LFS-11.2 was released on 2022-09-01
In dbus-1.14.4, three security vulnerabilities were fixed that could allow for unprivileged attackers to cause denial-of-service conditions (system dbus-daemon crashes, as well as crashes of any programs which use the libdbus library). Update to dbus-1.14.4 or later. 11.2-018
In e2fsprogs-1.46.6, a security vulnerability was fixed that could allow for arbitrary code execution or segmentation faults when mounting or checking a specially crafted filesystem. Update to e2fsprogs-1.46.6. 11.2-083
In expat-2.5.0, a security vulnerability was fixed that could allow for arbitrary code execution or denial of service when a system is running low on memory while processing a DTD. Update to expat-2.5.0. 11.2-030
In expat-2.4.9, a critical security vulnerability was fixed in the doContent function that could allow for arbitrary code execution or denial of service. Update to expat-2.4.9 immediately. 11.2-009
In LFS the only safe way to update Glibc is to build a new system.
In Glibc 2.36 there is a vulnerability in syslog function
which may leak sensitive information into system journal if a very long
(> 1024 bytes) message is passed.
Please read the link to assess the severity of this for your use case, and what action to take. 11.2-075
In inetutils-2.4, two security vulnerabilities were fixed that could allow for denial of service or remote code execution. Note that additional bugfixes were implemented as well which fix crashes with the 'ftp' and 'tftp' programs. Update to inetutils-2.4 if you use telnet, telnetd, ftp, or tftp. 11.2-031
In Linux-6.1.9 (and Linux-5.15.91), three security vulnerabilities were fixed in the Netfilter subsystem, NTFS3 driver, and IPv6 subsystem that could allow for full system crashes, privilege escalation, remote code execution, and heap/stack address leakage. Update to Linux-6.1.9 or Linux-5.15.91 (LTS) if you use IPv6, NTFS3, or Netfilter. 11.2-081
In Linux-6.1.6 (and Linux-5.15.89), several security vulnerabilities were fixed in a variety of subsystems, including drivers, core networking, multimedia, /proc filesystem, networking daemons, and the sysctl subsystem. Update to Linux-6.1.6 or Linux-5.15.89 (LTS) immediately. 11.2-070
In Linux-6.0.11, a security vulnerability was fixed, which affects 12th gen intel processors integrated graphics. It allows an attacker to get unauthorized access to physical memory through the GPU. Update to Linux-6.0.11 or Linux-5.15.81 (LTS). 11.2-049
In Linux-6.0.8, three security vulnerabilities were fixed including one that allows local unprivileged attackers to cause a kernel panic (and potential arbitary code execution if KASLR is disabled or bypassed) with a malicious USB device. Update to Linux-6.0.8 or Linux-5.15.78 (LTS). 11.2-047
In Linux-6.0.6, a security vulnerability was fixed that allows local unprivileged attackers to cause a kernel panic when using an ext4 filesystem. Update to Linux-6.0.6 or Linux-5.15.76 (LTS). 11.2-020
In Linux-6.0.2, several security vulnerabilities were fixed that could allow for denial of service, arbitrary code execution (especially when using WiFi networks), and the ability to read memory from anywhere on the system. Update to Linux-6.0.2 or Linux-5.15.75 (LTS) immediately. 11.2-016
In OpenSSL-3.0.8, eight security vulnerabilities were fixed that could allow for leakage of sensitive information, denial of service, plaintext data recovery, and more. Update to OpenSSL-3.0.8 (or 1.1.1t on older systems, such as LFS 11.1) immediately on all systems which have OpenSSL installed. 11.2-082
In OpenSSL-3.0.7, three security vulnerabilities were fixed which could allow for remote code execution, denial of service, and for NULL encryption. Update to OpenSSL-3.0.7 immediately on ANY system which has OpenSSL-3 installed. 11.2-032
In Python-3.11.1 five vulnerabilities were fixed, with one rated as High. Because updating from an old Python3 series to a new one requires rebuilding all the modules, if you are remaining on Python-3.10 you should update to Python-3.10.9 which includes a Critical fix as well as an additional fix rated as High and already fixed in 3.11.0. Update to 3.11.1 or later, or 3.10.9 or later as appropriate. 11.2-060
In Python-3.10.8, three security vulnerabilities were fixed that could allow for integer overflows, shell code injection, and unsafe text injection when some modules are used. Update to Python-3.10.8 or later. 11.2-021
In Python-3.10.7, a security vulnerability was fixed that could allow for a denial of service (application crash) due to algorithmic complexity. Update to Python-3.10.7 or later. 11.2-005
In systemd-241 and higher, a security vulnerability was discovered that could allow for a local information leak and privilege escalation due to systemd-coredump not respecting a kernel option. Rebuild systemd with the patch. 11.2-061
In zlib-1.2.13, a security vulnerability was fixed that could allow for trivial arbitrary code execution due to a buffer-overflow when calling inflateGetHeader. Update to zlib-1.2.13 immediately and take note of the special instructions for stripping. 11.2-036