Skip to main content
News

Top Linux Vulnerabilities For March 2021

By March 9, 2021June 22nd, 2022No Comments
||

Top Linux Vulnerabilities for March 2021

Explore the top Linux threats for March 2021 and find out the best solution for managing these vulnerabilities.

[vc_empty_space]
[vc_single_image image=”341970″ img_size=”full”]

1. Buffer overflow impacting python 27, python 36 and python 38

Vendor Severity: Medium
CVSS Score: 9.8

A stack-based buffer overflow was discovered in the ctypes module provided within Python.  Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer on the stack and crash the application.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Requires: None
  • User Interaction: None
  • Scope (Jump Point): No

CVE Reference(s): CVE-2021-3177

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

2. xterm vulnerability with Ubuntu 20.10, 20.04 LTS, 18.04 LTS and 16.04 LTS and Red Hat Enterprise Linux 8

Vendor Severity: Medium / Important
CVSS Score: 9.8

xterm incorrectly handles certain character sequences. A remote attacker could use this issue to cause xterm to crash, resulting in a denial of service, or possibly execute arbitrary code.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Requires: None
  • User Interaction: None
  • Scope (Jump Point): No

CVE Reference(s): CVE-2021-27135

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

3. Screen update for SUSE Enterprise Server 12-SP2 to 12-SP5

Vendor Severity: Important
CVSS Score: 9.8 (under review)

Fixed double width combining char handling (UTF-8 character) that could lead to a denial of service or code execution.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Requires: None
  • User Interaction: None
  • Scope (Jump Point): No

CVE Reference(s): CVE-2021-26937

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

4. Security Update for Mozilla Thunderbird

Vendor Severity: Important
CVSS Score: 8.8

Memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

Syxscore Risk Alert

This vulnerability has a high risk as this can be exposed over any network, with low complexity, no privileges but does require user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Requires: None
  • User Interaction: Required
  • Scope (Jump Point): No

CVE Reference(s): CVE-2021-23978

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

5. Kernel Update for Oracle Linux 6 and 7

Vendor Severity: Important
CVSS Score: 7.8

Xen is vulnerable to a denial of service, caused by error handling issues in mapping.  A local attacker could exploit this vulnerability to crash the corresponding backend driver, potentially affecting the entire domain running the backend driver.

Syxscore Risk Alert

This vulnerability has a moderate risk as this can be exposed over a local network, with low complexity, no privileges and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Requires: Low
  • User Interaction: None
  • Scope (Jump Point): No

CVE Reference(s): CVE-2021-26930

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_single_image image=”37252″ img_size=”full” css=”.vc_custom_1612806115444{padding-right: 150px !important;padding-left: 150px !important;}”]

Leave a Reply