LFS Security Advisories for LFS 12.1 and the current development books.
LFS-12.1 was released on 2024-03-01
- There are currently no known security vulnerabilities for LFS-12.1.
This page is in alphabetical order of packages, and if a package has multiple advisories the newer come first.
The links at the end of each item point to fuller details which have links to the development books.
Expat
12.1 010 Expat (LFS) Date: 2024-03-20 Severity: Medium
In Expat-2.6.2, a security vulnerability was fixed that could allow for denial of service via an XML Entity Expansion attack when there is isolated use of external parsers (created using the XML_ExternalEntityParserCreate function). The issue has been classified as a "billion laughs" attack, also known as an XML bomb attack. Update to Expat-2.6.2. 12.1-010
Linux Kernel
11.1 011 Linux Kernel (LFS) Date: 2022-03-15 Severity: Medium
In Linux-6.8.5, an insufficient mitigation against the hardware vulnerability known as Branch History Injection, or BHI (see 11.1-011 for details) on some Intel processors was fixed. Read 12.1-029 for how to fully mitigate BHI for affected Intel processors.