LFS-11.0 was released on 2021-09-01
In expat-2.4.5, five security vulnerabilities have been fixed which can allow for trivial remote code execution and for denial of service. Update to expat-2.4.6 as soom as possible. See 11.0-086
Two signed integer overflow vulnerabilities, both of which rated as Critical, have been fixed in expat-2.4.4. Update as soon as possible. See 11.0-068
Several vulnerabilities, three rated as Critical, have been fixed in expat-2.4.3. See 11.0-064
In glibc-2.35, four security vulnerabilities were fixed that could lead to remote code execution, denial of service, privilege escalation and information disclosure when running applications that use the SunRPC module or use getcwd() to get the current working directory. Updating glibc with the patch can be tricky, and making a full system backup is advised before attempting to update it. See 11.0-069 for more details.
Some privilege escalation vulnerabilities have been reported in the linux kernel. These can be fixed by upgrading to linux-5.16.4 or later, or equivalent long-term stable releases. 11.0-065
In Python3 before 3.9.7, three security vulnerabilities exist that could allow for crashes, resource exhaustion, and SMTP command injection. Update to Python-3.9.7 or later. 11.0-007
In systemd-249 (and systemd-250), a security vulnerability was discovered that allows for symlink attacks and infinite recursion (leading to a crash of systemd-tmpfiles). The BLFS Editors have developed patches for 249 and 250. See the advisory for instructions on updating your system. 11.0-054
In util-linux-2.37.4, a security vulnerability was fixed that could allow for local unprivileged users to gain access to privileged information or for privilege escalation. Update to util-linux-2.37.4. For additional information, please read the advisory. 11.0-082
Two bugs in libmount since version 2.33 have been discovered. These require the use of fuse and can be used to unmount /tmp. To fix these, please read the advisory. 11.0-062
Another heap-based buffer overflow, causing a crash when repeatedly using :retab, was fixed in vim-8.2.4359. To fix this update to vim-8.2.4383 or later. 11.0-081
Many security vulnerabilities in vim have been fixed in versions up to vim-8.2.4236. Fifteen of these have been rated as High by the NVD. Unfortunately, the details are minimal. 11.0-063
In vim-8.2.3508, three security vulnerabilities were fixed that could allow for crashes or arbitrary code execution. Updating to VIM-8.2.3508 is suggested if you use UTF-8 encoded files or modify XML files. 11.0-015