LFS-11.1 was released on 2022-03-01
In gzip-1.12, a critical security vulnerability was fixed that could allow for remote attackers to execute commands on your system (or overwrite existing files) when 'zgrep' is run on a crafted archive. The BLFS team has independently verified that the vulnerability is trivial to exploit. Update to gzip-1.12 as soon as possible. 11.1-028
In Linux-6.0-rc2, there is a fix for a vulnerability which could be
exploited to write into read-only memory mappings and cause privilege
escalation. As no fixes are backported into stable releases so far,
disable CONFIG_USERFAULTFD
as a workaround.
11.1-102
In Linux-5.19.2 (and 5.18.19, 5.15.62, 5.10.137) there are fixes for four vulnerabilities which could be exploited to cause denial-of-service or privilege escalation. One of those vulnerabilities can be exploited by an unprivileged user to cause a kernel panic easily. Update to the latest stable or LTS kernel immediately. 11.1-099
In Linux-5.18.14.3 (and 5.15.57) are fixes for speculative vulnerabilities which might lead to information disclosure and have been named 'RETBleed'. Please read 11.1-082 to see if your processor is affected, and what mitigations are available.
In Linux-5.17.3 (and 5.16.20, 5.15.34 and other stable releases on 2022-04-13), fixes were made for three vulnerabilities in the kernel's ax25 networking subsystem, all of which rated as Moderate and can cause remotely-exploitable kernel panics. Upgrade to at least Linux-5.17.3 (or 5.15.34 or other stable kernels released on 2022-04-13) if you are using ax25 networking. 11.1-027
In Linux-5.17.1 (and 5.16.18, 5.15.32 and other stable relases on 2022-03-28), fixes were made for for two vulnerabilities in the kernel's nf_tables code, one rated as high. To fix these, upgrade to at least linux-5.17.1 (or 5.15.32 or other stable kernels released on 2022-03-28). 11.1-017
In Linux-5.16.14, workarounds for hardware vulnerabilities named Branch History Injection have been added. These vulnerabilities may be exploited to cause sensitive information leakage. To work around these vulnerabilities, update to at least linux-5.16.14 (or 5.15.28, 5.10.105, 5.4.184, 4.19.234, 4.14.271, 4.9.306 for older systems using LTS stable kernels), and disable unprivileged bpf syscall. 11.1-011
In Linux since 5.8, a local privilege escalation vulnerability known as 'Dirty Pipe' has been discovered. To fix this, update to at least linux-5.16.11 (or 5.15.25, 5.10.102 for older systems using LTS stable kernels) using the instructions from the LFS book for 11.1-009
In OpenSSL 3.0.4, 1.1.1p, and earlier 3.0 or 1.1.1 releases, AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could leak sixteen bytes of the plaintext in the case of "in place" encryption. If you are running a 32-bit LFS, update to at least OpenSSL-1.1.1q for 1.1.1 series, or OpenSSL-3.0.5 for 3.0 releases. 11.1-081
A bug in the c_rehash script handling shell metacharacters was
fixed in versions 3.0.4 and 1.1.1p. This vulnerability may be exploited
to execute arbitrary commands. Use of the c_rehash script is
considered obsolete and should be replaced by
openssl rehash
command. Update to at least OpenSSL-1.1.1p
if using the 1.1.1 series. For 3.0 releases, update to OpenSSL-3.0.5 or
later. It's not recommended to update to OpenSSL-3.0.4 because 3.0.4
is broken on some CPU models.
11.1-066
A bug which can cause OpenSSL to loop forever when parsing a crafted certificate was fixed in versions 3.0.2 and 1.1.1n. Update to at least OpenSSL-3.0.2 if using the 3.0 series, or at least OpenSSL-1.1.1n if using the 1.1.1 series. 11.1-012
Two security vulnerabilities were fixed in Python-3.10.6 which could allow for open redirection in the built-in HTTP server, and for a use-after-free when using the memoryview function. Update to Python-3.10.6. 11.1-092
In Shadow-1.12.2, two security vulnerabilities were fixed that could allow a symlink attack while a shadow utility is running by an administrator and operating on a directory writable by the attacker. Update to shadow-1.12.2 or you'll need to take caution when you run the shadow utilities as root. 11.1-100
11 vulnerabilities causing heap-based buffer overflow, use after free, NULL pointer dereference, or uncontrolled recursion and leading to crashes have been fixed in vim-8.2.5014. To fix them update to vim-8.2.5014 or later. 11.1-053
Three vulnerabilities causing heap-based buffer overflow or use after free and leading to crashes have been fixed in vim-8.2.4814. To fix them update to vim-8.2.4814 or later. 11.1-037
One vulnerability causing heap-based buffer overflow and crashing have been fixed in vim-8.2.4567. To fix them update to vim-8.2.4567 or later. 11.1-010
Four vulnerabilities which cause crashes under certain circumstances have been fixed in vim-8.2.4489. To fix them update to vim-8.2.4489 or later. 11.1-001
The same vulnerability in zgrep which was fixed in zlib-1.2.12 also applies to using xzgrep from xz. Upstream has provided a patch.
To fix this, rebuild xz-5.2.5 with the patch or update to a later version when one is released. 11.1-031
A vulnerability which allows memory corruption when deflating (i.e. compressing) if the input has many distant matches, has been found in Zlib.
To fix this update to zlib-1.2.12 or later. Note that the update will cause 9 test failures in perl testsuite and these failures should be ignored. And, if you are going to strip the debug symbols for your LFS system, you need to adjust the filename of zlib library in the stripping instruction. 11.1-018