[SECURITY] [DLA 3678-1] horizon security update - CORRECTED ANNOUNCEMENT
- Debian LTS Advisory DLA-3678-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin December 30, 2023 https://wiki.debian.org/LTS - Package: horizon Version: 3:14.0.2-3+deb10u3 CVE ID : CVE-2022-45582 [ NB: The original message sent included the wrong DLA reference ID. This message corrects the reference ID in the subject line. Everything else about the content of the former message, including the CVE identified as fixed and the version of the package in which it is fixed, remains the same. ] Phan Nguyên Long discovered an Open Redirect vulnerability in horizon, a web application to control an OpenStack cloud, which could lead to phishing. For Debian 10 buster, this problem has been fixed in version 3:14.0.2-3+deb10u3. We recommend that you upgrade your horizon packages. For the detailed security status of horizon please refer to its security tracker page at: https://security-tracker.debian.org/tracker/horizon Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS signature.asc Description: PGP signature
[SECURITY] [DLA 3679-1] vlc security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3679-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 30, 2023 https://wiki.debian.org/LTS - - Package: vlc Version: 3.0.20-0+deb10u1 CVE ID : CVE-2023-47359 CVE-2023-47360 Two vulnerabilities in the MMS over HTTP protocol have been fixed in the VLC media player, which has also been upgraded to the latest upstream version. CVE-2023-47359 Heap buffer overflow in the MMSH module. CVE-2023-47360 Integer underflow in the MMSH module. For Debian 10 buster, these problems have been fixed in version 3.0.20-0+deb10u1. We recommend that you upgrade your vlc packages. For the detailed security status of vlc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/vlc Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmVpIQ4ACgkQiNJCh6LY mLGHLg/9GBSxTXHx2fj1c5Nqa9pFsMwLVgEt1YBUnsbHHlQFvbJT+MnjswrBZR/2 PjsiCCqqN0Yf0803h8Bf2JGxZRq/e+yBn0wfWke1mIl8Gb2o/IGmAW5xsUq1klZA 0n8/8Rdyych4XqiGIrdnhaxDwRH7ASFuRArFPXggtQEBFRxn5NMdRlxlq8Ks+Oy5 CSAfybAbF8Pyr7B08wr5KyI71BC+3UZZoMMqvuGqqNQvwX9aZX9MkBCJHz8WgwC3 CDHzXhhCjDYqvEOC8aaJRe4sI9TJ+yv6Tz1HFVqlbig9fzlb+kiY1hOSR0yVSQf2 dJyIRCmRDdh5VYDwhSEGh12LuF5TXSJ168chOabrp0TWp0s4rlq4AQhfRwSTMv5O MGCaMuNpjQhg8sxJ5HYnklbGe39+x/Es4kFSkcMzf1V86OpiEIdXdj8NFRvEf1tk h+b1UrIX9nWhuI02IHSx8J56Oa/8qZLjgDDnSds4/IMmJNYX35RNYxaY3melN8AD UNuSk9YI1arrfFqmB7fNQpwzG26usrUibDcf5lgxQiZoBgF/dzHAxjdjYbLQd6vq 681S5+BXeTXfqge5SqFlWrxVXSOjofmE5yWLVBbKKlwasNDfqYkxJZCsAMSmwQKq 4tfFPcbhV8x29lCDJbK9WMYI2P80tpWG853w+X0nf9Q5G+c+NkE= =aEDz -END PGP SIGNATURE-
[SECURITY] [DLA 3676-1] horizon security update
- Debian LTS Advisory DLA-3676-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin November 30, 2023 https://wiki.debian.org/LTS - Package: horizon Version: 3:14.0.2-3+deb10u3 CVE ID : CVE-2022-45582 Phan Nguyên Long discovered an Open Redirect vulnerability in horizon, a web application to control an OpenStack cloud, which could lead to phishing. For Debian 10 buster, this problem has been fixed in version 3:14.0.2-3+deb10u3. We recommend that you upgrade your horizon packages. For the detailed security status of horizon please refer to its security tracker page at: https://security-tracker.debian.org/tracker/horizon Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS signature.asc Description: PGP signature
[SECURITY] [DLA 3676-1] libde265 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3676-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky November 30, 2023 https://wiki.debian.org/LTS - - Package: libde265 Version: 1.0.11-0+deb10u5 CVE ID : CVE-2023-27102 CVE-2023-27103 CVE-2023-43887 CVE-2023-47471 Multiple issues were found in libde265, an open source implementation of the h.265 video codec. CVE-2023-27102 NULL pointer dereference in function decoder_context::process_slice_segment_header at decctx.cc. CVE-2023-27103 Heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc. CVE-2023-43887 Multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump. CVE-2023-47471 Buffer overflow vulnerability in strukturag may cause a denial of service via the slice_segment_header function in the slice.cc component. For Debian 10 buster, these problems have been fixed in version 1.0.11-0+deb10u5. We recommend that you upgrade your libde265 packages. For the detailed security status of libde265 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libde265 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmVoyiEACgkQ0+Fzg8+n /wbb+Q//cM61KgteiMDEuqMHvujKlqOcx3J6wq2fgo87yVDrPCU9+SN9sQM496Lm xdPQlQ21EMhSIP7jYPJJXUCwXOVBVcY3NOiODc8Yi2tzbtekeDejc9UGm/+kgBAM SNNptkqrx8r4fgDTvI2ZMHgKt+oc91+PGDecSR6pVZNVDtVl/9hRu3S16ZsjstsN 03QKK2xiAmXgLsiyAbl7UFGc/8+hApgH1xqTRtyb+vqH6+IpUJkkzvEHrY2hf0YC AVjFdJo2jnb26PoN0oQU/XByLQuJFL/RNSFq8+j231CZLhz5R+kYA+OpfKmVGQMS m4fdF0mwxHipSe8FvoJNstL5JeyQteNNcj+ZcOe8zsKxN+F7SgrL/Zrwt9oFLzil NnSEed8eaQ1knhL33yaUbtCmXL5BN6nygMTVNDQUpKNbqhFLV6t5ZC8396qnLqwI bj5e9gsmT4JsigT+j55OYTb4/LAX1IjNoEjnYt6T1J88H9Zg+2tet1C4TRjax7y2 yCMeovfwPOCvzWNV5oU8qFagFCI8mp6bxgnxXP+VgJp9HuXcO5R9H4mDAfG0hBgY v5VgU0PDUqm9r6nEqqi1yNEzBPCllHQo2euYoyPsEhIXWrMhL2MJE4E5htMmPCIQ rF687SpJEmqxFX6BZ1flNzzjWSTPIsa3JPX/Ei0Iu4WyywMa8GA= =RY6y -END PGP SIGNATURE-
[SECURITY] [DLA 3677-1] gimp-dds security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3677-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 30, 2023 https://wiki.debian.org/LTS - - Package: gimp-dds Version: 3.0.1-1+deb10u1 CVE ID : CVE-2023-1 File parsing heap buffer overflow was fixed in gimp-dds, a DDS (DirectDraw Surface) plugin for GIMP. For Debian 10 buster, this problem has been fixed in version 3.0.1-1+deb10u1. We recommend that you upgrade your gimp-dds packages. For the detailed security status of gimp-dds please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gimp-dds Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmVow0gACgkQiNJCh6LY mLEOJBAAvqpSjn6g4ulfjlIA4sePAHiJVmCK/wmVNV0O/2toAATaD1z0toOAGKVL X5zejwN6GPrc+u2n3SGuadaQNf7/82GJQwMoQ3znIglFq9JYSrXQoSlC4L9cn5ta tghVqU2ghcDUmmNHxsqmDqmD3llAUnQsi+R99Y+4utczez3QuTKqPyutZ3ORaXZ0 4b2odzUX+Sk8vNC/3WAl2Nky10SjgH+v9EAJ6vw8ZzthU024S9Oz5FRd1pn5kSzq jxTHjSGMii56lKl9DMjMImX6yt+/eAJFSn94BCSrNcTwXHBw9ryg+ZyyCPno4YU2 xXgQQT3bxdlHPNalRLYKtKzO9voPehFJ+YwcREzDcD1gB0A/sKa4MhPQGjfeEPHH MJaraHZH1ZdCMGvgNF/2rA6zG9K/Fj2o0qilE5rcab/Mdsfvmqko+ExQNkrZbifc IqB2Ij4/Iwec7oAXIBof83RRpE6X6aqeYIyl5iLRWt0K19KewKlsDfTKy1Mev563 Lk1rL8dTA1Od6w9SeEn+sSVw4uPeHpFB1cGQsHG9oleERM73g5dJPPtrerS/jJy0 STPiY+QvK+S9lmXvnoqjtwJalhsWm57iCdYibA55gx77TCH6wh5oOc8EILaK+uBa xQ2YluoHZeg8EMrAG3wbskIZ4KXQN9OPUwBc4f0fRMrK7Nr9woA= =S3D+ -END PGP SIGNATURE-
[SECURITY] [DLA 3674-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3674-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 30, 2023 https://wiki.debian.org/LTS - - Package: thunderbird Version: 1:115.5.0-1~deb10u1 CVE ID : CVE-2023-6204 CVE-2023-6205 CVE-2023-6206 CVE-2023-6207 CVE-2023-6208 CVE-2023-6209 CVE-2023-6212 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For Debian 10 buster, these problems have been fixed in version 1:115.5.0-1~deb10u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmVom4AACgkQnUbEiOQ2 gwIsRg/8DPpGw7lm6m9KnWU1B1HLHBk0qiBslBOTF3n8G2P+N3yZ6WxVC1cBIzkC AkhAxxr4DKIr0vPH5LDx6QpcN/uk8UwYPPBPfqw2pu1cO5gpduNKNEeHyboLhrn6 wH4J9LK62VqPcsRtwm/H+wl/fOPw0+U5j66lMHKCWRhxizlBYqHhZOxnkianAyoM zpRuz6zXE5a9JT8SdDuLnMXztziowjfyghAZM0vgDlyM4r/UxUisyH3zBip6845q EjCdCdEUN4uUk5ngELNICiwt/ociRLpIN7NXdAH108qGmBUIDB/mJHIdDOECfiZr wrM/lg0HqOupHZ8dVfTv9wxXbVmEcVhFx78frIM0Pi1trWrNNN4X5uceZ2GrWiKz h1tQBcbRA1LVgno2Jdfdk9IA2XSksFEpYHvwte9gp0kc8dGpwkSZJwKjxj+VHg7D X1/Ldmuqd6D81yKa8Rm84wqgsU9HpXAYWl2amWxLRceeZ1QKIxLrV+p3SdQwMQEe W2e08hRT4ProNa2e13HL2DWMIcl4ga9H6gVRPpR6NFWR2+RT9NCQtIE6eAbjtcvz chPbtXXJCRpszxpp/0YAZ9EdRLwhiTFme/RasNBgy7okDfUB5oR0j8+HnpCAN5fs uZvSijNmtwprIc2TrpUl0tPcc2T8rnO1WRneoXzja8vJoz2yXEg= =kU0m -END PGP SIGNATURE-