LFS Security Advisories for LFS 11.3 and the current development books.
LFS-11.3 was released on 2023-03-01
D-Bus (systemd only)
11.3 041 D-Bus (LFS and BLFS) Date: 2023-06-17 Severity: High
In dbus-1.14.8, a security vulnerability was fixed that could allow for an unprivileged user to cause a denial-of-service (system message bus daemon crash) by sending an unreplyable message when an administrator is monitoring the dbus daemon. Update to dbus-1.14.8 or later. 11.3-041
libcap
11.3 032 libcap (LFS) Date: 2023-06-05 Severity: Medium
In libcap-2.69, two security vulnerabilities were fixed that could allow for denial of service. These occur due to an integer overflow and a memory leak, and can be triggered when using the __real_pthread_create() and the _libcap_strdup() functions in libcap. Update to libcap-2.69 to fix them. 11.3-032
Linux Kernel
11.3 052 Linux Kernel (LFS) Date: 2023-07-06 Severity: High
In Linux-6.4.1 (and Linux 6.1.31), a security vulnerability was fixed that allows for privilege escalation due to a memory management subsystem vulnerability. Update to Linux-6.4.1 or Linux-6.1.31 (LTS) to fix them. 11.3-052
11.3 011 Linux Kernel (LFS) Date: 2023-03-05 Severity: High
In Linux-6.2.3 through 6.2.9 (and Linux-6.1.15 through 6.1.22), eleven security vulnerabilities were fixed in various kernel subsystems. These vulnerabilities could allow full system crash or deadlock, network filter bypass, or local priviledge escalation. Update to Linux-6.2.9 or Linux-6.1.22 (LTS) to fix them. 11.3-011
11.3 001 Linux Kernel (LFS) Date: 2023-03-05 Severity: High
In Linux-6.2.2 (and Linux-6.1.14), five security vulnerabilities were fixed in various kernel subsystems. These vulnerabilities could allow full system crashes or insufficient protection against hardware vulnerabilities. Update to Linux-6.2.2 or Linux-6.1.14 (LTS) to fix them. 11.3-001
OpenSSL
11.3 069 OpenSSL (LFS) Date: 2023-08-04 Severity: Low
In OpenSSL-3.1.2, three security vulnerabilities were fixed that could cause excessive slowdown (and thus a denial of service) when processing DH keys and parameters, and for applications using the AES-SIV cipher from OpenSSL to be misled. Update to OpenSSL-3.1.2 (or 1.1.1v if you prefer to stay on the OpenSSL-1.1 series). 11.3-069
11.3 033 OpenSSL (LFS) Date: 2023-06-05 Severity: Medium
In OpenSSL-3.1.1, several security vulnerabilities were fixed that could allow for denial of service, crashes on ARM64 platforms, certificate policy bypass, and severe degredation of performance. Update to OpenSSL-3.1.1. 11.3-033
Python
11.3 040 Python3 (LFS and BLFS) Date: 2023-06-17 Severity: High
In Python-3.11.4, three security vulnerabilities were fixed that could allow for directory traversal, disk location exposure over HTTP, and for policy bypasses. Update to Python-3.11.4. 11.3-040