Happy Friday fellow Linux geeks! This week, important updates have been issued for log4j, openJDK and WebKitGTK. Read on to learn about these vulnerabilities and how to secure your system against them.
Now you can personalize your LinuxSecurity.com User Profile to include the latest advisories for the distros you select, making it easier than ever to keep your system up-to-date and secure.
Have a question about or comment on one of the vulnerabilities highlighted in today's newsletter? Let's discuss!
Yours in Open Source,
log4jThe DiscoveryThree important issues have been discovered in log4j including a deserialization flaw in the chainsaw component (CVE-2022-23307), SQL injection when the application is configured to use JDBCAppender (CVE-2022-23305) and remote code execution (RCE) when the application is configured to use JMSSink. |
openJDKThe DiscoveryMultiple security vulnerabilities have been found in openJDK, including unexpected exception thrown in regex Pattern (CVE-2022-21283), incomplete checks of StringBuffer and StringBuilder during deserialization (CVE-2022-21293) and incorrect IdentityHashMap size checks during deserialization (CVE-2022-21294). The ImpactExploitation of these flaws could result in denial of service (DoS) attacks. The FixOpenJDK has released a security update mitigating these bugs. Update promptly to protect the security, integrity and availability of your systems. Your Related Advisories:Register to Customize Your Advisories |
WebKitGTKThe DiscoveryA large number of remotely-exploitable flaws have been identified in the WebKitGTK Web and JavaScript engines (CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954 and CVE-2021-30984). The Impact
|
