Happy Friday fellow Linux geeks! This week, important updates have been issued for log4j, openJDK and WebKitGTK. Read on to learn about these vulnerabilities and how to secure your system against them. 

Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.

Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!

Yours in Open Source,

Brittany Signature 150 Esm W150

log4j

The Discovery 

Three important issues have been discovered in log4j including a deserialization flaw in the chainsaw component (CVE-2022-23307), SQL injection when the application is configured to use JDBCAppender (CVE-2022-23305) and remote code execution (RCE) when the application is configured to use JMSSink.

ApacheLog4J Esm W400

The Impact

The vulnerabilities could be exploited to execute malicious code or carry out SQL injection or remote code execution (RCE) attacks.

The Fix

A log4j update fixes these three dangerous bugs. Update now!

Your Related Advisories:

[distro_list_1]

openJDK

The Discovery 

Multiple security vulnerabilities have been found in openJDK, including unexpected exception thrown in regex Pattern (CVE-2022-21283), incomplete checks of StringBuffer and StringBuilder during deserialization (CVE-2022-21293) and incorrect IdentityHashMap size checks during deserialization (CVE-2022-21294).
Openjdk Esm W225

The Impact

Exploitation of these flaws could result in denial of service (DoS) attacks.

The Fix

OpenJDK has released a security update mitigating these bugs. Update promptly to protect the security, integrity and availability of your systems.

Your Related Advisories:

[distro_list_2]

WebKitGTK

The Discovery

A large number of remotely-exploitable flaws have been identified in the WebKitGTK Web and JavaScript engines (CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954 and CVE-2021-30984).

The ImpactWebkitgtk Esm W225

If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting (XSS) attacks, denial of service (DoS) attacks, and arbitrary code execution.

The Fix

These problems can be corrected by updating your webkit2gtk package versions. We recommend that you take care of this promptly to protect against a wide array of attacks exploiting these dangerous bugs.

Your Related Advisories:

[distro_list_3]