LFS-12.1 was released on 2024-03-01
This page is in alphabetical order of packages, and if a package has multiple advisories the newer come first.
The links at the end of each item point to fuller details which have links to the released books.
In Expat-2.6.2, a security vulnerability was fixed that could allow for denial of service via an XML Entity Expansion attack when there is isolated use of external parsers (created using the XML_ExternalEntityParserCreate function). The issue has been classified as a "billion laughs" attack, also known as an XML bomb attack. Update to Expat-2.6.2. 12.1-010
Updating Glibc from an earlier version on a running LFS system requires extra precautions to avoid breaking the system. The precautions are documented in an "Important" box of the LFS book section for Glibc. Follow it strictly or you may render the system completely unusable.
In Glibc 2.39 and earlier, there is a vulnerability in an iconv module which may allow a remote code execution via network services running on the system. An exploit via PHP-based web applications has been demonstrated. And, there are four vulnerabilities in the Name Service Cache Daemon (NSCD) of Glibc.
Please read the link to fix these vulnerabilities: 12.0-037
In Linux-6.8.5, an insufficient mitigation against the hardware vulnerability known as Branch History Injection, or BHI (see 11.1-011 for details) on some Intel processors was fixed. Read 12.1-029 for how to fully mitigate BHI for affected Intel processors.
In OpenSSL-3.3.1, three security vulnerabilities were fixed that could allow for a denial of service (application crash, unbounded resource access, and excessive time spent in a function) to occur. Update to OpenSSL-3.3.1 (or 3.2.2, 3.1.6, or 3.0.14). 12.1-068
In Python-3.12.4, a security vulnerability was fixed that could allow for incorrect information to be returned about whether certain IPv4 and IPv6 addresses were designated as "globally reachable" or "private". This occured due to inaccurate information from the IANA Special-Purpose Address Registries. Update to Python-3.12.4. 12.1-069