 5.10.102 for older systems using LTS stable kernels) using the instructions from the LFS book for 11.1-009

OpenSSL

11.1 081 (LFS) OpenSSL Date: 2022-07-16 Severity: Medium

In OpenSSL 3.0.4, 1.1.1p, and earlier 3.0 or 1.1.1 releases, AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could leak sixteen bytes of the plaintext in the case of "in place" encryption. If you are running a 32-bit LFS, update to at least OpenSSL-1.1.1q for 1.1.1 series, or OpenSSL-3.0.5 for 3.0 releases. 11.1-081

11.1 066 (LFS) OpenSSL Date: 2022-06-22 Severity: Medium

A bug in the c_rehash script handling shell metacharacters was fixed in versions 3.0.4 and 1.1.1p. This vulnerability may be exploited to execute arbitrary commands. Use of the c_rehash script is considered obsolete and should be replaced by openssl rehash command. Update to at least OpenSSL-1.1.1p if using the 1.1.1 series. For 3.0 releases, update to OpenSSL-3.0.5 or later. It's not recommended to update to OpenSSL-3.0.4 because 3.0.4 is broken on some CPU models. 11.1-066

11.1 012 (LFS) OpenSSL Date: 2022-03-18 Severity: High

A bug which can cause OpenSSL to loop forever when parsing a crafted certificate was fixed in versions 3.0.2 and 1.1.1n. Update to at least OpenSSL-3.0.2 if using the 3.0 series, or at least OpenSSL-1.1.1n if using the 1.1.1 series. 11.1-012

Python3

11.1 092 Python3 (LFS and BLFS) Date: 2022-08-18 Severity: High

Two security vulnerabilities were fixed in Python-3.10.6 which could allow for open redirection in the built-in HTTP server, and for a use-after-free when using the memoryview function. Update to Python-3.10.6. 11.1-092

Shadow

11.1 100 Shadow Date: 2022-08-23 Severity: Low

In Shadow-1.12.2, two security vulnerabilities were fixed that could allow a symlink attack while a shadow utility is running by an administrator and operating on a directory writable by the attacker. Update to shadow-1.12.2 or you'll need to take caution when you run the shadow utilities as root. 11.1-100

VIM

11.1 053 VIM (LFS and BLFS) Date: 2022-05-29 Severity: Medium

11 vulnerabilities causing heap-based buffer overflow, use after free, NULL pointer dereference, or uncontrolled recursion and leading to crashes have been fixed in vim-8.2.5014. To fix them update to vim-8.2.5014 or later. 11.1-053

11.1 037 VIM (LFS and BLFS) Date: 2022-05-06 Severity: High

Three vulnerabilities causing heap-based buffer overflow or use after free and leading to crashes have been fixed in vim-8.2.4814. To fix them update to vim-8.2.4814 or later. 11.1-037

11.1 010 VIM (LFS and BLFS) Date: 2022-03-15 Severity: High

One vulnerability causing heap-based buffer overflow and crashing have been fixed in vim-8.2.4567. To fix them update to vim-8.2.4567 or later. 11.1-010

11.1 001 VIM (LFS and BLFS) Date: 2022-03-02 Severity: High

Four vulnerabilities which cause crashes under certain circumstances have been fixed in vim-8.2.4489. To fix them update to vim-8.2.4489 or later. 11.1-001

Xz

11.1 031 Xz (LFS) Date: 2022-04-15 Severity: Critical

The same vulnerability in zgrep which was fixed in zlib-1.2.12 also applies to using xzgrep from xz. Upstream has provided a patch.

To fix this, rebuild xz-5.2.5 with the patch or update to a later version when one is released. 11.1-031

Zlib

11.1 018 Zlib Date: 2022-04-04 Severity: High

A vulnerability which allows memory corruption when deflating (i.e. compressing) if the input has many distant matches, has been found in Zlib.

To fix this update to zlib-1.2.12 or later. Note that the update will cause 9 test failures in perl testsuite and these failures should be ignored. And, if you are going to strip the debug symbols for your LFS system, you need to adjust the filename of zlib library in the stripping instruction. 11.1-018