LFS Security Advisories for LFS 11.3 and the current development books.

LFS-11.3 was released on 2023-03-01

D-Bus (systemd only)

11.3 041 D-Bus (LFS and BLFS) Date: 2023-06-17 Severity: High

In dbus-1.14.8, a security vulnerability was fixed that could allow for an unprivileged user to cause a denial-of-service (system message bus daemon crash) by sending an unreplyable message when an administrator is monitoring the dbus daemon. Update to dbus-1.14.8 or later. 11.3-041

libcap

11.3 032 libcap (LFS) Date: 2023-06-05 Severity: Medium

In libcap-2.69, two security vulnerabilities were fixed that could allow for denial of service. These occur due to an integer overflow and a memory leak, and can be triggered when using the __real_pthread_create() and the _libcap_strdup() functions in libcap. Update to libcap-2.69 to fix them. 11.3-032

Linux Kernel

11.3 052 Linux Kernel (LFS) Date: 2023-07-06 Severity: High

In Linux-6.4.1 (and Linux 6.1.31), a security vulnerability was fixed that allows for privilege escalation due to a memory management subsystem vulnerability. Update to Linux-6.4.1 or Linux-6.1.31 (LTS) to fix them. 11.3-052

11.3 011 Linux Kernel (LFS) Date: 2023-03-05 Severity: High

In Linux-6.2.3 through 6.2.9 (and Linux-6.1.15 through 6.1.22), eleven security vulnerabilities were fixed in various kernel subsystems. These vulnerabilities could allow full system crash or deadlock, network filter bypass, or local priviledge escalation. Update to Linux-6.2.9 or Linux-6.1.22 (LTS) to fix them. 11.3-011

11.3 001 Linux Kernel (LFS) Date: 2023-03-05 Severity: High

In Linux-6.2.2 (and Linux-6.1.14), five security vulnerabilities were fixed in various kernel subsystems. These vulnerabilities could allow full system crashes or insufficient protection against hardware vulnerabilities. Update to Linux-6.2.2 or Linux-6.1.14 (LTS) to fix them. 11.3-001

OpenSSL

11.3 069 OpenSSL (LFS) Date: 2023-08-04 Severity: Low

In OpenSSL-3.1.2, three security vulnerabilities were fixed that could cause excessive slowdown (and thus a denial of service) when processing DH keys and parameters, and for applications using the AES-SIV cipher from OpenSSL to be misled. Update to OpenSSL-3.1.2 (or 1.1.1v if you prefer to stay on the OpenSSL-1.1 series). 11.3-069

11.3 033 OpenSSL (LFS) Date: 2023-06-05 Severity: Medium

In OpenSSL-3.1.1, several security vulnerabilities were fixed that could allow for denial of service, crashes on ARM64 platforms, certificate policy bypass, and severe degredation of performance. Update to OpenSSL-3.1.1. 11.3-033

Python

11.3 040 Python3 (LFS and BLFS) Date: 2023-06-17 Severity: High

In Python-3.11.4, three security vulnerabilities were fixed that could allow for directory traversal, disk location exposure over HTTP, and for policy bypasses. Update to Python-3.11.4. 11.3-040