webkit2gtk3 security update

2.46.5-1 - Update to 2.46.5...

GHSA-HR5W-CWWQ-2V4M ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass

Impact ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim's account in certain scenarios. A possible victim would need to directly open the supposed imag...

CVE-2024-29892 ZITADEL's actions can overload reserved claims

ZITADEL, open source authentication management software, uses Go templates to render the login UI. Under certain circumstances an action could set reserved claims managed by ZITADEL. For example it would be possible to set the claim urn:zitadel:iam:user:resourceowner:name. To compensate for this ...

SUSE-SU-2021:1408-1 Security update for librsvg

This update for librsvg fixes the following issues: - librsvg was updated to 2.46.5: Update dependent crates that had security vulnerabilities: smallvec to 0.6.14 - RUSTSEC-2018-0003 - CVE-2021-25900 bsc1183403...