Debian: DSA-5031-1: wpewebkit security update
The following vulnerabilities have been discovered in the wpewebkit web engine: CVE-2021-30887
Find the information you need for your favorite open source distribution .
The following vulnerabilities have been discovered in the wpewebkit web engine: CVE-2021-30887
The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2021-30887
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, incorrect Kerberos ticket use, selection of weak ciphers or information disclosure.
It was discovered that missing SAML signature validation in the SOGo groupware could result in impersonation attacks. For the oldstable distribution (buster), this problem has been fixed
It was discovered that SPIP, a website engine for publishing, would allow a malicious user to perform cross-site scripting and SQL injection attacks, or execute arbitrary code.
Jan-Niklas Sohn discovered that multiple input validation failures in X server extensions of the X.org X server may result in privilege escalation if the X server is running privileged.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
A flaw was discovered in tang, a network-based cryptographic binding server, which could result in leak of private keys. For the stable distribution (bullseye), this problem has been fixed in
It was found that Apache Log4j2, a Logging Framework for Java, did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC)