Debian Linux Security Advisory 5000-2 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, incorrect Kerberos ticket use, selection of weak ciphers or information disclosure.
bb28053ed741b4232cf1c304d7a1816d64dc77abf02ef0f7f4318db6ef2a9c3e
Debian Linux Security Advisory 5016-1 - Tavis Ormandy discovered that nss, the Mozilla Network Security Service library, is prone to a heap overflow flaw when verifying DSA or RSA-PPS signatures, which could result in denial of service or potentially the execution of arbitrary code.
35d9a4d43f640926eb2420ef777ea504b336ac1a1fd52fd509acd24e3675989f
Debian Linux Security Advisory 5017-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks.
b03ae44176b038f17b13a99fe5b85c4cbbb049073a1d6fd36112a4dd59c2a1f2
Debian Linux Security Advisory 5018-1 - It was discovered that missing input sanitising in Babel, a set of tools for internationalising Python applications, could result in the execution of arbitrary code.
98ac2d3daff6c67ffc821f77fa08bc03ffd0feffffe4cc5dbc7cb4f49dae0925
Debian Linux Security Advisory 5019-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.
32359136e8b8c69c7cbaa7b1295fb6e90e96c697ab48a4d5feafb42140573fb9
Debian Linux Security Advisory 5020-1 - Chen Zhaojun of Alibaba Cloud Security Team discovered a critical security vulnerability in Apache Log4j, a popular Logging Framework for Java. JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From version 2.15.0, this behavior has been disabled by default.
d0aca50b8b49a7bc8f1bbb01cb127d84b478f189d829e302cdf52f86f86356a3
Debian Linux Security Advisory 5021-1 - Multiple security issues were discovered in MediaWiki, a website engine actions may allow an attacker to leak page content from private wikis or to bypass edit restrictions.
64acb0e0d53c1ffd7659325445b66dd867717b33c34b85f9b34b2a035175fd38
Debian Linux Security Advisory 5022-1 - It was found that the fix to address CVE-2021-44228 in Apache Log4j, a Logging Framework for Java, was incomplete in certain non-default configurations. This could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack.
116c9375e042795a5cd05bbde2c6ef96ec6f35bfedd5f2a0ee86124fa2903ad1
Debian Linux Security Advisory 5023-1 - It was discovered that modsecurity-apache, an Apache module to tighten the Web application security, does not properly handles excessively nested JSON objects, which could result in denial of service. The update introduces a new 'SecRequestBodyJsonDepthLimit' option to limit the maximum request body JSON parsing depth which ModSecurity will accept (defaults to 10000).
3f85c3919db0ef69a9b1f2f2a1881936692b855d1c7c312fa5f4640492138172
Debian Linux Security Advisory 5024-1 - It was found that Apache Log4j2, a Logging Framework for Java, did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a denial of service.
6a9b4dcb09185e3b07645d5acea3cb02cdd0b78af28c1bc86e76eeee9ec5e90d
Debian Linux Security Advisory 5025-1 - A flaw was discovered in tang, a network-based cryptographic binding server, which could result in leak of private keys.
95697656a52607df88e8cffbc50d7665407912d741c613e99b97a16eb9c22c11
Debian Linux Security Advisory 5026-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
5dd3e34f7a37e68f3bcb4b4e4a624d36721ad43edbf9d5779c29309bb60ce56e
Debian Linux Security Advisory 5027-1 - Jan-Niklas Sohn discovered that multiple input validation failures in X server extensions of the X.org X server may result in privilege escalation if the X server is running privileged.
1fa4491f7ca985d9a68534fc21c09385c84455e31ea4bb6920992315357cd622
Debian Linux Security Advisory 5028-1 - It was discovered that SPIP, a website engine for publishing, would allow a malicious user to perform cross-site scripting and SQL injection attacks, or execute arbitrary code.
2479cbc37f3297d5aef480ad6ac89e363c4d37a606357f10ca6862fcc47985f2
Debian Linux Security Advisory 5029-1 - It was discovered that missing SAML signature validation in the SOGo groupware could result in impersonation attacks.
d7adb0cc8e3cc8561575bbf0cd9635ac207dc970e09a4a77c57078c20429c3ae
Debian Linux Security Advisory 5030-1 - Vulnerabilities have been discovered in the webkit2gtk web engine.
d4a62f9be8a75b432b8de2152f6a11d80cc78b371126621b47e4d9ce97dec012
Debian Linux Security Advisory 5031-1 - The following vulnerabilities have been discovered in the wpewebkit web engine.
3aacd91562be0c8c7c134701ced600adb5a223bb8df850e744c0aae832c9a031
Debian Linux Security Advisory 5032-1 - Several vulnerabilities were discovered in djvulibre, a library and set of tools to handle documents in the DjVu format. An attacker could crash document viewers and possibly execute arbitrary code through crafted DjVu files.
710db2d5265ed17e7dc1e4133372755c3e7f19cf33cf56efb99bbc2029c6eaea
Debian Linux Security Advisory 5033-1 - Multiple vulnerabilities were discovered in the FORT RPKI validator, which could result in denial of service or path traversal.
0a9a883cbdb90356d70335092122d591ab37a760e50576176c139fbdaf68e7a5
Red Hat Security Advisory 2021-5269-03 - Log4j is a tool to help the programmer output log statements to a variety of output targets. Issues addressed include a code execution vulnerability.
1a3bf9643bff5f397aac54accad2dbf8a98dcdad7ea8b774b7f190cfe524ca1f
Red Hat Security Advisory 2021-5238-02 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.
03fcb0265966a785783f554582077e70cb5b7d4209ae9099daed4d2ad3bdfc14
Red Hat Security Advisory 2021-5235-02 - PostgreSQL is an advanced object-relational database management system. Issues addressed include a man-in-the-middle vulnerability.
aec25dbc4ecfc1bf4403dd4fb090691e06a2ed10546656d5aebaa8c86ca00684
Red Hat Security Advisory 2021-5236-02 - PostgreSQL is an advanced object-relational database management system. Issues addressed include a man-in-the-middle vulnerability.
220c9f7f0e29569a511a0c6e1352d7daaa826796769b89e330415893a11b96fe
Red Hat Security Advisory 2021-5227-07 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
62ed95294c1adc3418a545a4eb61dbb60682878cf64782acbe8c51cc9cb7eec5
Red Hat Security Advisory 2021-5226-02 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
341e8a384dadb1d9ed5570ab20fe9a231b6acd8061d1b1df4195235a823c2eba