Top 5 New Open Source Security Vulnerabilities in July 2018

The dog days of summer are upon us, and while we’ve been busy debating whether it’s the heat or the humidity (it’s the humidity), or testing the capabilities of central air conditioning, our trusty database has continued to aggregate open source security data, so that we can all try to chill, assured that the open source components that we are all using are secure.

Our research team has put together a list of July’s top 5 new known open source security vulnerabilities, collected by the WhiteSource database, which is updated continuously from the National Vulnerability Database (NVD), as well as several additional publicly available, peer-reviewed security advisories and issue trackers.

July’s top 5 list of vulnerable open source components has some old favorites that many of us are probably using, even though we might not even know it. Some of the components have been loyalty maintained since the 90’s, and some are exciting new automation tools. Either way, you’ll want to go over the list and make sure that your open source components are up to date and spick and span.

#1 Linux Kernel


Vulnerability Score: High — 7.3

Affected versions: before 4.11-rc8

Security researchers discovered a local security-bypass vulnerability in the Linux Kernel.

A vulnerability in the keyring in the Linux kernel might mistakenly allow special internal keyrings from being joined by userspace keyrings. Hackers can exploit this vulnerability to access authentication by bypassing certain security restrictions like module verification and perform unauthorized actions that could help them perform additional attacks.

Considering the popularity of the Kernel and how ubiquitous the Linux Kernel is in enterprise software development, we highly recommend users check and make sure that they are using an updated, vulnerability free version.

The hard working folks (Read more…)

*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Ayala Goldstein. Read the original post at: