[SECURITY] [DLA 3650-1] audiofile security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3650-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès November 12, 2023 https://wiki.debian.org/LTS - - Package: audiofile Version: 0.3.6-5+deb10u1 CVE ID : CVE-2019-13147 CVE-2022-24599 Debian Bug : 931343 1008017 The audiofile library allows the processing of audio data to and from audio files of many common formats (currently AIFF, AIFF-C, WAVE, NeXT/Sun, BICS, and raw data). CVE-2019-13147 Audiofile was vulnerable due to an integer overflow. Bail out early if NeXT audio files include too many channels. CVE-2022-24599 A memory leak was found due to reading not null terminated copyright field. Preallocate zeroed memory and always NUL terminates C strings. For Debian 10 buster, these problems have been fixed in version 0.3.6-5+deb10u1. We recommend that you upgrade your audiofile packages. For the detailed security status of audiofile please refer to its security tracker page at: https://security-tracker.debian.org/tracker/audiofile Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmVRSW4RHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF/tnxAAlLLTE3hwj91FsZaJ50XLEA5/NJKp+nLI RiF6TZmJ/Muju/3pt4hEE8SDyCcYAbCDiP9JKyve+x8U+8fF1HbrQTQ7Ytq1mPRE knI81K1rKRX0NoUXgNSR0ZPUnCGqb521xI7ZvcgMCJSK6TAiqoTy/dIKws0DwBcb txt85gMU8I75V48IeUC4sx5ono6dosjFsCa45rsteQCsSy9k2aci94FaKv6jf4o2 Ye7gaUdTDSCoSIQdR810hSY2t+Cj+4+LkAd+SHMqm4hEbh+8AQNVfolHGKpD9lYO qzdV1dCi5mF5W4XWqJpA3xgY9JHZIRv/1wjWTIuJUARxtTrzH9505kGtxTz2Z9K9 +f8ML2BhTem+i19ahSxRo2buKIp0Ybi71ZxtkGtBgNTSVAAJ0wo52ItX1xGnWRrh BfJRmpuSNC/XG6+ihXsEebjiGger1QioHfBXeGW192Sg5wUwLPHuo2IjCdbubn+G g4qVk+RpHBKQbWPGQcdPCOqynj9omb6JUbopNFRvH1wEVAwMcJP+ZSP07/xarboF m68NWnQvqmhrnYXV0YW5Q903iWVRdsDpTLoD90GUQdPfkf5h0hOQoasfVK8P4Z0j r+fur0nK97FpyDWHaexXcEFfQ3UaOqdh2FjGzfdul4hq1sth2ja5CQKe8P4wk55o 5YG3nSy3XvY= =3Hfd -END PGP SIGNATURE-
[SECURITY] [DLA 3646-1] open-vm-tools security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3646-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès November 05, 2023 https://wiki.debian.org/LTS - - Package: open-vm-tools Version: 2:10.3.10-1+deb10u6 CVE ID : CVE-2023-34058 CVE-2023-34059 Debian Bug : 1054666 Brief introduction CVE-2023-34058 A file descriptor hijack vulnerability was found in the vmware-user-suid-wrapper command. A malicious actor with non-root privileges might have been able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. CVE-2023-34059 A SAML Token Signature Bypass vulnerability was found. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine might have been able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias. For Debian 10 buster, these problems have been fixed in version 2:10.3.10-1+deb10u6. We recommend that you upgrade your open-vm-tools packages. For the detailed security status of open-vm-tools please refer to its security tracker page at: https://security-tracker.debian.org/tracker/open-vm-tools Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmVIFJoRHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF8jiBAAo1u0kx7UJLY1rjo8XMk0UAbQ7gnzBVXU O47pP7Z53HJ+7JT+Hmmk6bRI0gwVnQQPeea7kqFOBdX99jwccrnAtkc1gY8/uSzl xvgKH2eEq8FPeuMC2kWE+qYWpyLFD1OMoBFEF15a324FfaZM8ohfACC99xn1uz9M +K16eVrmFR2+8LniPoTPWWGaQaLg7B5pse5KGPaLMlDDWTHmOkbEmeVoxB6FC0qv /e/09zDgwHz9Z7L2YNXcKmI4Wp1n35sSAQPDvW720sppAER/pJ0Ez+qUePj9fiL5 FIA/4GnbPDuUxuvPPR0CXSpPvRdEv0f0vq7rmqQqceWMXt10ESH8OoiKAgbvHzib 3p7wd769ts8br2JVQoOMeYi3UQJFzupBtgzIfcCvIiHS/Pl+wY+Ku2xHcY9/FGCn Fwk8d0Rm4E83JJ2k9mJkjo9yAnCQIaIAqVYByeDhaXdB/Gy9z8j04hQky5mBs5xh KB0xJhdnAdNqhucNX01XpOJTrktjspAtPdyBW+Z+Lv25HX59VubtnbT5mTLKWize BCe5nKrvHAKuWr/HDNOACduVEJbizaMpX4EhMOs+2n57QgCV4ienPZOK6Mc56yyI itoisUFg8ZBtaZxpCwjK1Wo30NuJgjvYIOrk095AjrfTODCiO+hKJ+bN15s6ttuI 7H/83gWnHWI= =0q1C -END PGP SIGNATURE-
[SECURITY] [DLA 3629-1] ceph security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3629-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès October 23, 2023 https://wiki.debian.org/LTS - - Package: ceph Version: 12.2.11+dfsg1-2.1+deb10u1 CVE ID : CVE-2019-10222 CVE-2020-1700 CVE-2020-1760 CVE-2020-10753 CVE-2020-12059 CVE-2020-25678 CVE-2020-27781 CVE-2021-3524 CVE-2021-3531 CVE-2021-3979 CVE-2021-20288 CVE-2023-43040 Debian Bug : 1053690 Multiple vulnerabilities were fixed in Ceph, a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. CVE-2019-10222 A Denial of service was fixed: An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients. CVE-2020-1700 A Denial of Service was fixed: A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system. CVE-2020-1760 A XSS attack was fixed: A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. CVE-2020-10753 A Header Injection attack was fixed: It was possible to inject HTTP headers via a CORS ExposeHeader tag in an Amazon S3 bucket. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. CVE-2020-12059 A Denial of Service was fixed: A POST request with an invalid tagging XML could crash the RGW process by triggering a NULL pointer exception. CVE-2020-25678 An Information Disclosure was fixed: ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. CVE-2020-27781 A Privilege Escalation was fixed: User credentials could be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even "admin" users, compromising the ceph administrator. CVE-2021-3524 Similar to CVE-2020-10753, a Header Injection attack was fixed: It was possible to inject HTTP headers via a CORS ExposeHeader tag in an Amazon S3 bucket CVE-2021-3531 A Denial of Service was fixed: When processing a GET Request in Ceph Storage RGW for a swift URL that ends with two slashes it could cause the rgw to crash, resulting in a denial of service. CVE-2021-3979 A Loss of Confidentiality was fixed: A key length flaw was found in Ceph Storage. An attacker could exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks. CVE-2021-20288 A Potential Privilege Escalation was fixed: When handling CEPHX_GET_PRINCIPAL_SESSION_KEY requests, ignore CEPH_ENTITY_TYPE_AUTH in CephXServiceTicketRequest::keys. CVE-2023-43040 A flaw was found in Ceph RGW. An unprivileged user can write to any bucket(s) accessible by a given key if a POST's form-data contains a key called 'bucket' with a value matching the name of the bucket used to sign the request. The result of this is that a user could actually upload to any bucket accessible by the specified access key as long as the bucket in the POST policy matches the bucket in said POST form part. For Debian 10 buster, these problems have been fixed in version 12.2.11+dfsg1-2.1+deb10u1. We recommend that you upgrade your ceph packages. For the detailed security status of ceph please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ceph Further info
[SECURITY] [DLA 3527-1] sox security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3527-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès August 13, 2023 https://wiki.debian.org/LTS - - Package: sox Version: 14.4.2+git20190427-1+deb10u3 CVE ID : CVE-2023-32627 Debian Bug : 1041112 SoX is a command line utility that can convert various formats of computer audio files in to other formats. It can also apply various effects to these sound files during the conversion. Sox was vulnerable to divide by zero vulnerability by reading an specialy crafted Creative Voice File (.voc) file, in the read_samples function. This flaw can lead to a denial of service. For Debian 10 buster, this problem has been fixed in version 14.4.2+git20190427-1+deb10u3. We recommend that you upgrade your sox packages. For the detailed security status of sox please refer to its security tracker page at: https://security-tracker.debian.org/tracker/sox Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmTZDZ4ACgkQADoaLapB CF8jyA/9GF9DnkSHainlKEODBJOU+Hd5zRQOr4WrEljG/vfIP3vy2QU+TKDElooU 38qCoEFsFMM+Cqz/uDuIh0S3/0aZvY1b4xHhWeQYdJdI2fxw/aqLdGFL8zhkw464 9216XlHAypJLIbH1KFctRTdGIcvRPn1kxCWUK7kYOyjHp1tEfeMosGBwKe+630uI ZyTdox2Dj8iEKUzfJyQ8gGTl2ZzfZ9AbQxGw5ttsx/+8csFON0x7mUC49mvU6Upp k6ljjvZXhMI+f9Dlw3jmC9cjGOMaBbGtJsIKBMIILeTKoQETJ5K5ioN7FRWeTtrB 3kiRxjgIcVk5JFdZID657jnnxVdL+OP2eSGOccmZZKwkQX2rCoEePeo2lLuLGG0u dQLAXSlZ5zJBGXKM52hKwIHc681a2RJ1zz1uM4ciGdtG2DO6X859q/HLTVyWJuVK ++HECDnuu33X3ZP70MbGcU7YW8S6Q5YAtjp2SQbcrAuh6g+rulzqcwhz5k6t34T2 0ZTMN5N1B97MV6l4ApQy0Qc9r0q7BIp4So43z7KCn81doemmYN3GFpXzfH2EDkzB YLQ7doDwTeEOI58IJ1XnZxIKo6ggZyWza78j1ZXNdXMMLVgPQEKMjmAmND1EOe7z Q2GYi+iyHXHlltgxHPi2Ok/zFRokDN/SHZY004PB+GTGM3Br0KI= =2U9s -END PGP SIGNATURE-
[SECURITY] [DLA 3526-1] libreoffice security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3526-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès August 13, 2023 https://wiki.debian.org/LTS - - Package: libreoffice Version: 1:6.1.5-3+deb10u10 CVE ID : CVE-2022-3874 CVE-2023-0950 CVE-2023-2255 Debian Bug : LibreOffice an office productivity suite was affected by multiple vulnerabilities. CVE-2022-3874 Libreoffice may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory. CVE-2023-0950 Improper Validation of Array Index vulnerability in the spreadsheet component allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. CVE-2023-2255 Improper access control in editor components of LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. For Debian 10 buster, these problems have been fixed in version 1:6.1.5-3+deb10u10. We recommend that you upgrade your libreoffice packages. For the detailed security status of libreoffice please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libreoffice Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmTZBYEACgkQADoaLapB CF94zw/9FONJTmY7w4eZtsvC7EauB2XsBXu00PdRTfySsmGHFFgeNGCFudYPnrgW PZoTZKvpXSOA/0eR9WpuS5V4kuSlgbbm0IhWAS0DwO/nzDM8NadzVOobMQ/eI4Ib HyA6fTJL0GUZR4c0wrDvzDlUZVm+9QvkOwy2XtiMlCmqgEEGf+Y3fu7ZmhwBU8X+ hrUgNk91SYoBATydoLnUC0Wlktu/ndE6ixPkfn0fOIriJCn+Lr1tbnrdbJq479nB UTs/HDecVe02OBuASMK49uU3ZW8dnEmEBATX6E6heOhgB56lO7zB4iROsBdVCCEO V44I1zMFa+qsRm+aLOjiIoyjp2wUJ2ztOuRwuadW/dRRgbMLwJCnQ089v+HVFehl wo8cKy4PJTq+cJlDY6ZeSx+7s19lbfHaMSS/o/Kk0gLgSDPsQAvpFKepDOek/b57 aKGagQK0MiSThvvJ610P25Cr/lrusmccs2R4g2byzA41yA7Zu3HXNypC9z5iNubI yUQ8tiuEIjT8GlpABZQGlxFgX34nx/ZcG2YhGqVkYKkHOM8++a2nNqZvsgDBzj/p PZk3kgjjswo5aHHqyn7anmLnuolLmRuNXyccsMJ026Kt3rcjQ33Kv7ILx7QX8uIu Cp2uhrUsTWHphRKONK7qgCmWLCi5QusQISz1ZmRKS6b8Z9wqXZc= =eoRL -END PGP SIGNATURE-
[SECURITY] [DLA 3495-2] php-dompdf regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3495-2debian-...@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès August 10, 2023 https://wiki.debian.org/LTS - - Package: php-dompdf Version: 0.6.2+dfsg-3+deb10u2 CVE ID : CVE-2021-3838 Ubuntu security team noted after extensive testing that DLA-3495-1 was incomplete as one PoC for CVE-2022-2400 (particularly the chroot escape) was still working on the patched version of the package. Further analysis of the upstream patch and DLA-3495-1 version helped to identify that the vulnerability was still present due to DLA 3495-1 not including commit 7adf00f9, which added chroot checks to one of the code path. Special thanks to Camila Camargo de Matos of Ubuntu security team. For Debian 10 buster, this problem has been fixed in version 0.6.2+dfsg-3+deb10u2. We recommend that you upgrade your php-dompdf packages. For the detailed security status of php-dompdf please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php-dompdf Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmTV+S0ACgkQADoaLapB CF+fzA/+IEhPFe6aORNDp+bmugxgpYdan9P7yFYoEsBOw0S08mOLhCtKJ6PZU4l2 O60/vK4RtbCoEM4pyvw6b8X1TKjARCXOnB2CoG/nfHIITpIp/9KQSalimuexL0Kt q20ze3Eu4xNNff5pA7QZShW+ykjsHHECOy4WPPb3nSjdRHphuRlitcRDhD0O/HQM WJtq1mX/ZgEj9kH77LeBf64NHZ2yxGpmae4xKOa+kF1IEGIO2+pbaUP1jq1P+wQ/ leGfTdUKEN+IpaPCIC+8HvLjp22phrXBQJm93fQz+jKBaVY6iFoe/zW9kDv2SOwM ZZtFWvZkmdHSH+GQCKadzygwK1Gsm5YN2+mzEypBjksFnMp92KXnpzYtCod4Yda5 RM+bkg2cis9APc690KzuLmH5W9c1loAa1RfvwO2UwHtH1b+yjuO3QPS3SLtavAdp F7yDJlPQwYZ9IrXlZlCXjS6kJfQI2zEqxKXDlqbgzHLIKNJcJ2HY3RzjSj3FCEU6 VpiqbABX84Vig6F5hJ9qo1g/cRw80tmjWRjnh1PluAEioU9hyXC4o7YmXbbZTCsg +H5uo58otWWW9B+SqTqz3iQUo39w0Xaj9zn/r/XSgTS7NCP0J1M7oCw+1MSrJlfT ERpI5r6u7gETAt+jSwupE2Oqz7uC2f+OKYPS4uk0uu8+86xuOhM= =20sV -END PGP SIGNATURE-
[SECURITY] [DLA 3495-1] php-dompdf security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3495-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès July 13, 2023 https://wiki.debian.org/LTS - - Package: php-dompdf Version: 0.6.2+dfsg-3+deb10u1 CVE ID : CVE-2021-3838 CVE-2022-2400 Debian Bug : #1015874 Multiple vulnerabilies were fixed in php-dompdf a CSS 2.1 compliant HTML to PDF converter, written in PHP. CVE-2021-3838 php-dompdf was vulnerable to deserialization of Untrusted Data using PHAR deserialization (phar://) as url for image. CVE-2022-2400 php-dompdf was vulnerable to External Control of File Name bypassing unallowed access verification. For Debian 10 buster, these problems have been fixed in version 0.6.2+dfsg-3+deb10u1. We recommend that you upgrade your php-dompdf packages. For the detailed security status of php-dompdf please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php-dompdf Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmSwabkACgkQADoaLapB CF8nsRAAsmeQ4TBOyOXOcCYD4juWGEb2PEqzoBtGUKnS6N8lWfWuFF9fUKjRSvVq UQ2kWHSDbT40qTd8eVNm0a1lRaHuubYhHKVtemiMJ71cJkInWQm9JDCCHdYPlN/t tj1ihB5IWi+yrpOuMzP4QN57kNo27U8tRWNb7eRBP3bECtt/CZtHzaq2zwk7tX6P SJWkVcTlIg9AHa33vq5/7FJ5o2pF4SUOL2zPs4Z0zqBKUhmXeg3ByYDvkgZMbgTL zE8RnGIc4pcBuwrhVhBpOv3mvUSfSbko0AqiUS45mgxMUuuSw+cUJwFtRAsH7Bh6 ElZwfkjiWIyrW5w8M1V8vi5ghwUl1AKd5stHjZXEcAYR0HZh1VcXgBB35LPYWzGR oL8FsD8ngQlCuaNPX3EgdbiluwiewLk9buYZYUb9BbnmCn/LxR7W5TkdnM4pUGU9 nuAEtPneim9qakqyeXLH2vOSlivCAj66iWLiDGbQTPwTjmmYgHlj3FNBuGUDQicL vdYJIRCVywAt2V2ebFWmxYUDsdFzuVXKfGYi+HOWUM8s9q5A1tGrQ+mGydWc+ses +u+2c7sNr5iuxF4NE/VdOBxfMy5zLSCRf+9Jccbkq29Y6UuvSCTMUo2L2ZwJIGxG MVmeBZZ1Ihm633lov0PsILBFfSmueXco0rMMW2/HFGoV2s4feuA= =ueR0 -END PGP SIGNATURE-
[SECURITY] [DLA 3481-1] libusrsctp security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3481-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès July 06, 2023 https://wiki.debian.org/LTS - - Package: libusrsctp Version: 0.9.3.0+20190127-2+deb10u1 CVE ID : CVE-2019-20503 Debian Bug : 953270 An out-of-bounds read was found in sctp_load_addresses_from_init. For Debian 10 buster, this problem has been fixed in version 0.9.3.0+20190127-2+deb10u1. We recommend that you upgrade your libusrsctp packages. For the detailed security status of libusrsctp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libusrsctp Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmSnP24ACgkQADoaLapB CF9TuBAAi3lx0TwVgA/gw6O4DZZkYRmxEipYhxX8mCSm0VCjtjlXtg99aDP8Buhd W9JUcwyIEk5KLGdOmA0VgyXN0E4XP02XFBfkyRJPiIJPPDJLebroT1cnqUFUvSDW iSmxhXc1VB0SxlPk8dAsH+lv17xFw9c5l4PuZKzaz5zlQhOMw2uuCWA0QbC3MD5y aRN4RHY39+kCV1n3VCGPICCMzzqvERHTXtoCPjMZdhSOpJC3Y8fJ8EXkpDaIFLMn cgIzKATQvLTHnHB2JqnKnhp7kMQFnudRc+z3aBVhULJWDnzcILozJdr3+ut1l+4N 47rNEPS4WdSzFc+tCfjNj6Ko7OlBFaenHhrhXfgZjQh3uRGLDPwNDbCj68WnBLZj aVpIK/slAmrvXJABKUExGQgF5IwvwNCTlCwYmbMvMOMOADYb8szjgu+Di510qZj5 PcUARa9brn5+7aCQ5dOr7oqvwI+dmb9NDahGQFzkJ/uNdHV46Vj95Hm91ihB6Ms3 rWVIA/JWI8OR9P1ygbqrbznHMdWK73Ney6LyTItMoGuqWSeO8zWCsSmv3WuQhu1Z 9OqQlUMxMdHiP3Gk2kTqgrg/jYtcU5+d+K+htkUkFrzoFVeI3+UgFSLDNryVaO6Z fw8tIYVsuG8MA9eeKZoJo2THXRfYrXJhc4S56yCh6SivOzwerSY= =AIUT -END PGP SIGNATURE-
[SECURITY] [DLA 3480-1] ruby-redcloth security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3480-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès July 06, 2023 https://wiki.debian.org/LTS - - Package: ruby-redcloth Version: 4.3.2-3+deb10u1 CVE ID : CVE-2023-31606 Debian Bug : 1040488 A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. For Debian 10 buster, this problem has been fixed in version 4.3.2-3+deb10u1. We recommend that you upgrade your ruby-redcloth packages. For the detailed security status of ruby-redcloth please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby-redcloth Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmSnO38ACgkQADoaLapB CF9rPhAAnOM9Kq/rXTRL+qWQTqvxQL24NI5vnEcUQt5PIH+SHxAdSxIMdQfWqGAB 9RwJgZXNbegqke+eBkzO3SPzgi7Z+4vXc5rz4fCTj+O9fvvMuKs/D2r4wd+joKKD Vb8Sa/AVLk07eE4LGpJ29tpx0HEmPN7+I+tqBkRDhvwgHHB8l39B/Totd+Gj9IWP loBFlnCPo9ssKEs600ZCS33CmeRjlZZ5sSNTPKzyBZUYvghKTXrws2GCpujbO/ot GXHM+X24HL4WK9GBd1/2hmDjN7x/BnxldALHXrGS1QVnU5GRChm7kKAIX3JxkXdn xeapNPyMRTy9zKTYD8cBVihu13Bl0szSkQnzjTGCMXEu/BbWM9Sf7yT1HRBFqtIa Za3wlTm4hgUbhzat7yAAPwoElvpc3r+lY4XGF2jm216Czl+hCMNKnM+rNoVGTKi8 AQW2e8CtI6ti50lx2IeDjPhsZoL4u/J+frf3Aipg5Q2/9jOQJoaTZIxuooVV2PVz rhkqePV4U2Sqn2TxK5vA2mrtC06bopN9yiH6YGWeetfOsOOuwxYrWQOjTBp8bYZp 9oT4rYt3c0Sa76C+lj22ddOmi/n9IA8PZ44zWCNkM+vvhaD+/SQoQLdrDSbiIA/f P7woQCRQUGCpQvFEgqmXrKVBPYPRMgFm0wB4MqiQzzRTkfEj5SY= =M1vl -END PGP SIGNATURE-
[SECURITY] [DLA 3473-1] docker-registry security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3473-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès June 29, 2023 https://wiki.debian.org/LTS - - Package: docker-registry Version: 2.6.2~ds1-2+deb10u1 CVE ID : CVE-2023-2253 Debian Bug : 1035956 A flaw was found in the '/v2/_catalog' endpoint in 'distribution/distribution', which accepts a parameter to control the maximum number of records returned (query string: 'n'). This vulnerability allows a malicious user to submit an unreasonably large value for 'n', causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory. For Debian 10 buster, this problem has been fixed in version 2.6.2~ds1-2+deb10u1. We recommend that you upgrade your docker-registry packages. For the detailed security status of docker-registry please refer to its security tracker page at: https://security-tracker.debian.org/tracker/docker-registry Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmSdipgACgkQADoaLapB CF9S1w//cuFxhQuGFMZ55dMA5aVr4rpPgVManZ9zWoGaJ3a/YNP9qXw8La207n+K FI0bU9BsRJgiQBNUvrEzMAOLM8XqVf+SU4YhEEnWnVf+Fkd5oJ3icq93eugs6g9S soGkh/Aa2PndIz6xT1UUc84+0fhI5E+IePn2IsL3kGHs5m8Kz3Kflih6K0wwr/Pk 0O8HhLzHVaF0RkleljDjw7NIn2UigijfC+uI+x1ZlJDjIt1K1dCu3lk0S4HRTspp dXmAoBLBvNfXiMO1+7GPkOBmqyQJJk9Y72d2fXSC7N6G39sPuNz2lpPEllAzGfiK hXZRypxNbsmG0/tWN6zyJQtKgGTFy/QKsMjfWxoT1Sh4OH8AVvGVybKxAutagTY5 8oqEY51/Q1mBUrgrAwtmOt+sRWgwOLjJ0urcThz3K15/dmcdImGIfmkqecAjLRPv npA/+AJRvsmaIEUGcke17B+AdroSzbJYpqilvpb6Pdp2Aa8ffoa3iVj0+1/2ZpsX TXnThi2IOcmVtM4TvKYSsycpth2GSFBBYdwBuXlYuByONrGFxqCwHczkuwVBcmU8 lUFCfc2yAoVtunyYhOtkAKQuXEbeZESYPZX0+cKPcE0InsHjc4wdIokjAuoRx7Yk LABZWQ+RZE5BRijzQLJ7Oe9eUYvHB3qrT9wtDnIvp6UVP1FlXvc= =/Yo3 -END PGP SIGNATURE-
[SECURITY] [DLA 3466-1] avahi security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3466-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès June 21, 2023 https://wiki.debian.org/LTS - - Package: avahi Version: 0.7-4+deb10u3 CVE ID : CVE-2021-3468 Debian Bug : 984938 Avahi a free zero-configuration networking (zeroconf) implementation, including a system for multicast DNS/DNS-SD service discovery, was affected by a Deny of Service. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. For Debian 10 buster, this problem has been fixed in version 0.7-4+deb10u3. We recommend that you upgrade your avahi packages. For the detailed security status of avahi please refer to its security tracker page at: https://security-tracker.debian.org/tracker/avahi Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmSTfnEACgkQADoaLapB CF8JOQ/+K8aBrBzgB7HVmGTk8w8md1xxuaNEepJ01oflWO3No9eGfQJ0UnJrHGi7 I4eOrH4nKoOYx7ix+7UuQhFH+cen8QkvGTfydh61DeuYA6+tacK61gI/vQCU29yz an+Js1kqNVZdF+Rzi6nRgW4K2BJpTGWX9JRk85kMKhKqZlT5Vs3qgbKut7c7CfLr qbxMv026bkur+7JFBUFQyRhpR6lZwjlkpSuG2u6OPvWWrPWhwllY/jpj6y4jZzoA u2v5BVnrsyZDSlnBQdddMjjNAeqVLgUAnZdxH9L62VrcAtcuLh8MjXo6wAIrZX+N JU/3o5d7B+ms/jVbqI2Qfkls3AysT/afLAw9C83YtVTli5kkWWYbeQqIuILJCpgF 3MbbFQaZUety1PsjW+IYlyFVsnmiixAV7/fGwiahXqSc0adczY8nW3uMEya3TPAT w7yUhIKXJMNw1QlPazwd4Llm1ouQQT3GKz61HYIqzzGxGwF9CypSb1GiGuj4/RnP T6IvsnoEY3A+Q498XqvR5oar+1655oT0OMtIGC+bnChIuBAqOsPFNayo9Z5Cz7Oo bRfVJiYg6FTu0THRL+4psFZ5uC9PtgtuWxdSonkNsNRL/aZ7CQsjkWeYuyNJYmpq UFGXDC94hsnATZZkI3mPDvDUc6DH4KBTx4jEi4OM76b8m0TeUoE= =c48R -END PGP SIGNATURE-
[SECURITY] [DLA 3459-1] libxpm security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3459-1debian-...@lists.debian.org https://www.debian.org/lts/security/Bastien Roucariès June 20, 2023 https://wiki.debian.org/LTS - - Package: libxpm Version: 1:3.5.12-1+deb10u1 CVE ID : CVE-2022-4883 CVE-2022-44617 CVE-2022-46285 libxpm is a library handling X PixMap image format (so called xpm files). xpm files are an extension of the monochrome X BitMap format specified in the X protocol, and is commonly used in traditional X applications. CVE-2022-4883 When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable. CVE-2022-44617 When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. CVE-2022-46285 When parsing a file with a comment not closed, an end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library. For Debian 10 buster, these problems have been fixed in version 1:3.5.12-1+deb10u1. We recommend that you upgrade your libxpm packages. For the detailed security status of libxpm please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libxpm Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmSRlNAACgkQADoaLapB CF+J4hAAnDS02rcoZnhJs/8V/zks3bWn/YvNDuV07USR3T1VfhpAmO5Snu3G4k5c BAdMmGxfxY9D1hW+inSg6qYXK9c75WfO0gzqlmqQdZT3gpW9Zgjp7slHvD6neKg0 4zDEXsXmqsBNt0cS9tFk94Wk8U0+mOtsUKNRKclOuP+BZgyTCZEpypy1t/QbowRP 9SZjXF+EsCS1he4BICQin8/25esA4dEeaqXQAMVFHy69wRtKVbYywk6wb8A851F8 2EtFfYGHwDNwGOFz7Z3+sw8KIeX6/FpGA1as2U3oUwiLBWMO55Xh4CCCi84TTfTr uDHywfdh1gWd+/vdZ7qTm+zOVQI3pHpssdbjrCIxCwK41+dejkvwGRRxkvhkmS1Q krxPXkncMpKu/003G8IJy1b1+frJgXe3VZkzFtTT7IrylTFA7B83TY110OsG2XT8 XTBFD4pJATjtNDZaDj9xn+9sgUZJobpNtHqIuC/7b8iAUkil3t6qUPCM8M2hoMd4 vHyf6AvCVUPExGqXgrELssNMK//cNB6+5u1HuA1EetpRnGfdH0+DBeuSdalN/C5k gqqMaY28CYrRx8so/FY6eV3aYymICoSyRvnCNXkVv6LFu77geUcqz6rh+AENNnuh 9jJFxvIalEyAs+ewZKEEG0WL8/63SiF6Mu5xATm7Mgwwfoq4+dA= =JUec -END PGP SIGNATURE-
[SECURITY] [DLA 3457-1] maradns security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3457-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès June 19, 2023 https://wiki.debian.org/LTS - - Package: maradns Version: 2.0.13-1.2+deb10u1 CVE ID : CVE-2022-30256 CVE-2023-31137 Debian Bug : 1033252 1035936 MaraDNS is a small and lightweight cross-platform open-source DNS server. CVE-2022-30256 A revoked domain name (so called "Ghost" domain name) can still be resolvable for a long time by staying in the cache longer than max_ttl allows. "Ghost" domain names includes expired domains and taken-down malicious domains. CVE-2023-31137 The authoritative server in MaraDNS had an issue where it is possible to remotely terminate the MaraDNS process with a specialy crafted packet (so called "packet of death"). For Debian 10 buster, these problems have been fixed in version 2.0.13-1.2+deb10u1. We recommend that you upgrade your maradns packages. For the detailed security status of maradns please refer to its security tracker page at: https://security-tracker.debian.org/tracker/maradns Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmSQOM8ACgkQADoaLapB CF8l8A/+JIy73RPqTaVKf5wm2rbzsagJ/Ab0O+E6oXUUwYePgXGMlAuV2GWYwBbp aGw2simemXupzSNjq3AYHZmZEkSYcat28dKxLB7D/0n2f+vyw3mM2La7DVCbLmOE ew1mCgYX085bzrxeB6ubQQk0Sz9yl8dUVrarDOan9UOrHVpwiA2qId18Y2w5aH85 xq2Iw/m2eEb0QsQ5L1vDow/nD+dyt4Ia1N2f62wpd6mIdQcH0MQtfCHWFSliFf/2 SLPrPFVqXigznT/K+EoBhiznNN03JMHAmjKmih3juwe5aQQsalHAHrR7B+HVu/Zl VQ0TspJ5yGPVpmL9oz75NjaMEYpJaj32hXVSzfSZp9GMr/HlF3z7TXqzt56pOOHa IMmivDGJV6nSndAUfaUaQ/hvJmgbAWrqB165pw1Yp/coQ9Pwa+A4W4aN0Y5JdUYZ d9kv5oHG3vp7IN7cKglLgDSara6osDt7sn7mL6b4psBWXKlHVa4PD9j7azL5e0Si 1HL5XY1jF5EXv4pSeuQXtWP79BOXVWzarcrHjuj7N8fycu8p2SpY4DB6PhAUl4fI 5RHrKfMgbkKgZhFWxaWe9XaQHfH5/S5CitxJkpZeHSWaAOhtgz2zYz7/Ru9sRlz8 akH1+N3dmeoFSZDOc7lLE2WO5V2S5Rf6FrX3m5t6D0mZMxQwtgc= =NM3Q -END PGP SIGNATURE-
[SECURITY] [DLA 3428-1] node-nth-check security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3428-1debian-...@lists.debian.org https://www.debian.org/lts/security/Bastien Roucariès May 20, 2023 https://wiki.debian.org/LTS - - Package: node-nth-check Version: 1.0.1-1+deb10u1 CVE ID : CVE-2021-3803 Debian Bug : node-nth-check, a NodeJS module module used to parse and compile nth-checks, as they are found in CSS 3's nth-child() and nth-last-of-type(). This module was vulnerable to a regular expression denial of service used for parsing. For Debian 10 buster, this problem has been fixed in version 1.0.1-1+deb10u1. We recommend that you upgrade your node-nth-check packages. For the detailed security status of node-nth-check please refer to its security tracker page at: https://security-tracker.debian.org/tracker/node-nth-check Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmRrxQkACgkQADoaLapB CF+RPRAAqm/4nPjEJPlMoBDjdVJko/cXGBenKw26VnBxTI6LtSPxV9qHg5hkxK2B LNNjF5fVbGFSNYO1+7LO5ZhGKAPSmvr7z/ZVhBTBiN5Hc7mTv7gEBJgZKHNl7WlM E8kl5DnZS2G2YVpm3FfJAp5p5um9/tPblGR7y6FX17bqRx+LnwB/DuHE+VJv+dHd 3b0t2wL4BC9nc0oyHnSztNzLEbpEI0JFntjqQ0jE/TPzP8wBJ85xem4Kp/TGx+IN s7coNxGIUliNNWTP9Q5MOQ916taIyCfhq8JK4wZ/JsZAqzj32Uwbg5gdUdYg89q0 y93TIJANFvg3BZ9O3wUtCpDEDsadmvEb5NPXt53gDjt7xzrz/EA/IYDLpa0BZtvy xlimHSqLvIkOOG+qI0JCHrYRWKGjgNYUutX+EASu1P/hjBSH3adqQ8W4pE7RbPB9 4ifFJ7fXNcHp2Jukl7dCnF7AaVau8UnZPaBefQ8jKsRly+uOOUtW0EORJbH7A4Hv +4B1v2fbYOwrB74mHyUIspuRmFfF88ZdKM+H9Vqs4N1LErV0j0LayZOhBPxMP5Sj ESAbTKOiQF7Fy18Z8fencb4qgYvMQoMinyYyY+adryPgAiwCLHjY9V1f4iAqeBpD m4bc/jkiR5Op9RUJgGd/a6aKY2SqWsJwQgwbV/Ktvwd2HFCTT0k= =vb0P -END PGP SIGNATURE-
[SECURITY] [DLA 3429-1] imagemagick security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3429-1debian-...@lists.debian.org https://www.debian.org/lts/security/Bastien Roucaries May 21, 2023 https://wiki.debian.org/LTS - - Package: imagemagick Version: 8:6.9.10.23+dfsg-2.1+deb10u5 CVE ID : CVE-2021-20176 CVE-2021-20241 CVE-2021-20243 CVE-2021-20244 CVE-2021-20245 CVE-2021-20246 CVE-2021-20309 CVE-2021-20312 CVE-2021-20313 CVE-2021-39212 CVE-2022-28463 CVE-2022-32545 CVE-2022-32546 CVE-2022-32547 Debian Bug : 996588 1013282 1016442 Multiple vulnerabilities were fixed in imagemagick, a software suite, used for editing and manipulating digital images. CVE-2021-20176 A divide by zero was found in gem.c file. CVE-2021-20241 A divide by zero was found in jp2 coder. CVE-2021-20243 A divide by zero was found in dcm coder. CVE-2021-20244 A divide by zero was found in fx.c. CVE-2021-20245 A divide by zero was found in webp coder. CVE-2021-20246 A divide by zero was found in resample.c. CVE-2021-20309 A divide by zero was found in WaveImage.c CVE-2021-20312 An integer overflow was found in WriteTHUMBNAILImage() of coders/thumbnail.c CVE-2021-20313 A potential cipher leak was found when the calculate signatures in TransformSignature(). CVE-2021-39212 A policy bypass was found for postscript files. CVE-2022-28463 A bufer overflow was found in buffer overflow in cin coder. CVE-2022-32545 A undefined behavior (conversion outside the range of representable values of type 'unsigned char') was found in psd file handling. CVE-2022-32546 A undefined behavior (conversion outside the range of representable values of type 'long') was found in pcl file handling. CVE-2022-32547 An unaligned access was found in property.c For Debian 10 buster, these problems have been fixed in version 8:6.9.10.23+dfsg-2.1+deb10u5. We recommend that you upgrade your imagemagick packages. For the detailed security status of imagemagick please refer to its security tracker page at: https://security-tracker.debian.org/tracker/imagemagick Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmRqmVMACgkQADoaLapB CF8kRg/7BM6uzmf+carUUMDzTBep32H0bkjAc4rSKaLT6CW5q9AGplSijEGsL+2n sWK3Y3x8pPaaTXIOV+Xx0vDTl9isxF4r6cyckp+Pziz8bSPTd50r0IgzKZP0k57r YH/Z5VpP59BWAsNCIiaybi65+avf/00kw2CWZ08feC1vV2LmQUp5wDmwA3z/8E9P PiZ2gVOoc1aTKzUgGkGJPoiCeaAJl8cvSwUH4txXPDTbtv0gjFVVxfLmB7nnWc5b QWTo4MOoowRORdGPtFIjgkozdDMA1toHK/8fPB2ke/N0lBXjivFwsUiqMb1jAgjt OkVzqfwk/Plm2KvwGLAjn6dTH2dvAueNovX1jcbIdEeWZuIqooydaLdEgE8/OLBm GlvIN+hIZkWBW7F0Wa0WuVj2sgdO3dBdlKi2dqmq9qBMcc4IxLJiP0sRxaegf/JN Sg8SU288p2C9uBR6AqPXCqFIGl8MqoB9nTqpebHSpzXFGJTb52NQArV/1zjDZGXR voMkPrZuRd0sp7jxpKT5dQbhxT+zCL7XpeiMCUCCh0mAeTT4SMQTyJVtlcgLCibx fWtFYu9L3yZUjnXTBmI7Bfvn/EMwhilYH7NtF0jyves7erMFBifaKN2riosW7jTL aZovpK9R+i0r3PJA9UUhZZYM161jafMRQ6bwBPOgGDL/2K+ZxlY= =eYBc -END PGP SIGNATURE-
[SECURITY] [DLA 3401-1] apache2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3401-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès April 24, 2023https://wiki.debian.org/LTS - - Package: apache2 Version: 2.4.38-3+deb10u10 CVE ID : CVE-2023-25690 CVE-2023-27522 Debian Bug : 1032476 Several vulnerabilities have been discovered in apache2, a webserver that may be used as front-end proxy for other applications. These vulnerabilities may lead to HTTP request smuggling, and thus to front-end security controls being bypassed. Unfortunately, fixing these security vulnerabilities may require changes to configuration files. Some out-of-specification RewriteRule directives that were previously silently accepted, are now rejected with error AH10409. For instance, some RewriteRules that included a back-reference and the flags "[L,NC]" will need to be written with extra escaping flags such as "[B= ?,BNP,QSA]". CVE-2023-25690 Some mod_proxy configurations allow an HTTP request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. CVE-2023-27522 HTTP Response Smuggling in mod_proxy_uwsgi For Debian 10 buster, these problems have been fixed in version 2.4.38-3+deb10u10. We recommend that you upgrade your apache2 packages. For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmRG8+IACgkQADoaLapB CF/X4w/7BlUPn3PXyTJ0YWEBYMicsEB++saQBbvh+iIIUgfII1FhfEB0AJ5TnB+0 r8g8rIHCyV8vfLtZ14tl9NusKbzYz4o1FJ/f/H+h4be3n0F523o9yBHJrjY4s2KC /9FT7BjXovgTflwVYgmNN3CA/RPDuUFb3UmWB1qe13dQZQf+qgbH2ZsbVWjYL7Wc PxbBvgCAWo8mjlyWTzIBdT60G6p796ot2mrCpfFuhuWKwu/RGYGbWbQDl0IrxRS1 3RsEaterq0UYpvY2nFDGkMfDmlYGi4YOCw7NTZvBdSDaIgSHOKvefJ0KrEyDousH GKioWybNfAgbcLF84e7GluXNydKJoOgXDrUBFAmFwlCbayf2IdymWgUQnia4oG7c +xb0xlnnCT/bnans8BvGpxnhYs3PcTLTKcbBhK4w7jx/tPUMj1GnSvRlRfWYZZy2 0q1Mfn5oAQPId3eK4U6rM0QxYsYfEN77fXIRytLUvBwkWij7KfXaIKYPq3GkrNB5 9fxv1PN/wWJ4xv3knXnRF/yrD5cnf/fNwROdZBnzxS+u14/nbCidkKGIEFAIDY5D kyr8nPmzUfaNvwVQo88x/9cqF3935vUN/+MyYMzJ94ynkhWrFwQGSsqMvhdklwCr oTLb61+HGCdveFpUGm3pk4jrjmNYz/+8NA77cpnaSDV9KquRmqk= =m0mC -END PGP SIGNATURE-
[SECURITY] [DLA 3373-1] json-smart security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3373-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès March 30, 2023https://wiki.debian.org/LTS - - Package: json-smart Version: 2.2-2+deb10u1 CVE ID : CVE-2021-31684 CVE-2023-1370 Debian Bug : 1033474 Multiple vulnerabilities were found in Json-smart library. Json-smart is a performance focused, JSON processor lib written in Java. CVE-2021-31684 A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via for instance a crafted web request. CVE-2023-1370 A stack overflow was found due to excessive recursion. When reaching a â[â or â{â character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software For Debian 10 buster, these problems have been fixed in version 2.2-2+deb10u1. We recommend that you upgrade your json-smart packages. For the detailed security status of json-smart please refer to its security tracker page at: https://security-tracker.debian.org/tracker/json-smart Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmQmk7kACgkQADoaLapB CF+PARAApnmlYJnlvax9UUpjy4b3G3ZHnRJ9TWRlWs4FVNgiexFTbAQFAPYu/Y5U y+HnmXVMm09uUhBfHL4ApOASwAaAiRSFja9vK5EMuxM3c75RF2uTFF/MtxHwdAht oiw+VYIH/jhF+wSp5RB9VKSUVe00mU65umYJncW6H+nKVKqbtKeSFzOYu4+DQ72E IslBwyC24xrTR9wU99F01miM6xdxBTevlLim3nlfP9HqWaE1ThdbmQbW7ZWZaL6D ApycKSP1fA+R+sv8MmYegjhSoTkpk56Nt9p4oMA0CXMvRbONUwsqZNmPEoyW/tma AtLHQZl8aOp/WrRhbS9LNupqrkbSQ81FfvZzf0axdat79dEwLGkLn2utwvaZ//AS a5ly6KRNJKueV7V0q5vjP5LlL95Mk4hLZikXsY+cO7akj1NrHHq3GKWiAayU+U7F dwaF/j0EfZvkeuMvIjYhYjbIy4e4xXobAuFphdxQ2ODheYPKQf9s7U4SZsvBWszf P5CSaHLR8TtmpYdjYTNgY7k3fCIVu5ehHZLSVmVGhrYDe/qy0m3y7AgLTccGKfHd YczCzfZzKFsxXP6pBXJzGZWNfKlQly94TKa8G2oyYrIHxiFCTvqTgpzfaaAo/Tpy geAfAENfddNLX01GHq9XNcK4zgITDSjRAwRnPJY7INZsCaTE2e8= =cja+ -END PGP SIGNATURE-
[SECURITY] [DLA 3373-1] json-smart security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmQlx7MACgkQADoaLapB CF/c1g//XoJXkqDmTEAjzj/USr6O8dyX8sF1wvm0d2Y8HJwgdqLuJB5zevtUDBWT ODnbRfw3l4lViBVpUQIUiMll0T1rHCR03/PxDIBhfs/c86umZbyr1/1emfp630mk vDJwgqS27n3udfuMroZ3KcPa38iPnW2/gsXemhta5nBwIlZsDL7hbUhrHBay1wZz ZYGVYxyRmIIuH48dQh206tcTK9AZ7rnZVofeHdoa/PEuIoIVV3VlXByXAMtkGcfc sBvKbgPoXyap/KzPmnyEsnwID/cfudcoPdDe2U9yCc/WwwDBNjvQ1VVDGHijVFT2 4KOpGcZxvXy96LhZoZhEwnbpRjqhyEGtDdnhPweFmC3VJ2a5r+v2EBfX8y9ABUSn J3MGGlfYtTU4kcHhiJljECi3W4FNCXdPbmddnubUsJlWEl48F+csrgkaeM+mOux4 KZK3d8Qs3Ci30d7OkaQpCWA7+gQDwZHPLPPSQSDvX1ZIVHoUpQdzyJI5mgsJLa5Q kgPqCqE4T1u8WIlS3+ao3SZUmhZUfeXNm1EdtUeVhsaIAVAvyCJJFUGX9UzjwCXB hN0kBK1eCm7Ac0JsfZ8fKp9/j1ytv+Q0MkT2uOVGlWvDNP5hW1aLtw+IRWCgM+1f KSXkzM4f8j4kMjvBJbuuZpz8v55hKJTljsJVxFmVe6r/dsWG8Ow= =f95a -END PGP SIGNATURE-
[SECURITY] [DLA 3368-1] libreoffice security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3368-1debian-...@lists.debian.org https://www.debian.org/lts/security/Bastien Roucaries March 26, 2023https://wiki.debian.org/LTS - - Package: libreoffice Version: 1:6.1.5-3+deb10u8 CVE ID : CVE-2021-25636 CVE-2022-3140 CVE-2022-26305 CVE-2022-26306 CVE-2022-26307 Multiple vulnerabilities were found in LibreOffice an office productivity software suite, leading to arbitrary script execution, improper certificate validation, and weak encryption of password storage in the userâs configuration database. CVE-2021-25636 Only use X509Data LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. CVE-2022-3140 Insufficient validation of "vnd.libreoffice.command" URI schemes. LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. CVE-2022-26305 Compare authors using Thumbprint An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate. An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted. CVE-2022-26306 LibreOffice supports the storage of passwords for web connections in the userâs configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data CVE-2022-26307 Add Initialization Vectors to password storage. LibreOffice supports the storage of passwords for web connections in the userâs configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. For Debian 10 buster, these problems have been fixed in version 1:6.1.5-3+deb10u8. We recommend that you upgrade your libreoffice packages. For the detailed security status of libreoffice please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libreoffice Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmQgs3wACgkQADoaLapB CF8IjhAApxk511xV1DzvjVNvnTOapgdiC8UENPV4lWHWHZUvoB2VoZ49aK988HYM Ktv27cR8xG60e84ExNpGdhPON8Ql44GJXMMWIV4l75JdwgixkMuJiIs0W9nV98Cx lA5a4abjrCRlIU5q2JpEhVzx+/8deRlp8ye9Zi0qbFbhsaKv2Q0YuuJucohWpn/B +ad94pezaRIHXJJJd/crvLeEhm1AvszT+PPEaXukF8UxU8XTyZzqlaOTEPoNSfLB nu3odMcjwWYUcJ5E9FWAJyrJLZVpotWmMm7UF5atc8WBDVrSLuq2YjXMOMzznZl9 map067Tm59B70amU1j8/XIrR8b4VArmNBL770t9TMU12RZ4viVZRL94Lartxu/BA rRwxMlvLjAtkPtojl/sYHonKHjwkOZ/nL56RbcSCOTKXwjLy5g+mAZhQS8ix0ezw /FkRdHYDex0Yr+Ny6nfvHihczO408BewmZVo/OTKg3bfsB28yVf7/T
[SECURITY] [DLA 3357-2] imagemagick regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 From: imagemagick <> To: debian-lts-announce@lists.debian.org Subject: [SECURITY] [DLA 3357-2] imagemagick regression update - - Debian LTS Advisory DLA-3357-2debian-...@lists.debian.org https://www.debian.org/lts/security/Bastien Roucariès March 18, 2023https://wiki.debian.org/LTS - - Package: imagemagick Version: 8:6.9.10.23+dfsg-2.1+deb10u4 CVE ID : Debian Bug : #1032998 The previous Imagemagick security update caused a regression in some perl packages due to overly restrictive hardening in a policy update (reading from /etc/ was forbidden). This hardening patch has been removed. For Debian 10 buster, this problem has been fixed in version 8:6.9.10.23+dfsg-2.1+deb10u4. We recommend that you upgrade your imagemagick packages. For the detailed security status of imagemagick please refer to its security tracker page at: https://security-tracker.debian.org/tracker/imagemagick Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmQV+2YACgkQADoaLapB CF/uKRAAkI8jm4D7gw9Nyr+383Gjn3Bh1kPeMvxpijMwkWl8G9grQX6kIKG+u18P j3OOi3jgSvUw79PaqcPJC27RhZ9lg4bcct8568z3ycKMBzy/lMGqLqMlIw1OTbn4 1/HPUMpmjvEbteBWrw5E0hpQZvf6+BZcCsYE7brTqBD+M8OBtug9PJjJ85lUwNlK 4RKDgfKEysAnzF3fXWTwnidixPqJlHYDG9jh9p5eYUv2TRZd/u+UGl6Klq6PyEWN R7/8olRJicuILhg/nt3nlpNNIXBqAyS0zQKUIrqMJcDdG9mu59dWjZ2qBjxAtIzz QjVYWdPRTnHD4Lw72vr5UqcyjUSm+mG+i7WlpDtLDHu59wnN0fPMXUUzGxZmnbmO M2x9ImR76jjZiFRd8p9XcEt4eVVCxMKnUVZKHCvOkvBjfusAiwFcvWdSwSQVmR01 G0wYL23D5i0zmsSHDI+DbQbLdKEC/u8PAg+rgqcR88B5XFvVq5lxyo/vb6YT7l5b h+xshLqFTmjOjSFExS4cDIjwgLd61l8HNnuoYFkNDDuBApW+hD03U3XdOqOo1fqQ hQ7NhMr6yZeros7qfIW8wLMG4SM6gCzIupxgtlZ+42J5x83DptGWKXlBwA/9WjoF 3veKEhSzGI5pFYzzwkSNmrH1WQDjih4h6GB+axdbVdKAOgLwfqg= =jLsa -END PGP SIGNATURE-
[SECURITY] [DLA 3357-1] imagemagick security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3357-1debian-...@lists.debian.org https://www.debian.org/lts/security/Bastien Roucariès March 11, 2023https://wiki.debian.org/LTS - - Package: imagemagick Version: 8:6.9.10.23+dfsg-2.1+deb10u2 CVE ID : CVE-2020-19667 CVE-2020-25665 CVE-2020-25666 CVE-2020-25674 CVE-2020-25675 CVE-2020-25676 CVE-2020-27560 CVE-2020-27750 CVE-2020-27751 CVE-2020-27754 CVE-2020-27756 CVE-2020-27757 CVE-2020-27758 CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27762 CVE-2020-27763 CVE-2020-27764 CVE-2020-27765 CVE-2020-27766 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771 CVE-2020-27772 CVE-2020-27773 CVE-2020-27774 CVE-2020-27775 CVE-2020-27776 CVE-2020-29599 CVE-2021-3574 CVE-2021-3596 CVE-2021-20224 CVE-2022-44267 CVE-2022-44268 Debian Bug : 1027164 1030767 Several vulnerabilities have been discovered in imagemagick that may lead to a privilege escalation, denial of service or information leaks. CVE-2020-19667 A stack-based buffer overflow and unconditional jump was found in ReadXPMImage in coders/xpm.c CVE-2020-25665 An out-of-bounds read in the PALM image coder was found in WritePALMImage in coders/palm.c CVE-2020-25666 An integer overflow was possible during simple math calculations in HistogramCompare() in MagickCore/histogram.c CVE-2020-25674 A for loop with an improper exit condition was found that can allow an out-of-bounds READ via heap-buffer-overflow in WriteOnePNGImage from coders/png.c CVE-2020-25675 A undefined behavior was found in the form of integer overflow and out-of-range values as a result of rounding calculations performed on unconstrained pixel offsets in the CropImage() and CropImageToTiles() routines of MagickCore/transform.c CVE-2020-25676 A undefined behavior was found in the form of integer overflow and out-of-range values as a result of rounding calculations performed on unconstrained pixel offsets in CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c CVE-2020-27560 A division by Zero was found in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. CVE-2020-27750 A division by Zero was found in MagickCore/colorspace-private.h and MagickCore/quantum.h, which may cause a denial of service CVE-2020-27751 A undefined behavior was found in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type in MagickCore/quantum-export.c CVE-2020-27754 A integer overflow was found in IntensityCompare() of /magick/quantize.c CVE-2020-27756 A division by zero was found in ParseMetaGeometry() of MagickCore/geometry.c. Image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. CVE-2020-27757 A undefined behavior was found in MagickCore/quantum-private.h A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. CVE-2020-27758 Undefined behavior was found in the form of values outside the range of type `unsigned long long` in coders/txt.c CVE-2020-27759 In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. CVE-2020-27760 In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed. CVE-2020-27761 WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed. CVE-2020-27762 Undefined behavior was found in the form of values outside the range of type `unsigned char` in coders/hdr.c CVE-2020-27763 Undefined behavior was found in the form of math division by zero in MagickCore/resize.c CVE-2020-27764 Out-of-range values was found under some circumstances when a crafted input file is processed in /MagickCore/statistic.c CVE-2020-27765 Undefined behavior was found in
[SECURITY] [DLA 3350-1] node-css-what security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3350-1debian-...@lists.debian.org https://www.debian.org/lts/security/Bastien Roucaries March 03, 2023https://wiki.debian.org/LTS - - Package: node-css-what Version: 2.1.0-1 CVE ID : CVE-2022-21222 CVE-2021-33587 Debian Bug : #1032188 node-css-what was vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable. The exploitation of this vulnerability could be triggered via the parse function. For Debian 10 buster, this problem has been fixed in version 2.1.0-1+deb10u1. We recommend that you upgrade your node-css-what packages. For the detailed security status of node-css-what please refer to its security tracker page at: https://security-tracker.debian.org/tracker/node-css-what Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmQB0N8ACgkQADoaLapB CF8FvA//bGZ4RT18gB2zq0ntKGoSiglfyUFFWDvojByo3i+amPKHjNE4aE+KM5M/ igK5oKDx5YNhjXBi2B9mhO+vWv9vwlnLW3sYZPzLd7Yao2uE2PtKR3PD4YRgovrl 0sCKgNiZg6pC6cJHmlAiDf4cdQ7zkmCFXqsf7JVXWbhHlWl9RExacFyU1G5SrHha sG6vNjX6cZHOp2FN89n6BAzmaIos6PLaVJylLH6KxbthGmTHYOQHgh8Am9XZik52 88JMTAtWPn9lLVxTmOZvv+kzHr1SgY5/+V5vK3W6egRDQ+7lf5rp08MLa0oVqSXm zEu/IlRsiarb6wHoe3o+et//R5OTqy1jz03DG6kXEKbUsQk9yAOdh7ENmOfy2a79 sbVUKwIknB5eLxmVaLoQ6EtfrXvEv0RLbTKqDdPg4+i8RK1V0ScDSGooYb/t0ZeI buKCN5nSqAz7cU0SKywPUb1w5l+97U8nB9dFsQusEyUETJhO2Gq7kEqA4fLcgwBl RLGyKvUvK47O9VP9YD9xqkuWSmaLZHJ8x5aZ7dtQu27CL7Q/w26P1V//wDEknZ5H VgG4eCGBq3mll5RgTVAKxZb/851L1Sg/u6c8aCXuqdmIr2hB10vTqAazEc8VQl2p iZSPdQS6CAjG3AaL5oyyqlKMSm+CEkN0BUwc0TEX40Yd0va3dB0= =OzxV -END PGP SIGNATURE-