LFS Security Advisories for LFS 10.1 and the current development books.

LFS-10.1 was released on 2021-03-01

This page is in alphabetical order of packages, and if a package has multiple advisories the newer come first.

The links at the end of each item point to fuller details which have links to the development books.

Linux Kernel

10.1 005 Linux Kernel (LFS) Date: 2021-03-15 Severity: Low

In Linux 5.11.3 or earlier there are vulnerabilities in iSCSI subsystem which can lead to potential privilege escalation. See 10.1-005

OpenSSL

10.1 011 OpenSSL (LFS) Date: 2021-03-26 Severity: Critical

In OpenSSL-1.1.1k, two high severity security vulnerabilities were fixed that can lead to a complete bypass of the CA Certificate Store checks, and also one that can lead to crashes for applications that use OpenSSL. Updating to OpenSSL-1.1.1k is suggested as soon as possible. 10.1-011.

Python 3

10.1 035 Python (LFS and BLFS) Date: 2021-04-29 Severity: High

In Python3 before 3.9.4 'pydoc' can be used to read arbitrary files, including those containing sensitive data. Update to Python-3.9.4 or later. 10.1-035