[SECURITY] [DSA 5734-2] bind9 regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5734-2 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 27, 2024 https://www.debian.org/security/faq - - Package: bind9 Debian Bug : 1074378 The security update announced as DSA 5734-1 caused a regression on configurations using the Samba DLZ module. Updated packages are now available to correct this issue. For the stable distribution (bookworm), this problem has been fixed in version 1:9.18.28-1~deb12u2. We recommend that you upgrade your bind9 packages. For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmalaGpfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RQAA/+IIV9G8lTWHgh0YmMe1a84sYlo37BLBaCMeefUsBGBhngJlNCFT2m3YxA +zf6lMfHOvZPysMWoFqwIzRRo/wcQ9v4NhvZ0pEQaeUkCwqNzfWiUspoTLdGY/aw orrw6egUIv89lUDTixQpoI2+bhdM0ASrgpWV/AoAhELV0eUU29d2apsKr58um2W1 HS1cu7IystRKaRqhZHdaQg5aHiOsuATne19OKQ+Zp9mQmgpzaw6gupRFNwcQC0tT 9bVod4k4R5G/Z1takHW+ePrSEBfC7zWNYjrYLlEr0bf56tO1nZU9PQJuIPZfADaC TNtvkWTk5ZOEudDFiUXhkyjVT6o0sBS98/FzXqSRSlq1z51KeJy0QPziUdQjqcDV tV/314by4uXfLkRIXiTMQhtAP9HlTIdk8wy2ceX3sYwNPxfLT5oAoGVA2b1CLU7m MPU+qbu1fjJaebZJQA/L5WnHDLNPH4jMg6Pz3Kr7bbB8LEumC7zlp5T2IyY+BbHF ECBeZTsW27Gs1CS044ANmPrqoL5qE46YrIzWfYO5/hnvoM/f53JpshGGMYiKyW1r 9CWN3IlZpxk8cEjtoudO6H5TlLHlUpfs+zwOVcCoer5TVsCwzy/achxXYS29xLLY 3QeoAL3yBPnfvMUzynbUz9qovzt7p7csbg5cwf2C/lCP9imZUk8= =UY8Z -END PGP SIGNATURE-
[SECURITY] [DSA 5734-1] bind9 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5734-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 25, 2024 https://www.debian.org/security/faq - - Package: bind9 CVE ID : CVE-2024-0760 CVE-2024-1737 CVE-2024-1975 CVE-2024-4076 Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service. To mitigate CVE-2024-1737 two new configuration statements have been added to allow operators of secondary servers and recursive resolvers to set an upper bound on the growth of data in their zones or caches. Details can be found at: https://kb.isc.org/docs/rrset-limits-in-zones For the oldstable distribution (bullseye), these problems have been fixed in version 1:9.16.50-1~deb11u1. For the oldstable distribution (bullseye) the limits to mitigate CVE-2024-1737 are hardcoded and not configurable. For the stable distribution (bookworm), these problems have been fixed in version 1:9.18.28-1~deb12u1. We recommend that you upgrade your bind9 packages. For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmaiyWxfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QuwQ//bkCb8JHKpgBGZ6R2LVEqJpvYW9v2h97Yc9UgTfU5TTP7PuJW8gB3yzD3 m1YwCvic9X3xq/oytm4qmwsSbh4NhSZkWZMBLvUZ+Mz3psG+lrySvH4tZef7YVGE E3tIYQ8qw+i68i1DhjbQ1IIylTJpppzlHZxIH+pKGK3unQC8BuhelP1J5CK6bPXH zId6gcF5OKQaiadblLpiykmcTaMwYHEwzyFJiH6VfsHZCm2+g3vSooowtofX034d DPX5RRIprdp9NEzBtGoknx5vjzEXeUITnp1KVTSmhq6KS1l7dyT4UfvFvuGBn7lO POWs1YpDVKynxjxH1rqqy8xEI/UW9lY1n4wcIXHc2i3QuUpTmQgUEj0yKAGZ7V8w 97V1k3A2qg+CAhy7p3fJH7ZuEfPhXrt9wZjF+yhVqQXte804UHe2o2Psg4Thayjj MXld0iWRbgVdIKod9MZxKcnIMcej5A3FoyPgRdjp1GK2ns+yWiJUsbotZyYBeH9W fHNB/a9OpmmzL7C+RtCuZrmoIo3vWvfRw2Um4psoFEko3b5hFzpLeRPSS3XpUd1x 9LYq6noJLCC9DwsaKaTpcvo3dqv8m/ZGmXGaUDceryYzz1jjttL4Il4rKjwmIN+I 3Xsow92i3SlwMuY2No23cpEoOeh4IzUzQfpJBLDCO+geVzB9L8w= =v+ir -END PGP SIGNATURE-
[SECURITY] [DSA 5733-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5733-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 18, 2024 https://www.debian.org/security/faq - - Package: thunderbird CVE ID : CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6604 Multiple security issues were discovered in Thunderbird, which could potentially result in the execution of arbitrary code. For the oldstable distribution (bullseye), these problems have been fixed in version 1:115.13.0-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 1:115.13.0-1~deb12u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmaZf+RfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Sclg/+OfwoDBqKjzyky56WHN0DJFCDtEWZWBT4eo9u1JNmKwCTFdGSnT8uZxWD XZBnDK/o3tgs7n49qSimrhF77TyVDpDf7prFMwVOIdtZjrpYhW9OHEN6wPUxXc+M 6qZMOFxf7r4mVYXn3fUrx16MgMWj95kdQofoRZx71bVFAKKXFhar2J3quGDtxDer OqlA6mUI3XHJaV4U0kMqhGO8OQ2Y/ivIuNy6bRNoVAZYZtuWs+fVV948jnVSOOdA CWKUDOqFfjj9T8TJC5pCaA/9B8OnJ67uq7Y6mXwqOfyg7O4C9ieCiLk+uZrJiVQi /oyk5p6q9phwMizEOrS311mRGDa3Nh0PTfGA+HO5uVLNXmQADbIkOeglxRphJbae Pn5FjP/H+FdtRTWhU3+2CZw4XLky+OxfUWHCS/pqF4Jum/PJWHqIe47VuNRdTONQ MlpoCNF1DUgQ+AMCwu6HBkXJoGbnIY/18lYet+BhnIYwfCgKuyFI6IUBZ5plvEhR 1qzWCv3hAPf/XNAWTHO1STXX1LM9MPehqEQpZdxZTWuftoRrcLppNKOKFHM8UYcN /QQIu0E/iEQ36AxXyU4XmjeqZ0c1Yt2GcZKutCeJVH8Syy9/owMM+k6d5K9u/P2f Zw6Ujwq6/wVxu7ZZ3B0w6JOmOzqW6ZxeWQbKy+fwH3NZrGlrNaU= =kncb -END PGP SIGNATURE-
[SECURITY] [DSA 5731-1] linux security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5731-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 16, 2024 https://www.debian.org/security/faq - - Package: linux CVE ID : CVE-2023-52760 CVE-2024-25741 CVE-2024-27397 CVE-2024-36894 CVE-2024-36973 CVE-2024-36978 CVE-2024-37078 CVE-2024-38619 CVE-2024-39298 CVE-2024-39371 CVE-2024-39469 CVE-2024-39474 CVE-2024-39484 CVE-2024-39487 CVE-2024-39494 CVE-2024-39495 CVE-2024-39496 CVE-2024-39499 CVE-2024-39500 CVE-2024-39501 CVE-2024-39502 CVE-2024-39503 CVE-2024-39505 CVE-2024-39506 CVE-2024-39507 CVE-2024-39509 CVE-2024-39510 CVE-2024-40899 CVE-2024-40900 CVE-2024-40901 CVE-2024-40902 CVE-2024-40903 CVE-2024-40904 CVE-2024-40905 CVE-2024-40906 CVE-2024-40908 CVE-2024-40910 CVE-2024-40911 CVE-2024-40912 CVE-2024-40913 CVE-2024-40914 CVE-2024-40915 CVE-2024-40916 CVE-2024-40919 CVE-2024-40920 CVE-2024-40921 CVE-2024-40924 CVE-2024-40927 CVE-2024-40929 CVE-2024-40931 CVE-2024-40932 CVE-2024-40934 CVE-2024-40935 CVE-2024-40937 CVE-2024-40938 CVE-2024-40939 CVE-2024-40940 CVE-2024-40941 CVE-2024-40942 CVE-2024-40943 CVE-2024-40947 CVE-2024-40948 CVE-2024-40953 CVE-2024-40954 CVE-2024-40956 CVE-2024-40957 CVE-2024-40958 CVE-2024-40959 CVE-2024-40960 CVE-2024-40961 CVE-2024-40963 CVE-2024-40966 CVE-2024-40967 CVE-2024-40968 CVE-2024-40970 CVE-2024-40971 CVE-2024-40974 CVE-2024-40976 CVE-2024-40977 CVE-2024-40978 CVE-2024-40980 CVE-2024-40981 CVE-2024-40983 CVE-2024-40984 CVE-2024-40987 CVE-2024-40988 CVE-2024-40989 CVE-2024-40990 CVE-2024-40993 CVE-2024-40994 CVE-2024-40995 CVE-2024-40996 CVE-2024-41000 CVE-2024-41001 CVE-2024-41002 CVE-2024-41004 CVE-2024-41005 CVE-2024-41006 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (bookworm), these problems have been fixed in version 6.1.99-1. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmaWylhfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SMThAAiAanrQH+A4sTcRMZgwj521PKppx6+06c3jbqktG8XwQeOmaRrA1tgeyV ABahFSib/84PJtdqpW8+EHSJvGvxm9TKND98pPV6SjId2Ly7D+ARnfm6vIZzW/Sv WOZx0IU/So8qbZ7OjvKTfT+869yJ+MfRnYhdfuFTSJaZYehMyeizUMM5fjBX3dSf BBKcxR9w/RI2OgxiN45Q9+FrCCMS26RBTzRcb3pskw8741gzDyEostjjG+k5B8XJ /gEu10O3dGKtRV/1Uhkd5R4ACkcXHovox9EmA2vizGNfhf981cTeBT2ZIPIzstIY +/vkd4uUPi/OgIEBlkvcQx0UUaYctqDOnpvRqrLU9hwBkhlk0ueHxaHiBl9tf6L2 CDYb1BROY2A0eDSqCFugYMjzZDIbihFUS1Ly1TKDqea5xDTfiZcWa1u7bFp/LR2C 075lTh79e3GMdFceWfJk9SiPrFZnpCiokTmvbg4c0U7ac8ruXbAcV4i79exMTgwe VtUBFRufnLesmMmolGnqWSDA4Mf+w04MXJj3tU9N4MfC0bG0Y46IlNrabDOhUlns VdHvDLQOIMcFOl8rfKjFs+wTuUkRZUSFNQotG1WDiTezcQqbMS2eodVCB6Cq/51W L6oukVbbmncmYgYY3BGLTfn7ZxHUK3nhu/WmxtmwI4KsViLd8+Q= =KPq+ -END PGP SIGNATURE-
[SECURITY] [DSA 5730-1] linux security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5730-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 15, 2024 https://www.debian.org/security/faq - - Package: linux CVE ID : CVE-2022-43945 CVE-2022-48772 CVE-2024-25741 CVE-2024-26629 CVE-2024-27019 CVE-2024-31076 CVE-2024-33621 CVE-2024-33847 CVE-2024-34027 CVE-2024-35247 CVE-2024-36014 CVE-2024-36015 CVE-2024-36016 CVE-2024-36270 CVE-2024-36286 CVE-2024-36288 CVE-2024-36489 CVE-2024-36894 CVE-2024-36971 CVE-2024-36974 CVE-2024-36978 CVE-2024-37078 CVE-2024-37353 CVE-2024-37356 CVE-2024-38381 CVE-2024-38546 CVE-2024-38547 CVE-2024-38548 CVE-2024-38549 CVE-2024-38552 CVE-2024-38555 CVE-2024-38558 CVE-2024-38559 CVE-2024-38560 CVE-2024-38565 CVE-2024-38567 CVE-2024-38578 CVE-2024-38579 CVE-2024-38582 CVE-2024-38583 CVE-2024-38586 CVE-2024-38587 CVE-2024-38589 CVE-2024-38590 CVE-2024-38596 CVE-2024-38597 CVE-2024-38598 CVE-2024-38599 CVE-2024-38601 CVE-2024-38605 CVE-2024-38607 CVE-2024-38612 CVE-2024-38613 CVE-2024-38615 CVE-2024-38618 CVE-2024-38619 CVE-2024-38621 CVE-2024-38627 CVE-2024-38633 CVE-2024-38634 CVE-2024-38635 CVE-2024-38637 CVE-2024-38659 CVE-2024-38661 CVE-2024-38662 CVE-2024-38780 CVE-2024-39276 CVE-2024-39292 CVE-2024-39301 CVE-2024-39467 CVE-2024-39468 CVE-2024-39469 CVE-2024-39471 CVE-2024-39475 CVE-2024-39476 CVE-2024-39480 CVE-2024-39482 CVE-2024-39484 CVE-2024-39488 CVE-2024-39489 CVE-2024-39493 CVE-2024-39495 CVE-2024-39499 CVE-2024-39501 CVE-2024-39502 CVE-2024-39503 CVE-2024-39505 CVE-2024-39506 CVE-2024-39509 CVE-2024-40901 CVE-2024-40902 CVE-2024-40904 CVE-2024-40905 CVE-2024-40912 CVE-2024-40916 CVE-2024-40929 CVE-2024-40931 CVE-2024-40932 CVE-2024-40934 CVE-2024-40941 CVE-2024-40942 CVE-2024-40943 CVE-2024-40945 CVE-2024-40958 CVE-2024-40959 CVE-2024-40960 CVE-2024-40961 CVE-2024-40963 CVE-2024-40968 CVE-2024-40971 CVE-2024-40974 CVE-2024-40976 CVE-2024-40978 CVE-2024-40980 CVE-2024-40981 CVE-2024-40983 CVE-2024-40984 CVE-2024-40987 CVE-2024-40988 CVE-2024-40990 CVE-2024-40993 CVE-2024-40995 CVE-2024-41000 CVE-2024-41004 CVE-2024-41005 CVE-2024-41006 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the oldstable distribution (bullseye), these problems have been fixed in version 5.10.221-1. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmaVfQRfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QTQBAAjbkSAUDxfo/lXRTOhZ/6AB3rmZY9aTl99Xb1ylIxr2BYJDS1HqPeHtv9 574sis7ZyHK6FfaTO0mgX1xvg4eVGtnMWkJrROOVX7DtbKeHAFzhw9tfB2Ed7Yw1 kz9y+AOkIZe1Rua35FmgoYz5kgKtKUO2VN0Ku61x4CrzIPdhICE3/GDoJLlB5vnK lPFId3Gkki5oZn3vdIj22uph1RFrdMsZKippTHfRXYPJGGbwjr5oOdmuWhIlsZuN 4M1mzVu9l0FkDwR1V3fTi7y5SdX0JOd9FxH0POiQ3udTAteeJC1Vh0YQHLVqIa/m xr6m+p8XUSf0bZt+SdnqcNhpWk4NaRUqqHjBISDpzHpIiRj6/c5WCzyxf+lhR/BH GsDXL2a8+pKGsJVd++GbmUp++2tv6b/DOT0OfIbgfpQdAemgpdGWhUcRUB650UaR jg+Z7hVDL1gAN3hL16eRfO99/OYakVcS35qXC2+b3fIggz2oer5qnLZI0svojkDt 9oHiANpGFe4GZQjTfamRtG79uua3jyrtEg2qzopMtVdDokuOIHPuKqtraMbJ1JMx Mtu7sYOSUsOLDSBqEJaPVzZUFoDOfBJ1/uZZ1msXefxkiTR2hyb4YMcd6MnV6nX4 NXAHKHsRChFeESP3b/z8Ca0alXQUrPUqb0U7fbW8mVYFnNT0R18= =IskL -END PGP SIGNATURE-
[SECURITY] [DSA 5729-1] apache2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5729-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 11, 2024 https://www.debian.org/security/faq - - Package: apache2 CVE ID : CVE-2024-36387 CVE-2024-38473 CVE-2024-38474 CVE-2024-38475 CVE-2024-38476 CVE-2024-38477 CVE-2024-39573 Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in authentication bypass, execution of scripts in directories not directly reachable by any URL, server-side request forgery or denial of service. For the oldstable distribution (bullseye), these problems have been fixed in version 2.4.61-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 2.4.61-1~deb12u1. We recommend that you upgrade your apache2 packages. For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmaQNRxfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SZZxAAoEqC3wBFMdy9K6ZiNYlNYX/jnQEI8lvwTJJIivK19FZfA+/Tqjn94EUl zkG0MOkwU4KhuCKliFtUDQpTF0U7+BxTnJaCdjIXbSHJirrwQJpfH9urESpHoHx+ GD4eN7XL9zb3XIYSToX1rwcCiz5/Mh96+q8e1IF7mTEYcozZdrgLVGWDk7sCu/E9 MeXgUTn1nZPcNmWlky6yfeSdt8coywMUUJU9AXnb4znW2jA75M+38XajINHyRjuy iuxSVqwBmBFUMOpMf7mm+0KsMfg7DGX230wHszWi8QNNLsjUDpDx/wxuwVvAgw6E Kxk3OPbQ2o3zweyYS4BIypswBhyFM/UP4imnJ65dY+eFMYNy1gpXLKrU4ufr9ZwZ u/dbRglC7Lno9/6+a6y/KU7iSVeGJS59Bj0k8jMsnj10QjMLOQYOEeK80GHzsDdf 87fr8zVwYgkXngM3xfaGeYYziVn88xTTGp/WGo6Rrv/jAU0MLFXQnMvzKTk4wwGN sHH+wOTKlLWcpzPWOGPyIIxdA3fUqZMnqGLnq2NUDnjvAYJEmfrfp7b03sXRyXKx hQhBYL3yADm6Iabax5A/65XZQFKF6yIVAzfAbIUd4ZMMsSCrDBw8bKsfucVRu/YZ aw/5A9G6s8vumlbuLPTHoeJEAhBlefrVEkD26DPoTa455VLWnrI= =w/tp -END PGP SIGNATURE-
[SECURITY] [DSA 5728-1] exim4 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5728-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 10, 2024 https://www.debian.org/security/faq - - Package: exim4 CVE ID : CVE-2024-39929 Debian Bug : 1075785 Phillip Szelat discovered that Exim, a mail transport agent, does not properly parse a multiline RFC 2231 header filename, allowing a remote attacker to bypass a $mime_filename based extension-blocking protection mechanism. For the oldstable distribution (bullseye), this problem has been fixed in version 4.94.2-7+deb11u3. For the stable distribution (bookworm), this problem has been fixed in version 4.96-15+deb12u5. We recommend that you upgrade your exim4 packages. For the detailed security status of exim4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/exim4 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmaO7kFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SQbQ//Xf0lnD7yltYNVPwznIlXWJYasQQUgq7B5s9p9djogOnGK1W8fHS4m5g7 7nk4P7mI6YeYp2LZ3uOll4WhqRDes7UtCIKYq18vs8PqljoWusvg1Ay8UPp8q8lZ ria6PTz3I0baMIzLtEilNNC2NYHwuS04wfs/7g6Rih/bzTRCJcUKa8tUtXVv7/7/ WCnWDOcSIuNFBX7aOeO+PNlSCo/Cc2ku/6e4HOsGR1Y6P2moWYhSZ+xOuP/lphxP IxMzzRjIZ7f9yUtoiajpTcZ2w6pCSGYs9WVsFyeajXiI5ZQjSF5iMs6W/9/ZcF8o Lf6ZPZxOt/hp1zfTL1UwQCacjMV6ZrGzjL1kXVwkFywc9xlEu6zgGApEi9pIAL9k yOT7RaU4UCJg5DMotNwlQaVop8X8NbKEFA1MBlDnVK/1I0zyPb3cOQjOT13kj0hr +RX9o7icU6X0G1BW2rMLrAFZZsTkRPkp6wH66zoXywfgNdk9u06sL4GrXUNAtU1j LvttKCiArpYQ1R3bEcq0SZPCiPXOQglwXRP0+lOnyvbnm7H+gq8qdhyp8AqELxcn 7W1PuvGD02p16cyYZLRX7QwooJQ2xu6ZF8pgWOUts4H5nacXLg6YR/eK53SGgGHT 9BNJzodKqmh72z1fdzpOeo7WhjQk29+/NEUipZ6aqQi/4wGpuTU= =gyDE -END PGP SIGNATURE-
[SECURITY] [DSA 5727-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5727-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 10, 2024 https://www.debian.org/security/faq - - Package: firefox-esr CVE ID : CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6604 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation. For the oldstable distribution (bullseye), these problems have been fixed in version 115.13.0esr-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 115.13.0esr-1~deb12u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmaO6L9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RmFQ//eJd5G/2MtEuGtP7pbAh3hYThPjm2UNegQbHEddABS8xeNJYqG9znHTUk 63GIoZ9VeTYax9/dOe4qfw+S8TRtN1PUcyO4574rk0Xg2Qy5H8Ty+TE3W8jfEFpu CCOSTsug4ZypU7p4+aI5gvQUb0AFQyoAwt/tepaofbZXXXf2kGPXnY22pbyiwhhg lxqgbKgWCNI9j6OGMNAXoqSDnIpLYfSeTrJ8OW+D/m40krtbOw0iXxW7wgZrDGJh zigF/Tq9Pjzpl/pHnmc+jQT5ISMFoNcR6+CVyAucXVca5w7D8B1i2M4WmTe4jft8 ILTRKp7IIkHTyrfBDxORS2TpA0fXB5UloxyX3xuaX/scdFQooOXh/Pw612jEHAeW ehzmRuYYYFM3Sx6GKqVtUfz+oVF+jMzCZzkFeKJu+uox4tIOwiL1lIO8AcRmu+Kg u3o5JDk0OGl/I9oyocgqyXKDY8PCdwNIO7aNprbamg23MaK7URDVFkpQ5HwbikNF uoSHHYOxgTMaquH3SmIiOuZjEOeJlD+agMZn1zcQWtolOYNXnC3gDztQrzhAFXSs xMcXeoUnOev0VdVbPTsdCMZX4Vaq3A26Y1AOuYOPaJpKQd9NLxY2MZimh+BDIAwL Ic9ykGTn8OaFrAXODkLIHtylWtTTCh3LgtCca/dpUP3zJYFTjAM= =Lx/v -END PGP SIGNATURE-
[SECURITY] [DSA 5726-1] krb5 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5726-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 05, 2024 https://www.debian.org/security/faq - - Package: krb5 CVE ID : CVE-2024-37370 CVE-2024-37371 Two vulnerabilities were discovered in the GSS message token handling in krb5, the MIT implementation of Kerberos. An attacker can take advantage of these flaws to bypass integrity protections or cause a denial of service. For the oldstable distribution (bullseye), these problems have been fixed in version 1.18.3-6+deb11u5. For the stable distribution (bookworm), these problems have been fixed in version 1.20.1-2+deb12u2. We recommend that you upgrade your krb5 packages. For the detailed security status of krb5 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/krb5 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmaIYgxfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QlXw//Zxf+qU8sOJoolWJrkNtWA4QXSkbSqPzzufgxH97Tac6qgYEo9KIDMZzS eThOW0r1OqqPS3131lMRgRpzDpJd502vHylsAOyKp9zUloVr9dSK0R1W1ALp0tOp I55xB9KnNxRwmuaXqpDbs/g9eBX+oLcbaLyq9krT4baQg/f4sfWd+mBFkPEAbVcH tvUzuGL34ANUaSwIaJ7pcCBjUWZtqL9XNC0DsB7n3xyuKk193/dASajAopsOavBR 6imyxmxNduO9F+MxSd7IELCyRqRZ7YkM30ZCmKgYM4velc8fFYSLmdT8lzvogBbc rCnH161JkSy2mxLS5MjmdbY8V/Pu37xL3lcejoYmq4RM5eceZuGOr6LYk3Xp3nzV ytVrZ852Az2KZa0EwZQ7Haz2csStbmKwTDQRbHkq21+BMZ5ZkWF6Lj0jeCx/UsSY gpWDDsKbSsrioIMM5W9q6avf1O0h/xUTy/S2k1+kY0RrAnI49NIivSc9J9ZwoRvV 5ygq7Cu7K/cYU4KxrmRQB0Us2EEUY9TCAOKNXXu9h/YpV3WQUzfBlkw+o0OYQ6vG poxo0kOR2bzfCwT2aKSbtq3uXMaeg64rHhMG1PrsO1gDn8NczoQ1nsWnZQ4rdeUj lEbzC7NBzPQNVpbCt+NvaXdZjI7CIB3kfrgRfwQSGji/VlSVhVk= =oNDx -END PGP SIGNATURE-
[SECURITY] [DSA 5725-1] znc security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5725-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 03, 2024 https://www.debian.org/security/faq - - Package: znc CVE ID : CVE-2024-39844 Debian Bug : 1075729 Johannes Kuhn discovered that messages and channel names are not properly escaped in the modtcl module in ZNC, a IRC bouncer, which could result in remote code execution via specially crafted messages. For the oldstable distribution (bullseye), this problem has been fixed in version 1.8.2-2+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 1.8.2-3.1+deb12u1. We recommend that you upgrade your znc packages. For the detailed security status of znc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/znc Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmaFtdJfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SD/w/9GnF+OQrjFxg2waLPlyE25kUbjXQUN1XkSyJO44eVlpLl8C2QJHx1w6f+ +9WENFPxksEE5XcXi/tbdNw5haqvkWv8AvnQ8w0YAQzT9/p5US9Osm5WEky2XPhj invpQCSm19rUEKYhaU0PlTf3xIoxtI3SifTF0dQNv9WKRP2kBbSKnUYPITpXSz87 qgfqHZB/EW8IOBQ6hOn4DPGwtLGad3nqdPUij1PO5YRh2I/CjU9etj0JJtFSHowg g5d5P6vdmbCSQ02OB8NGD/qeJtgou62GPRnRkYacXZSD/x+znwfoRdJZhp/VbhRa PzGLWIwt6g0TX/VJ+NiK5mQ9JkAo78dVJUWpOmjtlRzisGD6OwZtEtuEul60E3d5 YS++IPkVZvy1yEZuChWwGtWwJA9u4kU3Yss4qbayQzXKS9tN1ZZnHIGaWE2zDekX hVf9/xpU6WPOeqVfiqeR0OoVnbVuh5zlZXqFupa5dCaXlyJDyXDAVDfuK4WwZK1d ODwBkYsjY4sxPfzFQ0ANTLorhqEpVrE8okpiVmkISG+sdqNXRbmQN8TN9D7P34/N S13+arq3/fTQTZFPKMgT37mKXs15XjTPpTlgTOwkoZWR36klZDvY7mbtyqjdifBx E9LstG9iXAXnwTum0s+NnEovBAOq9gkgu7Ahw45RIqmf0BRHF/w= =zbCH -END PGP SIGNATURE-
[SECURITY] [DSA 5724-1] openssh security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5724-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 01, 2024 https://www.debian.org/security/faq - - Package: openssh CVE ID : CVE-2024-6387 The Qualys Threat Research Unit (TRU) discovered that OpenSSH, an implementation of the SSH protocol suite, is prone to a signal handler race condition. If a client does not authenticate within LoginGraceTime seconds (120 by default), then sshd's SIGALRM handler is called asynchronously and calls various functions that are not async-signal-safe. A remote unauthenticated attacker can take advantage of this flaw to execute arbitrary code with root privileges. This flaw affects sshd in its default configuration. Details can be found in the Qualys advisory at https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt For the stable distribution (bookworm), this problem has been fixed in version 1:9.2p1-2+deb12u3. We recommend that you upgrade your openssh packages. For the detailed security status of openssh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssh Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmaCZ8FfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q4Wg//aZsbkbZGHEu8MB05vKwMdJfyHaGfCdiC5QGLhjqQHTJuNC9zpiHAFopQ R7mwvxNUOvpfPLntsxELiQXFNgr3/y2SdJfWXYuewxegdvPte1vpeixh+EnsN7+l RBnKoLdQZoDZWz/kMRoDhDjAtecJBHbxO+z4GJ+BCRHL+jXbUPc03Q51Q9yhK84a 5XH2ys2obz2BtLUzOH786FTwFo1ddcZh1BaQmFv0gjC2vPUO5ZnFiC2lxXZ5kvrY +BP9YCVATw4M8wWrBqbDzrbL+9c+A1c5QCdzFuPj6O8KduPqG7PvDSiNHuh8Bubs V54zaKuxaDjJi+7gmGND/LqlEgrrXX5tztSUfglmfbX/5ccGeq+3J3ORoTaJcBL1 sFK6DNFGfNrUm+D5fFYOm6VpY9oULoNpk4BrxipvKvxZ2Oe36J7sBnXoQ6OwV9Vv DaijMfzFYo8yNRa1skChw8jOlN49CrN+DKLhUeKmcYIaTBjzB5996vlMxgL/wJxK I1fGmn/bgwBdUnobS18rknhqfwBh1oD9fM7aZlYFbZnVYc+gvJASXf6TxS7ung/c MTbXfArYHBrHrq3URDCemh1oxEpH1/TMmMvO8eCw6YOk9v5RaGVYChSBT/xY9utK MpejGbEpuyRay/liwRm8csA6AYNJsuk0O/K+mftf4SjjltX7b9o= =c8CM -END PGP SIGNATURE-
[SECURITY] [DSA 5719-1] emacs security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5719-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 25, 2024 https://www.debian.org/security/faq - - Package: emacs CVE ID : CVE-2024-39331 Debian Bug : 1074137 It was discovered that Emacs is prone to arbitrary shell code evaluation when opening a specially crafted Org file. This update includes updates pending for the upcoming point releases including other security fixes. For the oldstable distribution (bullseye), this problem has been fixed in version 1:27.1+1-3.1+deb11u5. For the stable distribution (bookworm), this problem has been fixed in version 1:28.2+1-15+deb12u3. We recommend that you upgrade your emacs packages. For the detailed security status of emacs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/emacs Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZ7IMRfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RRkQ//VodTfx1QWzYCV1WDvv2c6lekODGI1RQcM91+LRXnq+LsumEP55j5w26V 9O1u3Yze/94BVOzlggM3CzPLGeDS1gYDAGvoaZVrkgsK9k9DCN5vKJ3BSJf6vzj7 wtFVvlmnqIsMLUlu6yUpQlsDw6fhwKqrh4egIigDFSwR8kxzo+wBhTGVfuFLpmxl X0B1xAMWsk8srmWxcgvabMvGhSx+z06QHnsguLWljvk+yEQVfVTYqVA3PxySg/Qk /7SPwEBuWwe0MU6s4pltET/VdNI7nYeG2qSmWZ6ruFcYa2Xctoe+r2kQ02ngipJK RZScLFYmxbRqKDGTayNbXvAE9X6P05bhQvpYoYsnTueYrH5JzB++6Zli43PnT6aj ECMHPl7RKv6JOjqZB4VJpfsLw9S8QBkMPtSZ3zfy8/GSX8/113F8k4ur3pu/S3gH N8FWbygOYw6MrC7LeKKE77k43Tep1bEQPd6EwwlopjIulDg00tEGXXH9JdmXKH0V grgZTPubZvB/RrtW/AHkMrEDGdz9BfEnSxIOrPjbT//9tBVsxSN8jUflxUIoiCew v9yw6YUXKaRrIgcvMy/GMg/uaIZmxvYYVlO4eg7QHQ4trwaTtANjUFIya4PCpegu zjJS/rfx1BKpDDFQhJY25e7Tj6zfLV57GAb/rrZhRHRGQUCaBqQ= =62XM -END PGP SIGNATURE-
[SECURITY] [DSA 5718-1] org-mode security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5718-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 25, 2024 https://www.debian.org/security/faq - - Package: org-mode CVE ID : CVE-2024-39331 Debian Bug : 1074136 It was discovered that Org Mode for Emacs is prone to arbitrary shell code evaluation when opening a specially crafted Org file. This update includes updates pending for the upcoming point releases including other security fixes. For the oldstable distribution (bullseye), this problem has been fixed in version 9.4.0+dfsg-1+deb11u3. We recommend that you upgrade your org-mode packages. For the detailed security status of org-mode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/org-mode Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZ7HkJfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Ra0w/7BHBmDTLHRfXymGImQAh7e7QnVf2jliLZQKK//LuavYD0ts7ooPO7rHtF h/1iEw9/VIbj1D6FYsTfD3hD63YISgy0+NbygFqviiE/QYEt4V6GvGUbR8hhb0iZ 6fMKJcwBxfjCa8XOK/k9vK8tkrmEdF5dxGYyUOxeRGSpMoJyIFFdiQzTvtPTLVgf Q3kwznZjrSsFodM3Cwh8fpSf0qwJxQ5cRdll0lQ5YAJnZAs7tmOvI1gJWzr60xC+ iJNlc2BuKJpDbWGcd4hKLttmzfm1Awgg79xRbkWH4o36+gFz7XsPWDhUg8eUnAKJ LYkkNB7THyVj8iOKl657eVOWwK0mpWe9v8aq1JFOkIJ9/544DZo6OqJBli1CH/vO xRmol8AVGogBCNTRi+eG30aVfA3EMmf20qH+BIUOmb9CYwRAxIyOOT1TBHx5UCay V/JuF4LxajBGcYLavQg8ajD23UssEX+JOy/COG7jgUFrbzqaGYD+fn5iCmPoNaP9 09mP2s9xUn2E5Q9/B7JOn/bG9wpRm9lYFKUZJ0gGYZDLtOC77cf7Etc0TsSs9258 rZotSV30e81nxmz4w2Myv06acP11S51nMfm9EUMQkeK3j16IIco9zhpIcSbrHQDr gmkgrO16VfoRfWN5PovELosaYPDs3/zwS3ZJjENEYNQYBd2DrKk= =2Z9A -END PGP SIGNATURE-
[SECURITY] [DSA 5706-1] libarchive security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5706-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 05, 2024 https://www.debian.org/security/faq - - Package: libarchive CVE ID : CVE-2024-26256 Debian Bug : 1072107 An integer overflow vulnerability in the rar e8 filter was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed. For the stable distribution (bookworm), this problem has been fixed in version 3.6.2-1+deb12u1. We recommend that you upgrade your libarchive packages. For the detailed security status of libarchive please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libarchive Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZgy+pfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0ScPRAAi2HFosqr3NeyDgV7gT3bTjKrq5EwrG9HIYS0e21KPfLteXxcsDjNkfzN nhSY0CoEL29/vyQpON+ht1En7utYtiLrSgDcjak4E26mBcMy2haL3hqMuGQiJTGk clBUQ4iHFU1SL6+KoNEgpNPIDBgDtbVDTNJUz66IUTl/QTjPvTsbUkSdSuXAvN9C 9k5AEkSq4CIYl5UAQk4yJZ1MrU6pWdqPt6cpWULyaI5bIkC+fKdJ5T+2ElTnCT9V M/lkdePtI3V9iwj0vjEpelhmUlojjRUbbyuH+tDiCMUFj+GZueVvdZX1UuO4Je29 vcNZ4VU6YvxU5gsgnQb09KnZd5EFGnqGNBnaEq+EEzW3Q4p2non4q6PUj8H0qzgN DMz8fxXuwdIh/8bVkmRNVQPJFurfLp5aU4ECQ4NROk3rg/sotyAjgQb6QeP2tcax H0sKfgDc+SgcFgbUrGZ3CLanWiv19x7Oggt/I4DX/16GFSq3Z8xMzNlZOIotyr2T bKrIaPxwDrDyk8Qs2f6aPKOHZgiAIEOicpu3FP9Dr+oU9K/a8N2oDuz5Vwt4XOof N25GGZdhTTZtQ4uHBgEx1pmsWhpycdFSPUVHXW3pGoMNgIkOKau/oid73v224koB Xe2eWygGE9Tnk9EDL9FtqYRbq+zTJGElcF7URbVRrxR5MVE8Ejs= =BFbJ -END PGP SIGNATURE-
[SECURITY] [DSA 5703-1] linux security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5703-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 02, 2024 https://www.debian.org/security/faq - - Package: linux CVE ID : CVE-2022-48655 CVE-2023-52585 CVE-2023-52882 CVE-2024-26900 CVE-2024-27398 CVE-2024-27399 CVE-2024-27401 CVE-2024-35848 CVE-2024-35947 CVE-2024-36017 CVE-2024-36031 CVE-2024-36883 CVE-2024-36886 CVE-2024-36889 CVE-2024-36902 CVE-2024-36904 CVE-2024-36905 CVE-2024-36916 CVE-2024-36919 CVE-2024-36929 CVE-2024-36933 CVE-2024-36934 CVE-2024-36939 CVE-2024-36940 CVE-2024-36941 CVE-2024-36946 CVE-2024-36950 CVE-2024-36953 CVE-2024-36954 CVE-2024-36957 CVE-2024-36959 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the oldstable distribution (bullseye), these problems have been fixed in version 5.10.218-1. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZcl2BfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0T0Sw//XK7kn+jtJzbA6ZB2hI9ORfNOwOIuFpjc19ZRV1SVQDknnqqbbRn1R+oA Dlt8KqymYgIn+Mcqp96+xLfzS2F6dnLQlR/QBW47ve6dpjiVKWm7NxJHQaK7hmS6 q8glRv5yyJN5AOeNW2YB3+I18/ru/fuTUzspwQLhFd/8E9EIci8yWwT/xL4pOVHP Jg65Q/KJ1fUs+OkOkLHs6nMA5UokQ5P55irSdvI6vtOZpvPsmezM8ogQYJD4TU7h IxZNt13EfJooNMR8g6p/ddyZNRYQWSKpxUj/QP9D1jMrrvOH6YOvyvElbggpJJBE r5eEz4dziCXq8WeZeu2aEJusRZAug7H5wEq2RmR8UyHmkEjYsmufj3kbmzFdQvp1 GIuT3/BKVqrkMpZNf+1nh1ysVoHe3rA7jBEutUovV/GYMVkvy+mq9tlg2OrIIIwG 6Hl4gcMZ/bTHMr3BxAO6TZwnxMxcxu2pex1yRbs9KujBsa1aS2u5BbAddu1h141e BCSZbwYK/sE12Rl7S7WGEZkSevnmeovvHjPnx9hP0KhOb/lKCFFPP50YIesWfS2H NdpT1vCXdueIhCD+Jj1hnYZbHC/WVgjfAl9ghrDDrcDs3qvdEas/nLDI6VH98wew 8yFyp+3JikYNQP4cIqzRK2eD7q9VtH3WZQqORApB8zqlEfVuxZ4= =DCXU -END PGP SIGNATURE-
[SECURITY] [DSA 5702-1] gst-plugins-base1.0 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5702-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 01, 2024 https://www.debian.org/security/faq - - Package: gst-plugins-base1.0 CVE ID : CVE-2024-4453 An integer overflow in the EXIF metadata parsing was discovered in the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed. For the oldstable distribution (bullseye), this problem has been fixed in version 1.18.4-2+deb11u2. For the stable distribution (bookworm), this problem has been fixed in version 1.22.0-3+deb12u2. We recommend that you upgrade your gst-plugins-base1.0 packages. For the detailed security status of gst-plugins-base1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gst-plugins-base1.0 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZay4pfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RlARAAmIfIncL6OtrDoqmsIdVoAhc3ouI+X6X+GdkTellF4MUxo5e5t7L4AwNC SxLAHqbqEgYRicB4pn6gv8AMBzN1Sn/8i3l8V74Eh93IVaId11hbXPEY4YUM3/Md bHQNf8HYkBxfB0PbkuuIWiZpxRTbI9eyo0TwzzF4r74J2032k3hH5hHA+dbO8RiU l//tv3WYpimyL6xrtxM7duws9r3iloEgUNHC2igJVZ0VRnYfmhIF23euzbcCbOal pufHn7DR5CSbp0y2DMDIjwOu14ZJSvvgKzr1knH2t/zW2TuHnVwbDoSP1KBvpcqe 8kaSKcIJZoetxsIv/5wNoVj2IikDUomFO02QPGXIEuMrzYc7ZkX8JC4/+6dgRzKX gFzPXuAU7gHtcmLLfIRnMkg5FVsbJfSUXDaL5tTW5YZ8aSoBUMHn/dNzfJXGn2oE 0nVce4cf0JpeTwMFYs9xT7xn0XCU8CggUjODGY11jGowPpgOXnLO3y08tx6iJ34M QPcFSbhFkrRCgWXEhLTF9N0xpnmiYM0VanA3m2zJlBacotOfEG3ipeRrHylMTUun 9ATrxXWvVNY5hSSB7eK9X6RBSvRdtDPzJ5gzbk3zlH7MKIIyx6CiI+Zx51I292K3 6kmi9zmyFBZgnBzPX2Eigp0bNNZlRwOlOFYKwClcdsgO5yvaxX4= =f9Uv -END PGP SIGNATURE-
[SECURITY] [DSA 5692-1] ghostscript security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5692-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 15, 2024 https://www.debian.org/security/faq - - Package: ghostscript CVE ID : CVE-2023-52722 CVE-2024-29510 CVE-2024-33869 CVE-2024-33870 CVE-2024-33871 Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed. For the oldstable distribution (bullseye), these problems have been fixed in version 9.53.3~dfsg-7+deb11u7. For the stable distribution (bookworm), these problems have been fixed in version 10.0.0~dfsg-11+deb12u4. We recommend that you upgrade your ghostscript packages. For the detailed security status of ghostscript please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ghostscript Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZFFaFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0S3qQ/+L4NBqDHzbEmnYIqHMi578/wEX4UL7Y7LNXRz7K8fk7ltMaFeWNQIaHws vry6jGs471C5VL8v4TfzCfVQPc3YHPbAs7Dj/5JIHNSQm3Jljb2f+QYIUrUtpWnd tV/fbf0N8lQF6KDGzjU9ZWKy6vGAa/1KRTGJDXNp5r2YQi5FZeQsQvxpK/oQ7bZ4 auCKexJ5Yf/ybJNYcsAdPs+r2TlXOeHuq80yRkYOTNXwkSBv94xKrXswF6dlKOWz 8o+lmiVvva+qXguqaYvkviJiAGrWjW09tc58C0OtzwzCTgKNZ30Njkw8bGvghL2Q LmYZM/UEkzywCcF7eN9g/4xKKem26wLFKrn01i1Df815gE30/KFinC9+B/8F3UgZ Vng0ca9ddxeIRzdDLEERATBDwN+wJ5I4ips3NkqCBe3lNSyM+f+YMvzDj30/2UKx DrGYHLhNnQG3i2D2MJBQs8YTRjt0t9hIiAM7rYPBBUYaarTeINGfwIppktayYZIj Nika/GmgO9nljdWNHNaC26tfF2gWoHljyC7Qb4N5/VpSLlXT04o5db3SNDZBCANu pOjUKu7iuaa9aeqPwkWC5VLuJly9cGu+QP/s2DaPbJcAKaQDyTeFaUeFpXIzhJO6 YvL2/hd8C0RU+JHkeWK3i0xigODdmVCdoziN9CpAad68vkzD3L0= =ZjGy -END PGP SIGNATURE-
[SECURITY] [DSA 5682-2] glib2.0 regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5682-2 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 09, 2024 https://www.debian.org/security/faq - - Package: glib2.0 Debian Bug : 1070730 1070736 1070743 1070745 1070749 1070752 The update for glib2.0 released as DSA 5682-1 caused a regression in ibus affecting text entry with non-trivial input methods. Updated glib2.0 packages are available to correct this issue. For the oldstable distribution (bullseye), this problem has been fixed in version 2.66.8-1+deb11u3. For the stable distribution (bookworm), this problem has been fixed in version 2.74.6-2+deb12u2. We recommend that you upgrade your glib2.0 packages. For the detailed security status of glib2.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/glib2.0 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmY8V7JfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RJGA/+IOsDXWcvXMOYEueKNZ+pIFVXLbT4GVMBvUIBf0wqJFbnmwaTXaEojqNR HKFcCLIBKzhHkJvCmhaEsaZXj05GxI0jIKV0CULuEl1PeYpXaypIF0BIbtH7Jd0j Q7/3qQgafewuJgqwn7e3CG9mF8oZv/QfwH4VPaJMkMd7cdRNytKOiJosg2ZEl3FK ycO/t58SMPxApzY5eebAU/u37UKAzI7PeCIz9FaCUQdwMUFuUeJvsYD21PwxYN/R LK79UsnHiw6sr3cpNirOhm7F3HXSh7WFBqQdcLGrTaix3X+RKW7NymNhIW8m7qWg kJ7w6JArMuvxj2Y2RiBF0eqVVkYcTHOe964+nvDHjzFIUkLU0yhw2GLhK4GzbWjl VpXc/+Rv1I9OsFF4SiKNSbi728NM4GUS3ziew//1l9EPM281UrCDoFRkwi1FP2jT KVWB0CZacqLmo62cT49HBb1rSxDXSEi0qc0yMKus+Jk+NT8H1k+cpjrK5hy0flJt JJWTOJMJ2Ph7LvLbrfsVoeuxeIz+taoLz6JW5dkpk1/LkxSmZkIKztdolirONMqF vBCTyz7IvBxqro5+vRsBnSFPJdw4pCVxhfgI/BFIUe8dA2Sh8bE+o69wTgcGDst5 ZHf28D3hClhMSc/SgotNTUf8KycA15VjxhvNtAeFL0HpOvAKiKI= =T+EA -END PGP SIGNATURE-
[SECURITY] [DSA 5682-1] glib2.0 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5682-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 07, 2024 https://www.debian.org/security/faq - - Package: glib2.0 CVE ID : CVE-2024-34397 Alicia Boya Garcia reported that the GDBus signal subscriptions in the GLib library are prone to a spoofing vulnerability. A local attacker can take advantage of this flaw to cause a GDBus-based client to behave incorrectly, with an application-dependent impact. gnome-shell is updated along with this update to avoid a screencast regression after fixing CVE-2024-34397. For the oldstable distribution (bullseye), this problem has been fixed in version 2.66.8-1+deb11u2. For the stable distribution (bookworm), this problem has been fixed in version 2.74.6-2+deb12u1. We recommend that you upgrade your glib2.0 packages. For the detailed security status of glib2.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/glib2.0 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmY6hPhfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SluA//YDiwiCjSmeQFXuFfSBga+BnPqAx5PHWjPbnjOyTefp6TH0xXiw0mQ2vF 5c99+cwy1kQkWffYJErX7XyLeoaOHxanXOUzyqhCLBH7iJFWIDiKDntYsd1BELDo 2H+9zOISltTowkcx9H0tq3HKM18SFHc/iiImc28wX6PdkosqGHGtTFF/qPOEDqi1 oqObyJV+F0RjGSiTE3qzF6zxmJHrn8oCvQ53L3VbspL+eohfCurkRMjLeg897Opo A67Eh82ZhUouKIBNRNZ6UGVsJ55vKWsYdyvC2zi4e9dbUSumijcPr2kci4C3Rb1M e63SYSL3xWA42z7LbtOdJZh0l7HcHZHDSw4UKhPw6jrCl+4ck5fQN9ezuGU5Rg8d 5oUjuDRIvH6G1vGELd6+P90hj/c+z23g3N41J05YWsLr1imoYuc/zHAHFlpt7NzI dJRczbKl0SUcxQGnevDmgj5LNmqTQvH/Q9t+d8jy6E8n1OP2IweMn+Tiit4abEGN 9bKAc09/qUhKwGrnHFfi7S9lPF9rpQun+voVylacrQsf2ijs2sgWX0kyH81Govxv s/QbTNUJUkXrQmAIahFQPzqEokdZd4phP1w25urjEx1ji7RklR9KtF6bBu6V1mhz fZ1Md3uhUt+8Vktbqwzfj18lvEXYg808ClX7ZA+x5cgTOJJKf8o= =uIf7 -END PGP SIGNATURE-
[SECURITY] [DSA 5681-1] linux security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5681-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 06, 2024 https://www.debian.org/security/faq - - Package: linux CVE ID : CVE-2023-6270 CVE-2023-7042 CVE-2023-28746 CVE-2023-47233 CVE-2023-52429 CVE-2023-52434 CVE-2023-52435 CVE-2023-52447 CVE-2023-52458 CVE-2023-52482 CVE-2023-52486 CVE-2023-52488 CVE-2023-52489 CVE-2023-52491 CVE-2023-52492 CVE-2023-52493 CVE-2023-52497 CVE-2023-52498 CVE-2023-52583 CVE-2023-52587 CVE-2023-52594 CVE-2023-52595 CVE-2023-52597 CVE-2023-52598 CVE-2023-52599 CVE-2023-52600 CVE-2023-52601 CVE-2023-52602 CVE-2023-52603 CVE-2023-52604 CVE-2023-52606 CVE-2023-52607 CVE-2023-52614 CVE-2023-52615 CVE-2023-52616 CVE-2023-52617 CVE-2023-52618 CVE-2023-52619 CVE-2023-52620 CVE-2023-52622 CVE-2023-52623 CVE-2023-52627 CVE-2023-52635 CVE-2023-52637 CVE-2023-52642 CVE-2023-52644 CVE-2023-52650 CVE-2024-0340 CVE-2024-0565 CVE-2024-0607 CVE-2024-0841 CVE-2024-1151 CVE-2024-22099 CVE-2024-23849 CVE-2024-23850 CVE-2024-23851 CVE-2024-24857 CVE-2024-24858 CVE-2024-24861 CVE-2024-26581 CVE-2024-26593 CVE-2024-26600 CVE-2024-26601 CVE-2024-26602 CVE-2024-26606 CVE-2024-26610 CVE-2024-26614 CVE-2024-26615 CVE-2024-26622 CVE-2024-26625 CVE-2024-26627 CVE-2024-26635 CVE-2024-26636 CVE-2024-26640 CVE-2024-26641 CVE-2024-26642 CVE-2024-26643 CVE-2024-26644 CVE-2024-26645 CVE-2024-26651 CVE-2024-26654 CVE-2024-26659 CVE-2024-26663 CVE-2024-26664 CVE-2024-26665 CVE-2024-26671 CVE-2024-26673 CVE-2024-26675 CVE-2024-26679 CVE-2024-26684 CVE-2024-26685 CVE-2024-26687 CVE-2024-26688 CVE-2024-26689 CVE-2024-26695 CVE-2024-26696 CVE-2024-26697 CVE-2024-26698 CVE-2024-26702 CVE-2024-26704 CVE-2024-26707 CVE-2024-26712 CVE-2024-26720 CVE-2024-26722 CVE-2024-26727 CVE-2024-26733 CVE-2024-26735 CVE-2024-26736 CVE-2024-26743 CVE-2024-26744 CVE-2024-26747 CVE-2024-26748 CVE-2024-26749 CVE-2024-26751 CVE-2024-26752 CVE-2024-26753 CVE-2024-26754 CVE-2024-26763 CVE-2024-26764 CVE-2024-26766 CVE-2024-26771 CVE-2024-26772 CVE-2024-26773 CVE-2024-26776 CVE-2024-26777 CVE-2024-26778 CVE-2024-26779 CVE-2024-26781 CVE-2024-26782 CVE-2024-26787 CVE-2024-26788 CVE-2024-26790 CVE-2024-26791 CVE-2024-26793 CVE-2024-26795 CVE-2024-26801 CVE-2024-26804 CVE-2024-26805 CVE-2024-26808 CVE-2024-26809 CVE-2024-26810 CVE-2024-26812 CVE-2024-26813 CVE-2024-26814 CVE-2024-26816 CVE-2024-26817 CVE-2024-26820 CVE-2024-26825 CVE-2024-26833 CVE-2024-26835 CVE-2024-26839 CVE-2024-26840 CVE-2024-26843 CVE-2024-26845 CVE-2024-26846 CVE-2024-26848 CVE-2024-26851 CVE-2024-26852 CVE-2024-26855 CVE-2024-26857 CVE-2024-26859 CVE-2024-26861 CVE-2024-26862 CVE-2024-26863 CVE-2024-26870 CVE-2024-26872 CVE-2024-26874 CVE-2024-26875 CVE-2024-26877 CVE-2024-26878 CVE-2024-26880 CVE-2024-26882 CVE-2024-26883 CVE-2024-26884 CVE-2024-26885 CVE-2024-26889 CVE-2024-26891 CVE-2024-26894 CVE-2024-26895 CVE-2024-26897 CVE-2024-26898 CVE-2024-26901 CVE-2024-26903 CVE-2024-26906 CVE-2024-26907 CVE-2024-26910 CVE-2024-26917 CVE-2024-26920 CVE-2024-26922 CVE-2024-26923 CVE-2024-26924 CVE-2024-26925 CVE-2024-26926 CVE-2024-26931 CVE-2024-26934 CVE-2024-26935 CVE-2024-26937 CVE-2024-26950 CVE-2024-26951 CVE-2024-26955 CVE-2024-26956 CVE-2024-26957 CVE-2024-26958 CVE-2024-26960 CVE-2024-26961 CVE-2024-26965 CVE-2024-26966 CVE-2024-26969 CVE-2024-26970 CVE-2024-26973 CVE-2024-26974 CVE-2024-26976 CVE-2024-26978 CVE-2024-26979 CVE-2024-26981 CVE-2024-26984 CVE-2024-26988 CVE-2024-26993 CVE-2024-26994 CVE-2024-26997 CVE-2024-26999 CVE-2024-27000 CVE-2024-27001 CVE-2024-27004 CVE-2024-27008 CVE-2024-27013 CVE-2024-27020 CVE-2024-27024 CVE-2024-27025 CVE-2024-27028 CVE-2024-27030 CVE-2024-27038 CVE-2024-27043 CVE-2024-27044 CVE-2024-27045 CVE-2024-27046
[SECURITY] [DSA 5680-1] linux security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5680-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 06, 2024 https://www.debian.org/security/faq - - Package: linux CVE ID : CVE-2024-26605 CVE-2024-26817 CVE-2024-26922 CVE-2024-26923 CVE-2024-26924 CVE-2024-26925 CVE-2024-26926 CVE-2024-26936 CVE-2024-26939 CVE-2024-26980 CVE-2024-26981 CVE-2024-26983 CVE-2024-26984 CVE-2024-26987 CVE-2024-26988 CVE-2024-26989 CVE-2024-26992 CVE-2024-26993 CVE-2024-26994 CVE-2024-26996 CVE-2024-26997 CVE-2024-26999 CVE-2024-27000 CVE-2024-27001 CVE-2024-27002 CVE-2024-27003 CVE-2024-27004 CVE-2024-27008 CVE-2024-27009 CVE-2024-27013 CVE-2024-27014 CVE-2024-27015 CVE-2024-27016 CVE-2024-27018 CVE-2024-27019 CVE-2024-27020 CVE-2024-27022 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (bookworm), these problems have been fixed in version 6.1.90-1. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmY5EA9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q/jw/+IhGBeIu0f4EoDnOXWtKNIqL154QeSW5iChMM18xupN/kHpYYJOuIsZfy 4U5gGJaiPe/ibLSAzpunZGd6TtTAu5U/TMjoUFBlyhWYLrzIrqCjJP7Jcxoufutx qDZGFokd3k8YazJmZPCnHyTFHfZH008YEHmZSHwq8VIgP3cyIqiSryPxFiFXQfp1 0XzsV1DBGNt4gDFj25TTVzfz4DCOBY9wHcgZW5y7AmVDvG674al16JdfV0K/Kma3 4gizb+d26sEd1E6qQXVJbTQf5RKt156fadJicG59Fv/A4hQoUy+lKapaMNuhyRSk u0r1BGEphKL7Z51PEVcm02XRHa18JuzuEoX+lkWjZvwItvQyz6fMzQLHrUSAYPoM 5hGEYgd3W/h2ss3jmoWKjwsEz6uAbFKleCHKIoYK7iRtPjzcTlSVlN01UxLwIFXJ r2M8axaYDW36jo3t/oCe6wsJekILoSx3MSokTiXrcGq/AWY3z+i33EB1XYN76oTt L/bn8BdPhXBC2ofZ757hMJdvh5fUHO0sfg+L2CrBCENPU/jgDCC0NG7NX2lnVRm6 RW6abfIRHPBn27FyyEvCzyxHpixxMiMp3hBf1tn7iXknU1x9evn9mvw0QW/7n0+W uubWWVe3g/BdEiGsSPKYTnDMx01uj+snjmKKzBd88eG7B8PRGhY= =3Xuh -END PGP SIGNATURE-
[SECURITY] [DSA 5679-1] less security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5679-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 03, 2024 https://www.debian.org/security/faq - - Package: less CVE ID : CVE-2022-48624 CVE-2024-32487 Debian Bug : 1064293 1068938 1069681 Several vulnerabilities were discovered in less, a file pager, which may result in the execution of arbitrary commands if a file with a specially crafted file name is processed. For the oldstable distribution (bullseye), these problems have been fixed in version 551-2+deb11u2. For the stable distribution (bookworm), these problems have been fixed in version 590-2.1~deb12u2. We recommend that you upgrade your less packages. For the detailed security status of less please refer to its security tracker page at: https://security-tracker.debian.org/tracker/less Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmY1UxpfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Rt9Q//RATJdOip2H457Vmye1lZb/mUKci2CJBtj5/JOE1MVH8B0w/Vv5EIWCCa MaBzfq3Wv9FmkLMIkfLp1IbM1KZ20+tVz9rz2tVHq0vp+fSjw8wurBv4AoFiRyI8 pFwTzXEtwWVPVBhsquvOXLNVuOyNBq4fmAc8ETccvhcm9rODsEh4gxKR/BURJxPF jckpSv2EnEx/EEwSdFCaeJ5mjGDVN+Sd4V1LldyDLGCbRfY0RuC1hzGsX99o5NZ9 IEt2ZNQ+9OVQQCcpC6ayKtOkPFGKcRKTxhWZ2Q2gNl6tb0bYaQygHlxxRhiqok3G li898tnb+nI/ZlksblIn6gUwEzBH2a5P0/LJg4iF/N1htz2fv1C+/C8/AVvE9iBr lTV7RAo1xaIuV4yAgFsv+XJ7YsWtJKSwXkSRHAlcU3OGNmtQUxs6iQUrRJ97ax9L 0O/3wh7dXbmkU42EZlybTxYh7eMi074PzLva7t0im8KwC5sjvH7yLe6jLXCJ2+Kx 4apKfxPwTYn0bBqaeNgBBFHWwlYn+Rkofo4N5VdbFDWaMwctZ2FFLrpn3LQ3Mojn ssgf/uchU1M8Vpjp01H3Jr0S97nz5cCwE+LlFddMNVlqNL/hA1xU8zNkyRLJcFai JQVhtvLmuSFOW+FtvTjBB09T3o8lbPKYHacO1/h8/ZB+TKqlwQo= =tUOa -END PGP SIGNATURE-
[SECURITY] [DSA 5678-1] glibc security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5678-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 03, 2024 https://www.debian.org/security/faq - - Package: glibc CVE ID : CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 Several vulnerabilities were discovered in nscd, the Name Service Cache Daemon in the GNU C library which may lead to denial of service or the execution of arbitrary code. For the oldstable distribution (bullseye), these problems have been fixed in version 2.31-13+deb11u10. For the stable distribution (bookworm), these problems have been fixed in version 2.36-9+deb12u7. We recommend that you upgrade your glibc packages. For the detailed security status of glibc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/glibc Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmY1QD5fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Ra3hAAlAcmsW7eSdxGVoa90/83MD/hjEl2PF52Fhh2aCbSohifLlz/fnpg+2Fo pRsvva5ZK3o5hzTwaLdaNL3MkS80qSGI5LYB24gP7EU6jTkltHoHumQ7X8cQZ8Hn c0Sp5BK0UI2sfCsL/xtGusk0GnYXzw/SgAvcBSD4bh/xOusZjHa5XA4ox96v+IAN HAunVpepllXW2T0NrGhq+bdPhTOVn35lNCR3HU6/SrpaldeWl1xT+1mEyuG+0jOd bAJAC51fR/VMBqv6r37OGyS+62Vu5KETvQf8dCKPeFGMmpc3kZHVtv2y5VtXOdLn Yl1BdRQRk+AuW+y7MQwdMUxtppzI8y2GJ0cZlprnkFzf0SnC/aCs9gmq6ekrGLlB JVduPWiwxUjrhaIW4jH+FGFoCE4tUP0fCB/3epq647qkAxz2Op9ApDeySzYRVcuL 74g8vb7lMwlLA0qbRguaqWDj8PQLj1SQH4OyVu2EjfcSB6Kxt+zpJB1rw+AldfCz AYKiI1qfgCW5i5NzvCfpVDjlQGUyWS/d7G9Z9IRZUryvQALgnxt67HG48u50KXE2 n0kZ3FWyI2unYkTZS3xrtt4CeAE47j3+obCYJ3ZGDct/3cJ2PAcWqbtf2kIt7jFp xIdCRAGBIuMR/8zbXi6uMsagxQbEUuY4pA2TKrpp37RyN8d+UDY= =E5yF -END PGP SIGNATURE-
[SECURITY] [DSA 5673-1] glibc security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5673-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 23, 2024https://www.debian.org/security/faq - - Package: glibc CVE ID : CVE-2024-2961 Debian Bug : 1069191 Charles Fol discovered that the iconv() function in the GNU C library is prone to a buffer overflow vulnerability when converting strings to the ISO-2022-CN-EXT character set, which may lead to denial of service (application crash) or the execution of arbitrary code. For the oldstable distribution (bullseye), this problem has been fixed in version 2.31-13+deb11u9. For the stable distribution (bookworm), this problem has been fixed in version 2.36-9+deb12u6. We recommend that you upgrade your glibc packages. For the detailed security status of glibc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/glibc Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmYnXlRfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QQVQ//SFTCEazXKFiaeBQD+lGr4ROP2/rSm0WE682g+Xz7HVLJkLtNyLd7Y4SA MVNQDlKntGM//MMQiIUsTGxc4Hq/HgMYVvhXZTlmwRaayTUlJ5jY704vrzMbyaTo iK+88z8SrPwGlHvzzzpNx4/pN8uQYNIK7oLrvCv5ng50Lnh1jBxBTXuEgZQtMq7m Wlo8B+nAaZQKpxHJK+ilNx9kT0g6au4FD+KXzyISBwz4KBEqb10fToHYzl/Wf209 boG9CAbn/rgTM0/wvXb3kDPc3k6yDk+6NI9NVqXSHzkpvbtBJxNi/crnR1Mu7KAh MGqKC9pq6t8zL9v6YV9lGuL/dFBOg+bihsZ3dVyX0B6PDqvmRyZ5lDGZKiiS2jWT RxWoEnM9JdzADd6bbJTICNbFgKNIzmcSxPgfS6/wRp0R679wrq+jhxhAhSNN1ozh dQciRKiLfguTTI4HTRH42frSdXRFue4W48s7LS+Fy0oAaxUza5QNrsFgP9tPBFKl t9ehi3sXqzWTD+Tl51np1dc3yOW9xq0btlUejy0W1L6q6POKIkRrNllVczWJixOA UwuWY4u6zrcX1wgDRSmUsG8k4seHoH7EpfTIaaQ4qgPGalG+9r6ZrMApUS0eOVzd ure7Qo7w6w/UGRxCsuU7pToZlkiHwOlimd7lAGqNMJwofDKbc8k= =8z2B -END PGP SIGNATURE-
[SECURITY] [DSA 5655-2] cockpit regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5655-2 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 16, 2024https://www.debian.org/security/faq - - Package: cockpit Debian Bug : 1069059 The update of cockpit released in DSA 5655-1 did not correctly built binary packages due to unit test failures when building against libssh 0.10.6. This update corrects that problem. For the stable distribution (bookworm), this problem has been fixed in version 287.1-0+deb12u2. We recommend that you upgrade your cockpit packages. For the detailed security status of cockpit please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cockpit Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmYe2O9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QK0RAAkGuh1qsgWCu60JxMYZjfeSyA/w+MlKlwANHCA74QbsvqOyadjrtdxRjK EgKRs8Gz7H8o3bpuVE/4mWkIyDjsn9yZeFlro/6wf3yGsxEL7I2MlKWa56A6hNJD 4dCgdo9gKqcDR7YOpknemN7F8VElUINFjBHzQ6vzm+HMneg4JC3Nhh1TZfNj/trT em/LLoMb9VDHutpv8T0OQwt1tgUxfOfxKDFTsLzjxzYwBfAHqJPu/MZrS1kj15iU HK9nouDw7hYOx0FzTBhlobNnLod8kYN+McUMkiux84lv8PyYE3sxiDlTYcGeG+0n XQ4FHxB6wdolaGKRCwt8t3Bt1uTPvbDYwii6eDmjNLrSFnjbJlfihaVkng9fXb6R kfRHRWhcT15/Yv8GmJUAN7/vNlzPEAXkbXmP3O/MmrLymjsyC4p2Oo8PfKn1biK0 K0s0BrGMd60DvrD6L07ntF0IfF7qoNvYwZLF3ELsXe/h9dlaNtqDHMG2O1OZNB/M VYW6S3reytzexMuqUtKPB2kAZeuiIK6iTJNLU7v1ZWPfHp2ApK3yGxTCXrNj3Ufa kO7Tw0g6w3xIvlxLjHPZ/V9TxBB75i2PmxQMLIk4VjAMY93I6XmESFhI4Me94oQw xYRGVjCCHd8J5Ky4VTgnS66Um2KUkF+nGCZLudTDVeyPzNBh9hk= =b5VL -END PGP SIGNATURE-
[SECURITY] [DSA 5658-1] linux security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5658-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2024https://www.debian.org/security/faq - - Package: linux CVE ID : CVE-2023-2176 CVE-2023-6270 CVE-2023-7042 CVE-2023-28746 CVE-2023-47233 CVE-2023-52429 CVE-2023-52434 CVE-2023-52435 CVE-2023-52583 CVE-2023-52584 CVE-2023-52587 CVE-2023-52588 CVE-2023-52589 CVE-2023-52593 CVE-2023-52594 CVE-2023-52595 CVE-2023-52597 CVE-2023-52598 CVE-2023-52599 CVE-2023-52600 CVE-2023-52601 CVE-2023-52602 CVE-2023-52603 CVE-2023-52604 CVE-2023-52606 CVE-2023-52607 CVE-2023-52616 CVE-2023-52617 CVE-2023-52618 CVE-2023-52619 CVE-2023-52620 CVE-2023-52621 CVE-2023-52622 CVE-2023-52623 CVE-2023-52630 CVE-2023-52631 CVE-2023-52632 CVE-2023-52633 CVE-2023-52635 CVE-2023-52637 CVE-2023-52638 CVE-2023-52639 CVE-2023-52640 CVE-2023-52641 CVE-2024-0340 CVE-2024-0841 CVE-2024-1151 CVE-2024-2201 CVE-2024-22099 CVE-2024-23850 CVE-2024-23851 CVE-2024-24857 CVE-2024-24858 CVE-2024-26581 CVE-2024-26582 CVE-2024-26583 CVE-2024-26584 CVE-2024-26585 CVE-2024-26586 CVE-2024-26590 CVE-2024-26593 CVE-2024-26600 CVE-2024-26601 CVE-2024-26602 CVE-2024-26603 CVE-2024-26606 CVE-2024-26621 CVE-2024-26622 CVE-2024-26625 CVE-2024-26626 CVE-2024-26627 CVE-2024-26629 CVE-2024-26639 CVE-2024-26640 CVE-2024-26641 CVE-2024-26642 CVE-2024-26643 CVE-2024-26651 CVE-2024-26654 CVE-2024-26659 CVE-2024-26660 CVE-2024-26663 CVE-2024-26664 CVE-2024-26665 CVE-2024-26667 CVE-2024-26671 CVE-2024-26673 CVE-2024-26675 CVE-2024-26676 CVE-2024-26679 CVE-2024-26680 CVE-2024-26681 CVE-2024-26684 CVE-2024-26685 CVE-2024-26686 CVE-2024-26687 CVE-2024-26688 CVE-2024-26689 CVE-2024-26695 CVE-2024-26696 CVE-2024-26697 CVE-2024-26698 CVE-2024-26700 CVE-2024-26702 CVE-2024-26704 CVE-2024-26706 CVE-2024-26707 CVE-2024-26710 CVE-2024-26712 CVE-2024-26714 CVE-2024-26715 CVE-2024-26717 CVE-2024-26718 CVE-2024-26720 CVE-2024-26722 CVE-2024-26723 CVE-2024-26726 CVE-2024-26727 CVE-2024-26731 CVE-2024-26733 CVE-2024-26735 CVE-2024-26736 CVE-2024-26737 CVE-2024-26741 CVE-2024-26742 CVE-2024-26743 CVE-2024-26744 CVE-2024-26745 CVE-2024-26747 CVE-2024-26748 CVE-2024-26749 CVE-2024-26750 CVE-2024-26751 CVE-2024-26752 CVE-2024-26753 CVE-2024-26754 CVE-2024-26759 CVE-2024-26760 CVE-2024-26761 CVE-2024-26763 CVE-2024-26764 CVE-2024-26765 CVE-2024-26766 CVE-2024-26769 CVE-2024-26771 CVE-2024-26772 CVE-2024-26773 CVE-2024-26774 CVE-2024-26775 CVE-2024-26776 CVE-2024-26777 CVE-2024-26778 CVE-2024-26779 CVE-2024-26780 CVE-2024-26781 CVE-2024-26782 CVE-2024-26787 CVE-2024-26788 CVE-2024-26789 CVE-2024-26790 CVE-2024-26791 CVE-2024-26792 CVE-2024-26793 CVE-2024-26795 CVE-2024-26798 CVE-2024-26800 CVE-2024-26801 CVE-2024-26802 CVE-2024-26803 CVE-2024-26804 CVE-2024-26805 CVE-2024-26809 CVE-2024-26810 CVE-2024-26811 CVE-2024-26812 CVE-2024-26813 CVE-2024-26814 CVE-2024-26815 CVE-2024-26816 CVE-2024-27437 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (bookworm), these problems have been fixed in version 6.1.85-1. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmYaIyZfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RN3A/9HbzpFDgN8uqJJVEHYgDh38m+h/8maSC2qL3G9ZPEckWX6MLBm+yBWcJ0 l/DesFcqc5Lh25bgWSO2jJ4TY4+dbTRFzFcJ/aTnbOKGoGCUQt0W9ZHFVwmkPKQN tbZm1W1K3u/5dz8qow1ntsQuBarD0uDpImbhOZdrk+n88yKVB4lqAqNgel6EPt03 6SYAz
[SECURITY] [DSA 5657-1] xorg-server security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5657-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 12, 2024https://www.debian.org/security/faq - - Package: xorg-server CVE ID : CVE-2024-31080 CVE-2024-31081 CVE-2024-31083 Several vulnerabilities were discovered in the Xorg X server, which may result in privilege escalation if the X server is running privileged or denial of service. For the oldstable distribution (bullseye), these problems have been fixed in version 2:1.20.11-1+deb11u13. For the stable distribution (bookworm), these problems have been fixed in version 2:21.1.7-3+deb12u7. We recommend that you upgrade your xorg-server packages. For the detailed security status of xorg-server please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xorg-server Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmYZmfJfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Qz4w//cyMczPAsPfqta3Jcw9cclEKJ2EC6p7c1SWm3c16rHyL+pOfcFsNuUrCR H+JPZ8x2qSk5MSJ1AFC4WUJptZup9WlTIfdSNtPJ/T+uweDpEbMGp0dl2DNu5AIP riPtam1aVHUsOr7rT4EzBcRK6hZSltgKZjBeu5vdZLDpexOrGTBx6KmjB62+G21P 3/pog2OVvGi3x6PBsQizEQRW4RP8UsfLEt2EaCxgZKlR+4lfbaSyrKFXolSSbtUR lRur+6dy4569c2Ja844W1MFAtXPre6iFLzhwQNuagwTo4V8OqPAi1vjIpjg/vE2S s9icZpqJMnFuAEvqoUQ9h5hByZtvGYOxoj8xbT5HCwIzro3K2+eEUpPCBZDqfdxh 46a7cShJSPzPSgMaZDhi3+BnmmK5GN/cuaUD9YMm2o5JkRxrRjOyo0P/1yvLAV4/ 66XCXbWFUkLNVAi2Z+VI8vJ+cndQ5x1sSxv8HbNTpDSYeazoUFcvfwvFyok+HQYt OUu22K/TR7ejYGCWXEg/WOqQxgPk63IB2JvuyGRkshis5gKtOstUjPIpvsGpevq+ dMuvY63hnZkJYhqTV9nD0YUg7+H6GznxRcOG/YQmzmpu9htpaotmwCucRi2tAS6A v4Vd90kzBGPcatElBnPkulj9piI+nFaQT40y5ekG8bXVdCYgDQM= =Hr75 -END PGP SIGNATURE-
[SECURITY] [DSA 5650-1] util-linux security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5650-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 31, 2024https://www.debian.org/security/faq - - Package: util-linux CVE ID : CVE-2024-28085 Debian Bug : 1067849 Skyler Ferrante discovered that the wall tool from util-linux does not properly handle escape sequences from command line arguments. A local attacker can take advantage of this flaw for information disclosure. With this update wall and write are not anymore installed with setgid tty. For the oldstable distribution (bullseye), this problem has been fixed in version 2.36.1-8+deb11u2. For the stable distribution (bookworm), this problem has been fixed in version 2.38.1-5+deb12u1. We recommend that you upgrade your util-linux packages. For the detailed security status of util-linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/util-linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmYJTYpfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Sm+A//cJhy/p0UGnSP5MYNc1a1sLeAMcNJm4lwxqR3zDYYqPWAe0jwsspaguNY 1QPdaqa3d/Vm8pDO8WCnqxuzwqDjwyKNLUYmFbOyDx+U4EyVxC6wsUq936XMvx/5 xiuTJripQm8urnvCaa7lGLhNSWHOc2jHWCqLnXC2AKwAtSGT7LWFKzC8csHxtRYO 5A5iUaDONPWJtGpNDx1cczfIuEUvGpANQWOgxrcyAmHb1kjpGHm0RTikpkqKNm4W VH+DbgzuXlLtzUn0/YUXJPJkZtPe1LDshhUwFhU13K2lIUk3hWBWyGIrXgG+OZhu XgPc/5yAZHjmffHawUPE0LWGA3U6xOWV3pvBIi07XF/kFwR00PXGfMdv9WrTUxxV V6Fv5/kd2MsWvZQSYJ9Bn/6Wo5O9w8M3Lfso2OYx01OFRQHQfn4rfRek0ED81155 qqPaemJYeUIJsDEmiwdr+eh0LZm7+3oMOgdfKDc9ARm9fasWxA7SFg4w5P1h0IWO lzuwEzm2W0az9YJ/BFMaZfoTTn/DW9FJHL7Fo5F2vO9CLAihxMYUDM3mUZNBexY8 Z6XzhdWOSkOAiYI4khDK/TK8jQxSpEjNiFh7Z2pIZs4F6COjI94xtIn+N5nyJxnk AweXW0GGSZxt1sXD99JeD27Rv0UXNKyHfcQRPaYo9FyHntkVxi4= =jL1I -END PGP SIGNATURE-
[SECURITY] [DSA 5649-1] xz-utils security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5649-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 29, 2024https://www.debian.org/security/faq - - Package: xz-utils CVE ID : CVE-2024-3094 Andres Freund discovered that the upstream source tarballs for xz-utils, the XZ-format compression utilities, are compromised and inject malicious code, at build time, into the resulting liblzma5 library. Right now no Debian stable versions are known to be affected. Compromised packages were part of the Debian testing, unstable and experimental distributions, with versions ranging from 5.5.1alpha-0.1 (uploaded on 2024-02-01), up to and including 5.6.1-1. The package has been reverted to use the upstream 5.4.5 code, which we have versioned 5.6.1+really5.4.5-1. Users running Debian testing and unstable are urged to update the xz-utils packages. For the detailed security status of xz-utils please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xz-utils Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmYG4XBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QBZg/9HMXAGIvBC12v8PSnp6EjnagxXBjTqLIJzEwQFgmC1cS58Kmv214c3fD+ rxHEfqQxcgjVSWPbIgI5ZXf1XZtx1YiMGRd9aEvKQSwLu0ox0/UR5igZakLrZb+n t1qvH8AGYQhK41ysFJVwNulUXqqopvGEPgwopLfGPn8P3zjOrs0BoLqYmQ0nbsv3 92l9rAYk6W7G+L3Gwp/cQVzqmyErlEk/QB3Ld+6HLP7a8shY+A8a7iVHE1vkzNjw JeZ2shIrvkCJqb1/BVSJU92fy2P4xjiMY8phDum7dzWnyy0WZLa90B/tDF9WB7Ok nuUa020yxjflnabSM112We1V8D5sh18X30NK8scXiCD5cbPEysGqaUf8Baik9qux Wkn60oqLKFN0VdrUxeqyLp1AC7wEiysQaNqv/8ZqhYF3/KxrbzgBOVy9XeB3pEfk oLLPtUeH3kuXGw2Qp+Kqg3Zlfe04XZZX5kme/7PFkBvjZ8JFH7dWW+eEO9MbnsPD br0tWxod0jhvLdZ6YLFad6q2jkjqO3LH3+SYAhp+otcY1TNpIe7xWAB+Phj0TJqu IoSnYutqEb4mwoUzn9vZRzOxLvyePEJwbFG89sQf4GCYm4FwDhyB51Eo5piC7Fre EtfsmdU7xAl6tljtUkzTHz27dBIokrgw4W0YrYaeUSmm3jKttPA= =522l -END PGP SIGNATURE-
[SECURITY] [DSA 5646-1] cacti security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5646-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 24, 2024https://www.debian.org/security/faq - - Package: cacti CVE ID : CVE-2023-39360 CVE-2023-39513 CVE-2023-49084 CVE-2023-49085 CVE-2023-49086 CVE-2023-49088 CVE-2023-50250 CVE-2023-50569 Debian Bug : 1059254 Multiple security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in cross-site scripting, SQL injection, or command injection. For the oldstable distribution (bullseye), these problems have been fixed in version 1.2.16+ds1-2+deb11u3. For the stable distribution (bookworm), these problems have been fixed in version 1.2.24+ds1-1+deb12u2. We recommend that you upgrade your cacti packages. For the detailed security status of cacti please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cacti Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmYAIe9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0S9eQ/7ByZTgI28ry2EvqJhUj3m3sT9PtgebprbQ/bvq6osaNjTnMI1BSpn84g9 Cu2aS8ymXWm4ZDc7Kpri0SOhQM6m2G72j/7lSLpfnugTci/qZdW/yG2RQ5aL1G7H h8IRKi395uhAWQ449T7+BDVOKxCwjfY0WdVzH2IQJP3Aa0hUb1QPLL+84pFOSFDU GmIj/HwzK79M6q0FwaldNn3CEhiW5s1PixRY4xZtjsDP0jDqUdNTfWfazaKt+fum GaUyoUR8hBm3IdAhyWS/j8BMquibTo0fwBCsyc54nNWeItwKLY5T5GZGxOfRte5p 60UfqKxxzNFKs5wNMdhPn5MLUmXPbmYzpf6QehYek9pMW0lr44gL1X1pJu5pEDK+ aEp+HoRbPMbMBPFjG+Pgm9s+yWNarhXcoAq01p68Ti12bvb5slGXh1Rbxm3NcQrk uGAeNjdj3EZDb/qasEs3X3ghvLzOliz5b4pvP8S4PlZ9YD1Pdgzctj2qv4WOjvx0 K1MEZf/X9ew0phfzTuKS/xlNo9OA9bSD5r3K6GLgUc+iWFtd9SvAFM05fFkdIN9I c7mWaa5cxxYyGYKVoxCpiO6rPz7spiUVDrf7ukjC6LkCPleWcZOkGblWWQKnw8kA 8kaicQV9LXPG6Pb+DbfpU5gLuc7DYg468bB38gNXp4L2j0a8+bM= =uLpk -END PGP SIGNATURE-
[SECURITY] [DSA 5645-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5645-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 23, 2024https://www.debian.org/security/faq - - Package: firefox-esr CVE ID : CVE-2024-29944 Manfred Paul discovered a flaw in the Mozilla Firefox web browser, allowing an attacker to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. For the oldstable distribution (bullseye), this problem has been fixed in version 115.9.1esr-1~deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 115.9.1esr-1~deb12u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmX/MOFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Rolg/9GP46S5fV4AGsTsDeOZsx8rbHOZsKgj+Y//dA8Ly79T10CjVcZQSvpFek Czgnwyo9dMqY5jTyxKOcFqsrbCzODKdMtDKVqOdTTptb0eGdorLyRsq0D5Kozn86 W8iq9mDTYiL50Vj7gMgpciNHklM7sjtKCYSTIgJFqLq+/8jMIoaN2qbTCmxo4OjC bqweKgXYlHE/EmgCyjVJ6gjuam5yA1OlrXO+/IqKm809P8TPsceb9FBCY4Gw0jS4 Ioii4Y303fsNNMIHfDANNcvXC6JCnsy0QYjq2DyiNTOyh/leoV+Z9tWQwejcnQBd T0aICDOoQwf6mnsMtsLvoDzsY81DawiHd19nyLeVKhxLwpEmqTz5CIIk72oy39MA SLxY5owGrBPHkelxpi4XNPg7/fDNfeq1L3/CzEPoiExaioLsvC/vgvZzO4drrNkG Eyp2ocGvKejYqt4TfZE/a5vmj7BpNDMmhsUne8XzdPVU8p1Co3jsEGmOVAT00EOv cO1MGfUZdChdTdRHZ6Q/v6Wr2DZvmT9b/yy9uI4I+XjpkDLapS9DbP+FPJKM5y75 lOf3bfsBSHUBRIxxtiDdUmjYH9mTHNPNq6SFlHrcpykqRps+acuL4ZYd2NGG8nHg Bv4lAz/FMJTBI80gqF7nv3v2qsy4CZ9ieBnAQbDHDkVxnnYLGVo= =h5US -END PGP SIGNATURE-
[SECURITY] [DSA 5641-1] fontforge security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5641-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 19, 2024https://www.debian.org/security/faq - - Package: fontforge CVE ID : CVE-2024-25081 CVE-2024-25082 Debian Bug : 1064967 It was discovered that fontforge, a font editor, is prone to shell command injection vulnerabilities when processing specially crafted files. For the oldstable distribution (bullseye), these problems have been fixed in version 1:20201107~dfsg-4+deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 1:20230101~dfsg-1.1~deb12u1. We recommend that you upgrade your fontforge packages. For the detailed security status of fontforge please refer to its security tracker page at: https://security-tracker.debian.org/tracker/fontforge Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmX5+otfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QM6w/+I599jlPtxJcdadbT6efjRaGYhhj3ICkPG+l3Y+h7hcPAW8VbfdxR3ztP jYbqf1a6R1cb67NAunRLIkouA7uf1o5zix6bGmcLSmuwiqfoqGQOrQXKMZE6fvov YjzWVbQ+W9P+b3fywip7VI+pjC+coliYO/Y+6E0Ylg3GmVq5p/W9SGjefSNI8SKv QmZaUaVnEBVrX+riQ4AncOTKrIrV19mmbwKzZ5FgYLQVvhNrWimNO04RbNi/t+Dc r7rITXc4+e3guBlKjEuOaTdvWtMpwXxxAUU+Tqvgya8OQc10dHHKIIPbvJ1rhi2q k/+vdy6rbde7hwMqgBNUOFoJsIrn5+1bu7BPwU7IDp5C0ibZ/jtisc3JjtxHj5yz 61n/d8+/+usRjKcAos/MKZa988KSNXUyqIv0NQ4Xk5l3AxDdBArDtxfMGKLuzYWM sVD7tlFuu7UcuyI7YY1FJcTDygoDb/CunXBq7yjMh9DEPQEMkWu6gFdge1gXWw20 s0dko9Ypwtoe3BZ5ucbcyHjcfyAzlk+m2LIVO7TQJ5NvRuNuuE/kr+SDWbx4PIji dr5VslvGp2Nx784163P8fduUTxfSNLktsGdqPZmJI6R4FslQjd9oIgTd+/f1VU6t RTu8OcCqREfkwRVhtYrsTjwVvZ4x1OqAnKoxAGM7jzdk0JM= =0dXN -END PGP SIGNATURE-
[SECURITY] [DSA 5638-1] libuv1 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5638-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 10, 2024https://www.debian.org/security/faq - - Package: libuv1 CVE ID : CVE-2024-24806 Debian Bug : 1063484 It was discovered that the uv_getaddrinfo() function in libuv, an asynchronous event notification library, incorrectly truncated certain hostnames, which may result in bypass of security measures on internal APIs or SSRF attacks. For the oldstable distribution (bullseye), this problem has been fixed in version 1.40.0-2+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 1.44.2-1+deb12u1. We recommend that you upgrade your libuv1 packages. For the detailed security status of libuv1 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libuv1 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmXtrrFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TOBw//UDY7qqzhavYjzvVxQ6ka9PGfBLJcRXhMjpwH5JxR6T0KOqCQkasoXCxm NTSzczr0zrtU4Hdtv6tb/E5QfemTpdEfMOtuuKxhQ3jrQNjnqtfDD5ouomrckxMc PtB3SsJ0e1BV97ORDEqrym39VQTIaVgxdZwXU5/mcqaboZx8uxv8XjaDURhAU1eY z5PDno6bTg/zL7bSSugTnxSPHwokv4FICxaG8rR6y6drbI7hndsx+LL+sXs426O8 xDzro+deanl3i9kdXxQujhTxJA+7vUTeaCl8rLFs7kOyNxDbCVADYc+Cc0h8Z0xn v/xNDYkIMprGcUx2QgW9mwfDgKGxDVtltPwb6oIBsKzrYBF/gVUqM5aym3VquS8n +lL7+uA0ZHKMxeQRrCtHCIoDUAhjVarQPqbxIX92tftSIRHU7e8Qfmyo7PdbPs9U C4zUUwIwQ6UtRR8OWIKE8IFa+BRxL2/3KCDjDvpK60VUfanRqdF7zcvifFQMw9mq J/s/IIY6Unhvk9/6QSKrNiaLnFBOVBZ4E4A5OU6W1KAKvixlH8bmv0XCgrlDr2fx /7+Xn8wNA86qPAd9/t6DAVzyjdlis+P6LYzAfrAguWQQS0xkDW+5OQqV3wyKvK1m 9PRJK4vfmiX5kw+VclGbJM4ToaKOLbSlns/QNhHuRw2RDem0/+s= =ai3N -END PGP SIGNATURE-
[SECURITY] [DSA 5631-1] iwd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5631-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 25, 2024 https://www.debian.org/security/faq - - Package: iwd CVE ID : CVE-2023-52161 Debian Bug : 1064062 It was discovered that iwd, the iNet Wireless Daemon, does not properly handle messages in the 4-way handshake used when connecting to a protected WiFi network for the first time. An attacker can take advantage of this flaw to gain unauthorized access to a protected WiFi network if iwd is operating in Access Point (AP) mode. For the oldstable distribution (bullseye), this problem has been fixed in version 1.14-3+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 2.3-1+deb12u1. We recommend that you upgrade your iwd packages. For the detailed security status of iwd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/iwd Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmXbGdBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TLGg/9HYY8mbmW8ZU9Kf6v7Bns1D7hNx+6C76koK3nliJ1nTwya7rBBCkBo2TB 1/x0h94k2s4AV5KSrJmP2RsqeGrnF/cTp8cKvdNYTU8QJYZA7q1B29MNQDhxqUYC O+HsSgm/HZdsNtajnqZi8KpP4wCbx9w5c1DZ2jmHt5z/vfZAn/Y5FOsPW0fZxe6U GNyoZ0/YwuY9bdH4dvhhsJOZg3B3FtD/DD7IsN0ltY2rFjJmmsQusCrmyDQsNYDY cH3iobOmHQPQ/QnjtrUQsyZb0M6/49EW38H1F76oc57o8jf4MTMsa68TeSFnBC5O OZ5MToB5yKiBAT0+J8wClBGI4iLYCkg6VERLT6pc7d+ffX+EshcTV9eAJgUUoeRG uCNld9M01gRN+i51Gib5YidfMhGQmRb9CMpiF3Ll5rErl/YmQ91GV5W5rBngEpkd QNedIYpPD/tqf2QxTcAzFyT+C+NgcB/LOI3O8p2rjYFEHl773DJEeHvfbwaTKgdK rlZUouO2lqadNQXugrLsGDNqhHOuVgxxzBONjZMyDKjfEOlcqjnySWeZ4CArxAri BVWJ5BbHf50ZLBpo7agcB//u0IH8z31OZwbkNXJfE58gVV0JRuqsfDbn0sIG6CB4 r4I5CNICiubHZDJNwkGOVhdmSFcd5nelmPa45inO2DgxEBAKVdU= =Pykz -END PGP SIGNATURE-
[SECURITY] [DSA 5620-1] unbound security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5620-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 14, 2024 https://www.debian.org/security/faq - - Package: unbound CVE ID : CVE-2023-50387 CVE-2023-50868 Debian Bug : 1063845 Two vulnerabilities were discovered in unbound, a validating, recursive, caching DNS resolver. Specially crafted DNSSEC answers could lead unbound down a very CPU intensive and time costly DNSSEC (CVE-2023-50387) or NSEC3 hash (CVE-2023-50868) validation path, resulting in denial of service. Details can be found at https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt For the oldstable distribution (bullseye), these problems have been fixed in version 1.13.1-1+deb11u2. For the stable distribution (bookworm), these problems have been fixed in version 1.17.1-2+deb12u2. We recommend that you upgrade your unbound packages. For the detailed security status of unbound please refer to its security tracker page at: https://security-tracker.debian.org/tracker/unbound Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmXMYixfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TxMxAAmy00/kTKXoaX+YGFHPIZmwdtP/eQnx9SreT40TrvASi7O5d/LKQUhMpY fEPqekyPCmfa/XkFZZVecyaNInoeyuf2olpQ5+gTgZMoxllccCFWqyO+TVhJtobf 8iJttIwwdGYToH/tENr2Ady2Rgg5oy8WILF/5F2bckn2dgQAWUw4Tl7K9rkCf1Jr yO4KJGhXtNpaQZJnvX5dmwm7gDwkXsc9j85diRTRUF14IaMiiPKUpcxmogOGDYJc vY6lBFdLOfmzo1f3BO8SzNV+G0h7kCn/7w9RdpOWqTQoZHdT6IkT0YsZzLuJ0bVy oLWxi8Kh4fdAbEiyffVk0kLOWUmup9hckUSIXQktvOK6koFecm01W8OBzQ/HsB/D NExfo1l7GjAaAv+EkQHMdkiMqdoLI4oduuBxa2nFdCpDESaTN7Li6S0JtVc1YUu+ UKHido3J0/U4xleL8sPPupJ2yVwOmbkeqK3hxH0J+e/uDT6mfrZ0moEEjOyAper8 lqu4TS7rSK0e6/nNQs8dEEcoQQL1B3HXyXqjOBcMM4A1wPkJib8j2use64/+vIz6 9tMflOwUxBirQ/J4PGLWTQmIoxF6NNzqTWgeFMIuq1NXIy7t3TPIIgW3+VWsNJwK Ae8HGZITdiBpGdSDFEa5qYKtiYQS6NxSx/fzyYNlfv7rUzrSNgQ= =m2j/ -END PGP SIGNATURE-
[SECURITY] [DSA 5614-1] zbar security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5614-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 03, 2024 https://www.debian.org/security/faq - - Package: zbar CVE ID : CVE-2023-40889 CVE-2023-40890 Debian Bug : 1051724 Two vulnerabilities were discovered in zbar, a library for scanning and decoding QR and bar codes, which may result in denial of service, information disclosure or potentially the execution of arbitrary code if a specially crafted code is processed. For the oldstable distribution (bullseye), these problems have been fixed in version 0.23.90-1+deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 0.23.92-7+deb12u1. We recommend that you upgrade your zbar packages. For the detailed security status of zbar please refer to its security tracker page at: https://security-tracker.debian.org/tracker/zbar Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmW+cM5fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RZEQ/+LBd+YadiS/TNfrBy9lYnugnavklh9VSEkO+sKYFVzkq/ypQwuaLA0MaI t0OOIGIrwDVXL0/Lb6Rjuo96PGQX6NJXF2iG7UUD8RjiJDHIFPUP9nbWOjXmNAdt nfUvF9AwyExSpCREhXc2PTDc5lmnAu56NWrJRN53RqngbYSxILoOpNRBDlZUEL3R NrbpPvpQnvIBo2JcmaT/PtgC+U5bxKfnQGQ2Cree/nyq8de9VCPwGeTczqFz8I3N sklG9k8/09+zdJOUpy+KVi+ylTAG/f/ydzGtrFyr++hPU692PIGeu++N3yNX1mP9 KWhsAdkfL581RauwKRgHFnRXK/yUDg7rDUlMRd0w5QphDkL+01mjzgiooGBp5I7O GXvdVgribWdexRiKE0nfzf6sHxzbHXRdCOiPWhGAf5w6ORdpgRwuICo4mWTw1T8G JktFfuLXP7uRIdVIMeIVVVLfFYBQeTr8g7A0TV1ysAzG+yjHVhfYJxTVS9rTNmt8 MJbO6ZBgWnMdMbd+4xlngWMpxDOInhdFBTmbyBdWnbMOQDZhgXLy0Hd0VF96UoQk WoHxphpbioY5on053jSsU6FH0r1bSm5rjOfCkRVLalCTjZyY4TqCSmbTlq3qyxUH gT9ws2M+//SpJKzwGvVXN8+0M3BzVXUGJYmLG0v0/+jb58wUBUA= =OOtS -END PGP SIGNATURE-
[SECURITY] [DSA 5611-1] glibc security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5611-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 30, 2024 https://www.debian.org/security/faq - - Package: glibc CVE ID : CVE-2023-6246 CVE-2023-6779 CVE-2023-6780 The Qualys Research Labs discovered several vulnerabilities in the GNU C Library's __vsyslog_internal() function (called by syslog() and vsyslog()). A heap-based buffer overflow (CVE-2023-6246), an off-by-one heap overflow (CVE-2023-6779) and an integer overflow (CVE-2023-6780) can be exploited for privilege escalation or denial of service. Details can be found in the Qualys advisory at https://www.qualys.com/2024/01/30/syslog Additionally a memory corruption was discovered in the glibc's qsort() function, due to missing bounds check and when called by a program with a non-transitive comparison function and a large number of attacker-controlled elements. As the use of qsort() with a non-transitive comparison function is undefined according to POSIX and ISO C standards, this is not considered a vulnerability in the glibc itself. However the qsort() implementation was hardened against misbehaving callers. Details can be found in the Qualys advisory at https://www.qualys.com/2024/01/30/qsort For the stable distribution (bookworm), these problems have been fixed in version 2.36-9+deb12u4. We recommend that you upgrade your glibc packages. For the detailed security status of glibc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/glibc Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmW5P2BfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TCeQ//VD4TdNtM/wBBMsQ2/RTFVO81yT6ZJ2jxy8v2h9ZZtsBhi1kMP+P4E2pC yAl+8TGZpKCbMqifecV85Z9674aUfEFrqju8E1Mt1kp63MTmagJvPuZg318hjMRg byve8v9nMJjpAotbetz5TesUX3eZeWbkAyqd45vg3g40lIyJHusKra5XEmAxflEB 8zFwZhwWVOZ7cIH2sbsRFprgPcz5YYKAvUEfVWQxikWaN+7XGNKzue6Ar0pkHHGd reLUTnGDv4NMr1Y7JLMau/nIO2JXvl7V2+EefFw02/vmRPovz4ZtmWek3vc2DRl9 JfGEIOkMpbxPgp0dZ2AyKjOEIpIutvGqzLm53MkcajvVlVAMyPPj25rgytaK+07T RS+oP77Bw+pDjRu1PpyCDRWIOCJmqP8esyq5IfMuLDBYPT8JvOyq2Iy/q5U+OvXL nYzvNXfqIkencR0Sd83aRGho6vWSy89mJEWhvMhjYmriJz7ipQo6t+FZb2Jq23wJ pXTcWz5ljtuSQRmf2A98InQsyg1sBVj3dH/8uYEl5f58TvF06SL6vJwtxJED1vLk LR9D1G2zyoJf6PFPMj+qtgdZKxYPX6Zr3nJTNRwM74Z8AYQEcuczWm2vhq78ipPi AyAjNDzU/MPUaDTKeyjS04XD3tyOD3RDPWDjKhV/BiKFuAjuqro= =Zs+W -END PGP SIGNATURE-
[SECURITY] [DSA 5609-1] slurm-wlm security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5609-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 28, 2024 https://www.debian.org/security/faq - - Package: slurm-wlm CVE ID : CVE-2023-49933 CVE-2023-49936 CVE-2023-49937 CVE-2023-49938 Debian Bug : 1058720 Several vulnerabilities were discovered in the Slurm Workload Manager, a cluster resource management and job scheduling system, which may result in privilege escalation, denial of service, bypass of message hash checks or opening files with an incorrect set of extended groups. For the stable distribution (bookworm), these problems have been fixed in version 22.05.8-4+deb12u2. We recommend that you upgrade your slurm-wlm packages. For the detailed security status of slurm-wlm please refer to its security tracker page at: https://security-tracker.debian.org/tracker/slurm-wlm Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmW2Sj9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q/0xAAiIX2hFquenx281NrzLcnOeIiuvf/+2eXs4/yVQ2P91S7kTzdbRc9n1dV AIwcvQHKHlQH7z/GHVLtjLDwjiAc34OcPzvLipiFgg6JRmKweOMWqyRns9DaIy4v RZRg7RvS4ltDOuqP9UXScTom4GAM3GCF6wrvxsyNwSvwayaJtqQw09OjWHJsKOPe aKJ6yIBfXUukreUQUctVH5P3HG58S1WD/8EqYrpgxC0mBYxs2Iv2FkEcyyiWY2mt huOqkmzfxf25xzQqlDg7kPMikHkqsHmKiFViAWOe44o0C7jED1JOh72BZk93ktrB WaA0lqj9w+CUhPoUinOL76qn+ija8URNIlnPExmY8/BlBDwEZ9pawTo/wv/IS34G zPDrpQQsBTRPpfO9FrJYPf87Ryfp7OpkWfa6LLqTckDp0PQc05/ABdKVtBw/OtfH Zud9/qO+M80045IP4QIzDOiYkAQPEbnS3qlT6Io8RYu4C1tNiALBksMnuim3E63d KbRN4lBzCujKY0clKPLtafE6uNXv9gpQRdq2irDGo+IY8A2rfziWqrmdmiP5bxyQ sZNpTuNSVGa5s+skId17xZDH/uQBi6UTT/0Qz8mceqa1Ufzu2bbpNHVdgGZ+YbAj AT7bOr5AY1JHqdCDXx6Pl2vQhIss20R3bxi8O0oZODPquGWgkwA= =fdxl -END PGP SIGNATURE-
[SECURITY] [DSA 5608-1] gst-plugins-bad1.0 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5608-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 27, 2024 https://www.debian.org/security/faq - - Package: gst-plugins-bad1.0 CVE ID : CVE-2024-0444 A heap-based buffer overflow during tile list parsing was discovered in the AV1 video codec parser for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. For the oldstable distribution (bullseye), this problem has been fixed in version 1.18.4-3+deb11u4. For the stable distribution (bookworm), this problem has been fixed in version 1.22.0-4+deb12u5. We recommend that you upgrade your gst-plugins-bad1.0 packages. For the detailed security status of gst-plugins-bad1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gst-plugins-bad1.0 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmW1XvtfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0T6lQ//U5/FcuUV+SLF3IYzbSGP3nxOl3njQNMQz12woGd8SJdFpsEgeyOFUqwE 1u6xUjNbryI3N/U3zGxEH3P5gZdcxXbQX3dWqHr6IrBC1ciBwKZrtmcmy9ME2OZd 1r2QYGNxGYr2d/E9IV6lvT6L2MPeKTbEmAUjCGgY/nsPi9P2ECwufD7KEHh+6IXn 5WRPEFIWioOXWhiBn02x612VHJUvux5geBz6oLkl9sc2V9coHx19kywaC9W2JMtt SlyBaw3s7l2lv25rwTYCie1YmAgjsvnyZu3ijGMwHp/Sa7RYUkTC09S/fzuZlFOA Dz5HRslsjvlk0SomPg5A0J6eDYVQUqE3fq3A2zRtkDbeGbScAmc4eyR1d4LE0FqT POUxZoCR84fP542vOqLimvfdnkkaPSJwcQJRrwKx4r/hYFwOi4W1gwy90at7MQlj zwrfExMcXu9B3WmzmwAcTsX9nrgyiXNKH3Lib0gT+93TbqdhUNHuj9zC885JfOwx Th+jRaas4dyx4Tjaz83pJaUzEEIgAHByfr5N1UltvIUmO7AX9C9iLLyVVmgb2Qz0 ujdc1N8XSqcvB52psJe5o6oEx6UbAVTH48PGrCuYY2kfzKKHYUan6n8MILRw8Is4 FaUz4BAUd6Fjgo+jG/oS32grK7aujTbqRCiDaTDLcT/vywZldQA= =giTa -END PGP SIGNATURE-
[SECURITY] [DSA 5603-1] xorg-server security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5603-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 23, 2024 https://www.debian.org/security/faq - - Package: xorg-server CVE ID : CVE-2023-6816 CVE-2024-0229 CVE-2024-0408 CVE-2024-0409 CVE-2024-21885 CVE-2024-21886 Several vulnerabilities were discovered in the Xorg X server, which may result in privilege escalation if the X server is running privileged or denial of service. For the oldstable distribution (bullseye), these problems have been fixed in version 2:1.20.11-1+deb11u11. For the stable distribution (bookworm), these problems have been fixed in version 2:21.1.7-3+deb12u5. We recommend that you upgrade your xorg-server packages. For the detailed security status of xorg-server please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xorg-server Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmWwGD1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TTQQ//W4eLUMTFmwz8KX3YIo8OLURD91ID1bIjjvrT5uYckPbMVWcIe07tnrU4 GM0Ad09Rq6FCLKNbNqVj8tfvHrA+3VYlNcjD01AnqRYk3zZ85CkMf9tKrUT+/1pB dcyyponNDY18MxJR/3plDdIhPjoaLv+dtZY8kYXzf8qUtk1Rn1C/DbttLzLRC/5Q 7K+aDNoBZqyw7xmoZkmvBK8rf4x2ZtpuetCWvEsgRnCE6YVYj/mCfoiDkIOhM7jw jSv3QpaQ8BzrozbhbB6BgIHSBRTWfgjNcUOqj8I2tPpSTIuDdlTQ+BbA7OKz2+k/ SniFezxPLPFovg3vchOYjxLlKXEl54bhm5y/qFUCMoEPEzLhY6w/8UXo1ggWgtBs 7N6vHNqlS67fOZKiLXhrIsoaAoggF+PvRX2zroa6FH9i4nhl4WRxyHxX/JCLX9yU 28gfwLMPuHqklCCNTwWOlFs/1zMJB8SF563/70CZilBMfFSy0rz80id8Wgv5zpcQ fkW10T9cg8lMF9w5sN1wmb0Tww9dWCehOXLMFa9ATEm/jR6yqWSyjL/0BZ2izeow WwLKeZhk+s5iv+IFRjXqkoWlKpljhOTodKhYVYlyrUK3m66hhIYU8XDtzNGRB+i6 M/PO/raW3dpB7WPChELMQiYo9kqFLno8E7mC5sjvCIq425kw9Rw= =dehR -END PGP SIGNATURE-
[SECURITY] [DSA 5597-1] exim4 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5597-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 04, 2024 https://www.debian.org/security/faq - - Package: exim4 CVE ID : CVE-2023-51766 Debian Bug : 1059387 It was discovered that Exim, a mail transport agent, can be induced to accept a second message embedded as part of the body of a first message in certain configurations where PIPELINING or CHUNKING on incoming connections is offered. For the oldstable distribution (bullseye), this problem has been fixed in version 4.94.2-7+deb11u2. For the stable distribution (bookworm), this problem has been fixed in version 4.96-15+deb12u4. We recommend that you upgrade your exim4 packages. For the detailed security status of exim4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/exim4 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmWXKopfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QjSA//XoMnLi4MFMYxltCKlh24MN3boRO7vi2ZwVwmLFsI6VKqwA84x31gqr5l FJgcgwXNsos+4rlMiY5+mRu5aIkHABPW+CRikMZhkN6mU5L1HhSSn8AcdI01xpRe pFnZQdu5wb/h5kkb/AdfhTLXmTT5gWGvlGaNwthCFYW8YlaFSFYOg021d9zRAEWW uKZ4QNKCq3mM+1RG/CSRw+9n8RodZaLivvJQftNbWDlIhRiQsJWLfT6jINucCdg0 5lfjYaiTTWWGmXQUz9ffl6SkFHFx27jZlFieIesRwtudQONUERVQlTRLsiD+p5Sz Bmol5Myay9FX2SyKOFvcOJQPeUfmHERooXnyZl6ZoFU9fVRk6KRdrmIQ3ghyfu5y mcjzpbr+Ap4gyroDd6QkJwIn8dkVlI98dvJ7taJ6Sz5yWVISdBdUG0QJMpiQFH7v /wKEvn846ZJUMZKQstXnAjKc7RWs/T5i3NA1uI6QkgSKdMWOx38+cjHESngkSVew nZe3U3ouBejwucI11+M8SgOw3QosDM8wyDmyWttVmH4nLrIEVNk5jJp0lK7/agIQ KIlx6kDPoqSaN2/5jSvDzVWCJTwXJ/bPRjWDyCP8J6janVD2l73pfxPIjKcxbImK q6JxMQeYYxzX2XxgZliGTGoNZAkFsWy+3tZdaBMt4PlKbYtnJxI= =onc4 -END PGP SIGNATURE-
[SECURITY] [DSA 5594-1] linux security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5594-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 02, 2024 https://www.debian.org/security/faq - - Package: linux CVE ID : CVE-2021-44879 CVE-2023-5178 CVE-2023-5197 CVE-2023-5717 CVE-2023-6121 CVE-2023-6531 CVE-2023-6817 CVE-2023-6931 CVE-2023-6932 CVE-2023-25775 CVE-2023-34324 CVE-2023-35827 CVE-2023-45863 CVE-2023-46813 CVE-2023-46862 CVE-2023-51780 CVE-2023-51781 CVE-2023-51782 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2021-44879 Wenqing Liu reported a NULL pointer dereference in the f2fs implementation. An attacker able to mount a specially crafted image can take advantage of this flaw for denial of service. CVE-2023-5178 Alon Zahavi reported a use-after-free flaw in the NVMe-oF/TCP subsystem in the queue initialization setup, which may result in denial of service or privilege escalation. CVE-2023-5197 Kevin Rich discovered a use-after-free flaw in the netfilter subsystem which may result in denial of service or privilege escalation for a user with the CAP_NET_ADMIN capability in any user or network namespace. CVE-2023-5717 Budimir Markovic reported a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system caused by improper handling of event groups, which may result in denial of service or privilege escalation. The default settings in Debian prevent exploitation unless more permissive settings have been applied in the kernel.perf_event_paranoid sysctl. CVE-2023-6121 Alon Zahavi reported an out-of-bounds read vulnerability in the NVMe-oF/TCP which may result in an information leak. CVE-2023-6531 Jann Horn discovered a use-after-free flaw due to a race condition when the unix garbage collector's deletion of a SKB races with unix_stream_read_generic() on the socket that the SKB is queued on. CVE-2023-6817 Xingyuan Mo discovered that a use-after-free in Netfilter's implementation of PIPAPO (PIle PAcket POlicies) may result in denial of service or potential local privilege escalation for a user with the CAP_NET_ADMIN capability in any user or network namespace. CVE-2023-6931 Budimir Markovic reported a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system which may result in denial of service or privilege escalation. The default settings in Debian prevent exploitation unless more permissive settings have been applied in the kernel.perf_event_paranoid sysctl. CVE-2023-6932 A use-after-free vulnerability in the IPv4 IGMP implementation may result in denial of service or privilege escalation. CVE-2023-25775 Ivan D Barrera, Christopher Bednarz, Mustafa Ismail and Shiraz Saleem discovered that improper access control in the Intel Ethernet Controller RDMA driver may result in privilege escalation. CVE-2023-34324 Marek Marczykowski-Gorecki reported a possible deadlock in the Xen guests event channel code which may allow a malicious guest administrator to cause a denial of service. CVE-2023-35827 Zheng Wang reported a use-after-free flaw in the Renesas Ethernet AVB support driver. CVE-2023-45863 A race condition in library routines for handling generic kernel objects may result in an out-of-bounds write in the fill_kobj_path() function. CVE-2023-46813 Tom Dohrmann reported that a race condition in the Secure Encrypted Virtualization (SEV) implementation when accessing MMIO registers may allow a local attacker in a SEV guest VM to cause a denial of service or potentially execute arbitrary code. CVE-2023-46862 It was discovered that a race condition in the io_uring subsystem may result in a NULL pointer dereference, causing a denial of service. CVE-2023-51780 It was discovered that a race condition in the ATM (Asynchronous Transfer Mode) subsystem may lead to a use-after-free. CVE-2023-51781 It was discovered that a race condition in the Appletalk subsystem may lead to a use-after-free. CVE-2023-51782 It was discovered that a race condition in the Amateur Radio X.25 PLP (Rose) support may lead to a use-after-free. This module is not auto-loaded on Debian systems, so this issue only affects systems where it is explicitly loaded. For the oldstable distribution (bullseye), these problems have been fixed in version 5.10.205-2. We recommend that you upgrade your linux packages
[SECURITY] [DSA 5593-1] linux security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5593-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 01, 2024 https://www.debian.org/security/faq - - Package: linux CVE ID : CVE-2023-6531 CVE-2023-6622 CVE-2023-6817 CVE-2023-6931 CVE-2023-51779 CVE-2023-51780 CVE-2023-51781 CVE-2023-51782 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2023-6531 Jann Horn discovered a use-after-free flaw due to a race condition problem when the unix garbage collector's deletion of a SKB races with unix_stream_read_generic() on the socket that the SKB is queued on. CVE-2023-6622 Xingyuan Mo discovered a flaw in the netfilter subsystem which may result in denial of service or privilege escalation for a user with the CAP_NET_ADMIN capability in any user or network namespace. CVE-2023-6817 Xingyuan Mo discovered that a use-after-free in Netfilter's implementation of PIPAPO (PIle PAcket POlicies) may result in denial of service or potential local privilege escalation for a user with the CAP_NET_ADMIN capability in any user or network namespace. CVE-2023-6931 Budimir Markovic reported a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system which may result in denial of service or privilege escalation. CVE-2023-51779 It was discovered that a race condition in the Bluetooth subsystem in the bt_sock_ioctl handling may lead to a use-after-free. CVE-2023-51780 It was discovered that a race condition in the ATM (Asynchronous Transfer Mode) subsystem may lead to a use-after-free. CVE-2023-51781 It was discovered that a race condition in the Appletalk subsystem may lead to a use-after-free. CVE-2023-51782 It was discovered that a race condition in the Amateur Radio X.25 PLP (Rose) support may lead to a use-after-free. For the stable distribution (bookworm), these problems have been fixed in version 6.1.69-1. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmWSuDJfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q7/g//Ski3EY0dL0SNhIWCSVOA01f4rZbW8e+65GpQofJtckBb2Wk1ZyMb+eLv U5aRfscn7DC2J0BiX+/JjaboTx880WcUQw5csbSzb2bEGhsHBwHkCG31qaTs5ekG XH654gBja/FmGZOvQ+YwoglDMCbCiSrUs7fwe3kPhlr3XRHs2ZdezKrOQ3m2bo7g xnA7UwB+5xwbbnweYkmKxtowM+x4XUDsr43/YR+mbeULzprGQGbyxsi8txKJQ8d+ xqyxCl5zki3dF/baBhBLPMH26GUs6fGsplhht9ecUcKXiNeyYLBX6Aepb4YDEgKN o0tBDPVundFPxyQzr8qMfdB0w6+4U2z+QavV/OCziNIKXbnrNUMpjF6Pks+geneY R+ut1KWHVkOJsAgI3mGrLd+tjPSEsdUB2EJhlFWpF9XJnBD3KV9xPVOBN3ZjL1+o t/ow/5XV+LZTihUQ37stcJRnl5U1CGWlBWbUonc++eGbCAvFNaV6gTfADWyz+/6W z5eKFZpj678AFr5RbkgF2earJUT0iC3vgtKMTiEsxNoRMZgVOu8iiekX+gpWBkdt 2w+dAAu8VFixQ5/Sl8LDYCFkP8xrtf31XiNBsrMZzxJDfMtNYMi++iQXSW8LyoL/ JqbEQibQU57ls29SbvoweKCnK1GgBfhrqqGAk7/Pnax0yuK4z4M= =9GI7 -END PGP SIGNATURE-
[SECURITY] [DSA 5592-1] libspreadsheet-parseexcel-perl security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5592-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 30, 2023 https://www.debian.org/security/faq - - Package: libspreadsheet-parseexcel-perl CVE ID : CVE-2023-7101 Debian Bug : 1059450 It was discovered that missing input sanitising in libspreadsheet-parseexcel-perl, a Perl module to access information from Excel Spreadsheets, may result in the execution of arbitrary commands if a specially crafted document file is processed. For the oldstable distribution (bullseye), this problem has been fixed in version 0.6500-1.1+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 0.6500-4~deb12u1. We recommend that you upgrade your libspreadsheet-parseexcel-perl packages. For the detailed security status of libspreadsheet-parseexcel-perl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libspreadsheet-parseexcel-perl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmWQQZFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TiShAAnw9dvwoVVB0rw6nbZGYyNhGsXStNBiN+VFkhIrhE3mfLpiDyFduAOEc0 HqA/SgLUC5hlK45CkubvRzOggFOEOakwGRGawAHRbtOW64ScyFTCsG7j6RL0z05m DqbmlDekey9LJQ/i6/AviZ4NtNjZ8zebucG2YHRj0j0zplqOyRdhxIud4hOSnH50 glkQRlyZz+vOtCHDncv5otlugrfk8ZS/y3+lSMQ3QtvgGxkSlgrTkK81OH0CPn7r 0PJ/XGVN5Cb/DY8yWaTDwbLjwSLWKNFC5Qj9HgkQB8utUwGaerkoxdn9JG4JQTjh adu6umQ+VGgUjfVBxtlYBO3kTXODvsDXAb6qoHzce6jrBoYCwaTzAVpaw1ivRKCU AOSzIDHnwJQzA6nEUlDN7fY9qyb1BeQHljFTFh57rvmPCrsQtzc/mlPQyC5s//j0 6f+FBpnAqKlpdr//U+VNehiv2dmls1coL5xWo68j6wUDOOcahy8OssOlJyvSkS6n 4QzwfsKXTef/e/5kbDDhECiO2zLtl1AtsC6KCYZ76kVpFj2iRAIEY9JFTvNG8CJP podmlPUSjtF91A5AJBqXLKyjQQHK6ufB4Au+pnq+EMcgd+Ql8w9GAU9VekvbQZCA 4hPD7uhEQ3DnQwQ3qnRDaD+R3ZIbWyuWzqbVoCWT/DIN5DYUXDg= =Yl6V -END PGP SIGNATURE-
[SECURITY] [DSA 5591-1] libssh security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5591-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 28, 2023 https://www.debian.org/security/faq - - Package: libssh CVE ID : CVE-2023-6004 CVE-2023-6918 CVE-2023-48795 Debian Bug : 1059004 1059059 1059061 Several vulnerabilities were discovered in libssh, a tiny C SSH library. CVE-2023-6004 It was reported that using the ProxyCommand or the ProxyJump feature may allow an attacker to inject malicious code through specially crafted hostnames. CVE-2023-6918 Jack Weinstein reported that missing checks for return values for digests may result in denial of service (application crashes) or usage of uninitialized memory. CVE-2023-48795 Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts. Details can be found at https://terrapin-attack.com/ For the oldstable distribution (bullseye), these problems have been fixed in version 0.9.8-0+deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 0.10.6-0+deb12u1. We recommend that you upgrade your libssh packages. For the detailed security status of libssh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libssh Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmWNhadfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TR1w/+Mmnf9FXB5B5jQrYIpKB+7ksoXkhNRs92qXbM4SoMT9y8Kps2Ao4cyY7X 8S8eyzwSF1Q847Pb2yfmjQqFwonbjca+uSsvVfITYl0lwZpvV8vIdtZNbQmFp9l9 QTohScBg2xKrOZ/G9A3dih8vWAuvRwKq+5OqRyPt5cHGLZ9isyfF0ccsRvw41lbU Uu0sfOZetfsDIT1F2Fg3hQW4LzMA1n3yrRMQkOH9iJtdubAoyRE5MzVQktG5FpyG zcDD824k0vqAnKeulKhb8hf0vpkW2Ji1UDh3eFqoaYRppBFpNyOKSKP1m+pab6We aUVpIIZhFFIKovR/ZE4LSpTPb8ZLSkrpBSadtxQ1GzCq8EYTfTABVd1weaxaHhZZ ctrbXeY6EPwc2OQOOozCbyNERve1n5YqPiMfHEheDoaOkxMMB4fiNmXvveSq/eCN EhSzCdXCl4Z0SKk71gnXUw7G832p2He/mzkVJqZlUusCOWflrUXZa/fcEO+CQNvU ZRieJDmcXZDBlqC7HC9Khoonth5Gbst//UPL6zOYa2auJ+ftUZLvPeSGMrKdJ//0 CNiG/pWEBggHku+wocggj9ie00hpAltuv6d3nVzLDSNntcDzZ2KpUS6f0Vo8jfm9 PvJ4ymTrCDypWOVEmCPq4h68AFwv75q56lyhvPU0UxnW5524C/U= =IV9+ -END PGP SIGNATURE-
[SECURITY] [DSA 5590-1] haproxy security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5590-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 28, 2023 https://www.debian.org/security/faq - - Package: haproxy CVE ID : CVE-2023-40225 CVE-2023-45539 Debian Bug : 1043502 Several vulnerabilities were discovered in HAProxy, a fast and reliable load balancing reverse proxy, which can result in HTTP request smuggling or information disclosure. For the oldstable distribution (bullseye), these problems have been fixed in version 2.2.9-2+deb11u6. For the stable distribution (bookworm), these problems have been fixed in version 2.6.12-1+deb12u1. We recommend that you upgrade your haproxy packages. For the detailed security status of haproxy please refer to its security tracker page at: https://security-tracker.debian.org/tracker/haproxy Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmWNbchfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0S/3g//a2z//lFBvMI5Awp2Sf/l4QEzwYffDa6V62Yjcryhv/+gpuDSNleuXFxu 7JuDQHZzUNi+Lv1HBO5F+393dwSGLDKrdFwOJO9NNknmja9cGZgJ69D1EjDxgRMT RvTHm5T4rM6J/bdGF4z5c12TRtxQqhg3K+Eymvkv3DtSfMu/Nc5ePF9RXhiMk2U3 wj+7ftDLta54BkzksCrIajfbPHN7XeSGzzJ6CI+5v7aVXbllc74WUO5hF4c51Yev +TrewQWOLg41LVXpk8SlEeGK3YN+JlQf+PtwRFlMeAeghwpGnEhm+0h5d/mg54Fe Q3f4Kp46WJcPBJONn+M9nJzn6ujP99vtr3QA+mmJ+OPAUn8RLwUuLUKQdsN1PtNQ ImJe5LMFUQhon53i4p9yN1jmJ19l1uKjI4IbZSp2NCYBzHNyP0gfKONrbhzfp0tr WbxRCC+byMBNOSwiYdCw1Zo9602HP8AoOtJd9bVa4o74gC9a+pzieKqZX0hdjlfB ynJHq2KgKsu/gTNctOexjCGlckQ3EGLqgXqLBF6tZpE1AR78bpyT+XTfYRaW7mwa aAxsFDDVH757EsOqBnjKORdjlm/nLspAzoqxYSZfongjivXhYkCb27+jMizFOfjj d454amXH8UGrqf8a32gCef6ph9CEkRkxoa5lxRZx55r7Ml0Msdk= =69Rn -END PGP SIGNATURE-
[SECURITY] [DSA 5588-1] putty security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5588-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 24, 2023 https://www.debian.org/security/faq - - Package: putty CVE ID : CVE-2021-36367 CVE-2023-48795 Debian Bug : 990901 Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts. Details can be found at https://terrapin-attack.com/ For the oldstable distribution (bullseye), these problems have been fixed in version 0.74-1+deb11u1. This update includes a fix for CVE-2021-36367. For the stable distribution (bookworm), these problems have been fixed in version 0.78-2+deb12u1. We recommend that you upgrade your putty packages. For the detailed security status of putty please refer to its security tracker page at: https://security-tracker.debian.org/tracker/putty Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmWIB5tfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SDBQ/9FAw79bM9LfLI7aFS91kMvrxyhviu7KppEpM6V3OR6gCdrqj6L5MrWY5W G0+iYGdG1fHEoZkvYXq8HnMhsVBD5UuKDGHQ3Z15g1AaIc8tQ67cr7fM5PjYgijq 8z3Vae0nH2WUn+ZIrdf4CnJ2dwiUa+M37UxyGfCNYoEID0KhZrYTuJFLWF5wrIqd p/upvzSBjQ1/fD0O8O6gK4ZCDhKU2/rZuMtnuiQ2ho3gH8J9odHyypqpNquQaslD M3SizrmheLZYhBbCKTggNd+kuMEgkeDg3VRih0VTOggh0CzR7NZbLitoviB5AvzV CFPviQCQOMKQPkBqgmKzDaobTOqwUZ+df4c63nxbENyrXGl9WwTAiBYT19TuX199 TpgjHcmWYwPux6gdga3OHdo7m1eOMCG46S+joLDo6FnUcUMjA2+74z2z1IpYzE0v b+zK+l8Nu74RGY/gH5ewX9JCFGPRiPBwhtu0TavYO1nWbpcz0Z2jrUYIM7kS/3Sp VUbiH9D+PyBJOawxDZSuiEhfOgilGl+r0d3MP0S0Lo2OoKPB9fgVYj5ICyn8ZBQz /bhxzi+wDV0XFkzM8fxdtbq4BwHVXzgmPKdabwZuNL9eViSF0XmSDG0lwFDDT1lK kCcBRnvdpvP0dxFzjfLnWZvISylGDR31q2ZGHIonDq+2yJcFHX8= =qdiJ -END PGP SIGNATURE-
[SECURITY] [DSA 5586-1] openssh security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5586-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 22, 2023 https://www.debian.org/security/faq - - Package: openssh CVE ID : CVE-2021-41617 CVE-2023-28531 CVE-2023-48795 CVE-2023-51384 CVE-2023-51385 Debian Bug : 995130 1033166 Several vulnerabilities have been discovered in OpenSSH, an implementation of the SSH protocol suite. CVE-2021-41617 It was discovered that sshd failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive has been set to run the command as a different user. Instead these commands would inherit the groups that sshd was started with. CVE-2023-28531 Luci Stanescu reported that a error prevented constraints being communicated to the ssh-agent when adding smartcard keys to the agent with per-hop destination constraints, resulting in keys being added without constraints. CVE-2023-48795 Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts. Details can be found at https://terrapin-attack.com/ CVE-2023-51384 It was discovered that when PKCS#11-hosted private keys were added while specifying destination constraints, if the PKCS#11 token returned multiple keys then only the first key had the constraints applied. CVE-2023-51385 It was discovered that if an invalid user or hostname that contained shell metacharacters was passed to ssh, and a ProxyCommand, LocalCommand directive or "match exec" predicate referenced the user or hostname via expansion tokens, then an attacker who could supply arbitrary user/hostnames to ssh could potentially perform command injection. The situation could arise in case of git repositories with submodules, where the repository could contain a submodule with shell characters in its user or hostname. For the oldstable distribution (bullseye), these problems have been fixed in version 1:8.4p1-5+deb11u3. For the stable distribution (bookworm), these problems have been fixed in version 1:9.2p1-2+deb12u2. We recommend that you upgrade your openssh packages. For the detailed security status of openssh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssh Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmWFTwlfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0S6PRAAkBJzc/CFQgXLtms7bom/Vw750vvqEVhj7ojOPHbmpoppVIjFR768C5Z6 AO5HiP/uH1tk0x2zejbPhXRgLK/2PEuCTA/4w7UeTzYIGve3IVKVgNs+/sgWQBuK M1xj8zL1PLkRi6rSXAvGpTxqdCtWC61AWHOl1Q03w3usilETJKDsulOBb9sQ9Uid xSRxDUAS//gyRdW+K3D9HsPYJAW/oSu4tJO+UXI1WJTDY1N/i0cq7yH16YXzbEcV dhttLyR5fWx000fSsaaWXgYUS2sSYUfOKPfw4xdePpdeBYNumnpehjfCED5C61EQ os4uvEDi15X8M599/+u0oLVJJFXVSfZ4W1ecFWcFAvMny70F0s1a7AxQCcN3sXkt kLAuOXJHmmhBeqSj1kVKoLcg4WSlCdglRr6KgiXqUVvfUBsWhseoyGJ3jST3PQcZ 70/lIJofavLJdFQHlPTXs7lDnFttgzuB3xE5wM7TeXs5L2l9QI0W64YCtWthqApL c7KjPGmAx7xYOOp+aHclsP74nBVZs6tcvHPf9Y/1OK30XkoMbuW0+oH1rCu6EGs0 F6Th1FneTwRN2NEhzpQMr+34m0T8H7oymiQmi9C+ZDhCBDRcpN4sATYNh70Y/t6y i8k/vZcCCfLxQgdiay5JJCWJPf1pvvmPbgMLs4WVELr/6E9xIR0= =2W// -END PGP SIGNATURE-
[SECURITY] [DSA 5584-1] bluez security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5584-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 21, 2023 https://www.debian.org/security/faq - - Package: bluez CVE ID : CVE-2023-45866 Debian Bug : 1057914 It was reported that the BlueZ's HID profile implementation is not inline with the HID specification which mandates the use of Security Mode 4. The HID profile configuration option ClassicBondedOnly now defaults to "true" to make sure that input connections only come from bonded device connections. For the oldstable distribution (bullseye), this problem has been fixed in version 5.55-3.1+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 5.66-1+deb12u1. We recommend that you upgrade your bluez packages. For the detailed security status of bluez please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bluez Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmWElXhfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Qbdw/+Ly8+kB39iFkiQiFluySzb1mPvYHz0RBYx5aa8iLhWU6SuuZwFGv1ZNTf r16whtZOmBGYPDjJrRbksd01rNxIlwW8jaNPCOiDySYqrw3Ni0cbWRYrtNSjzOYJ cwoPg+4OYEiY+0HkAuTaAfctD5Nyf6sIN2dMsy3VERxZAlRFMUElAVn2obhRoW3P VtQHfVsedGcVsmxHS72MnXIEBYhFu9Q+lA80qfteiPBnQUFo41DeV1ar1uGBhDWG qwkl+8+etRYhnLMnX361Hd+5eVAC8IIQQaFR+5lfq7VydIcDcV2gpENOxNj4G3T1 TSJ+ts6BX9BSuPVXFckymid71bbUJ+1r/IpvA8nlc+UIDTPmpZygijohMkjOpuNH kwkPVuRNmOAH6/umh7auZn5donXaPA8k303EUvaMNpGxfmD3jxdLsDwrrE/qRtGv kPCV67y0N6ZaN1d8wxuIcQ4aiQVAgNlmi9hhAfYhhhdt3y/oGcqMT2iUPQIla3Wj sWRUYt8mTcZdG2g00WBj+DTh0EuUwd9ILYPfSK+zWf+ikQ1+LrQvfVEMD1ejWmIg QI6vxwN9wiim9PydlAbtlsQ4vb/246MPuWbXcRS3omW3CvK86i0GpSVvpjrr2DmB pQ4rYr6bFcVINzLr79lz5GMGIpuShCllrtLkXofyfhinvNthKZs= =DXXJ -END PGP SIGNATURE-
[SECURITY] [DSA 5576-2] xorg-server security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5576-2 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 17, 2023 https://www.debian.org/security/faq - - Package: xorg-server CVE ID : CVE-2023-6377 The initial fix for CVE-2023-6377 as applied in DSA 5576-1 did not fully fix the vulnerability. Updated packages correcting this issue including the upstream merged commit are now available. For the oldstable distribution (bullseye), this problem has been fixed in version 2:1.20.11-1+deb11u10. For the stable distribution (bookworm), this problem has been fixed in version 2:21.1.7-3+deb12u4. We recommend that you upgrade your xorg-server packages. For the detailed security status of xorg-server please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xorg-server Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmV+8INfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RTSRAAmuUhWkJzbFNJZzIZxvPxX4grTvBw5TlvOs9VovPtHWmlvnqzIvA3Q47Z 6asqdnWqTgEamK3Bgb/+s6qOzqK4G8cRtP1dq1dvg/OimwKRY96x/Z6+aySW4UEC SPDroT7AXAEMPzYMbgsZh+SIfQLtevEKf0SiuFpF3/e5qWajpZspn+/1o/WEGvxY CqjX+fOrXTWaR17faUiV8fCyZn0ApXv/XSnimgSXniYiK8tmXWNMbl4lyhP1XTuc NP3wNU0NFmsOXJNtxqpz/IQUvS/OzkNye9v9s/usmigLBlVo7J0wwM7r2d/BMVpt PiwBgo6vFf67l53X7iSG6OkMWUazmO5K9xEGuOdHsmKkZg96V7mJPyuSfsk8vXrN aXsHBXk4EwbYFcGXpH8l62GJ5QwzhYnlwIvmGh+DuQbrI6bk/wOdTVe99PbduGm8 tftGQFryg9Uy5KHyegMl9zR7jT/KkE/hGEB9KCwyWVPYmUxAEo5WMRL0YFMH2R4n 4luimBbgLMTi7yWmkG7TLgfedPOvW6cJxs5Qnft0DH0q1sJVYinZ0nvfdCPROF2N +t2Ko/oDHSyD+ylX9h4VVKoI505cqvdn1mzGXRa8O7d0nyA0O5OPF+2MJPTlvn1d qmcbU1om+fKAdZdSIkHF4cZ3yymmQYoc0udUJk1q2csLOivks2A= =pTcv -END PGP SIGNATURE-
[SECURITY] [DSA 5578-1] ghostscript security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5578-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 15, 2023 https://www.debian.org/security/faq - - Package: ghostscript CVE ID : CVE-2023-46751 It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly handle errors in the gdev_prn_open_printer_seekable() function, which could result in the execution of arbitrary commands if malformed document files are processed. For the stable distribution (bookworm), this problem has been fixed in version 10.0.0~dfsg-11+deb12u3. We recommend that you upgrade your ghostscript packages. For the detailed security status of ghostscript please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ghostscript Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmV8yaFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TAJg//dwWvcufMw6RfXljQUkeYvT0LHK8QqRPD7Hv64h+OYGV3O5ptm6vMsWQN 2PEhtrkfQdl7zSugPHcBb0w2M7ZhzwvtbTgVCy0ljnLqucH1H5sE6MEy81hy2UXH c6Cu67h5pbvTaqFE+NhtLpd3ewAhTjTYvIKewm5izrk4XYIr9pzsNWGJACZoX2Pd 5qgCdmkPLm8yCBsZp8J5zNxRNr1z9SWp61o6QWkvdaUGRvUe83/5hn3nS+14dgA/ 0W/3REra8w5kr6tzYdqd2Xwwr/fYYC091XdPejykI/Bv/nxBc6+B+cI8vw+kpqgm ptspuN7LbrjkdQ8ovz1xoDQyyhWt/gVLraNP5Hy/KvX89XF/C+HEeUPDELGJkLMi AIsLzz7NkJ/iOPAiQNk9Qr0/k+Vz9ThTKrFRTCu1CaHOuTB2dzrYfXpJCBktzls7 t1fsDgGlDabR3fYX5WhvRABTFn2yxSl1KVcKfnRZvF3z2kSoQlj9Jqb/IrVdNm4N 21w+2C52fZAHqVv5ccTE7OncKXddevvPXacq8eZuOTSJJAuhgxqIQyetfYABOdEW eIPxc/lvfvaD+O8jDxXQR2Xs9Gf3dMgk9BZCUMkPsK02JXJIfq7rCjk5pnHacv7l WS14r23/EPPXhEn9Sb78Jvn4YrDF1hC1fPiBVulZteMWiRhEWNQ= =Vah7 -END PGP SIGNATURE-
[SECURITY] [DSA 5576-1] xorg-server security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5576-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 13, 2023 https://www.debian.org/security/faq - - Package: xorg-server CVE ID : CVE-2023-6377 CVE-2023-6478 Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged. For the oldstable distribution (bullseye), these problems have been fixed in version 2:1.20.11-1+deb11u9. For the stable distribution (bookworm), these problems have been fixed in version 2:21.1.7-3+deb12u3. We recommend that you upgrade your xorg-server packages. For the detailed security status of xorg-server please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xorg-server Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmV5VupfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SUYw/9EQ3fcLsEcUlDUGzvGo0KtjR57/eAdc3xJkMgVvX+izjW1MADBnJ7UeID 8vthDQnpS1hePUSGRcL7iWjFLO76E3enFpi9LvAR6/uhwvBnRj1crKZcYF19zakJ efQY453/N7KTgFjHs0r/gT888VgU3S1QwFljfbeIfpWvINcFYDzySbxaobkO+Giq UmkDHYxcu+3XRfsCzkPTaDRYTk8UR4Gwidh2ANYiGHtVaZRnykJYXUC5kPNOCwvf xsjzsWnpbimIJ7IhMQDwwNnnGeWWxhX8+m8FnZid7Gv+bcSwzfPh6f8cbN9/azKf kN9qb34k/dtlqgWKlnrp6hWGraAyO/DhOQVAkbPLAQG44tTXTN1oW2MVi4AwLndO BWknANWf3uMrJd7znB//fopMxpHJObI2Y4NnoPRHbCPu4XCeILZunIvEDM3cpx2t bLWK6M35gOmk9hBE+3gzjr6/e6+ksQ4L46dTtw0BKrekWtZuncN6Vj9ULB4Scy9u T7/SNz+NNVXU/2z8eD6HepcyWl6/ZtFsTwRZC6WGJMOQx6xajXelLcLlLyW2/o0E pKmWyyjDz2oztwKRrUjdCrVM4N5JQW7MzgdK3/+ul0+pTqwWmetTGOPha3An9BD/ h3n3aVEdaIr6NQ97S9Z+uDsimEQ30WI9p00pbkpyK4mDpJFtzq8= =M7rh -END PGP SIGNATURE-
[SECURITY] [DSA 5565-1] gst-plugins-bad1.0 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5565-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 25, 2023 https://www.debian.org/security/faq - - Package: gst-plugins-bad1.0 CVE ID : CVE-2023-44429 CVE-2023-6 Debian Bug : 1056101 1056102 Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. For the oldstable distribution (bullseye), these problems have been fixed in version 1.18.4-3+deb11u3. For the stable distribution (bookworm), these problems have been fixed in version 1.22.0-4+deb12u3. We recommend that you upgrade your gst-plugins-bad1.0 packages. For the detailed security status of gst-plugins-bad1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gst-plugins-bad1.0 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmViCHBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Sw8Q/+Kc9Lp3Zl/JqOl+KE+OQ1BpRmcEdbIjruR+TVuBRkVfasH4IG3nb82dQn 26SeXbR5GA8o48knQDAlHMhurRUVNVbdXDLuOs2+SsGKFrVuv1KCQacqJIH/ybhr AZplbQPUVViJiQlEGy5j80eOfifnlHPvQZKtbqp1y/GvTIK56Pg4d7HNLjWeq7+G 4sdxZeAPSqKdGTOh2fzzy6QIL7QX3FZgBl0fr48+0EdQLLqtQ0dQwSkpXibHZnf9 PmT+/q3R1pk47n+u/OqPXHMN5+7fJZU6vWgkwfvYIUEVHHL6MlDuNLBVmA1gAn0X neRngzuduDoiiKBPSbPk4slcFUIlXpA979IcG/YhO9fdSDs+cPn0euZegzLOgb5v S+javZtGSkRVAwH1O2wNMF+mGvXDWxu1y+foKylQ/KYr2OQBOGymANsX/jw6pWCA V2bunxab0pPUO/o8m8aq6+XkRvht+KWBo884ze9KvZFRxOivYRP+uKxzc26dZzrU xyIGnVuW1Q+iZjWojNfNgpX/oG/c7Ch6TtBxZQQqAdddAlQQQi1rieNTUq391dT1 TQkyLynaeVmpdKMEtapYwcg+WZfD4cl6F+HhKD3zjIvZRr3EOXloIUY04Xh+/VKO 6nnKs+TOyyLXjrEUPEE51qQ22ni9kT0ZppbvHrsDwAsCAER7yxM= =Yk/C -END PGP SIGNATURE-
[SECURITY] [DSA 5564-1] gimp security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5564-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2023 https://www.debian.org/security/faq - - Package: gimp CVE ID : CVE-2023-1 CVE-2023-2 CVE-2023-3 CVE-2023-4 Debian Bug : 1055984 Michael Randrianantenaina reported several vulnerabilities in GIMP, the GNU Image Manipulation Program, which could result in denial of service (application crash) or potentially the execution of arbitrary code if malformed DDS, PSD and PSP files are opened. For the oldstable distribution (bullseye), these problems have been fixed in version 2.10.22-4+deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 2.10.34-1+deb12u1. We recommend that you upgrade your gimp packages. For the detailed security status of gimp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gimp Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVhJD5fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R/hxAAlMYQg+W/jKy/+bgIgisVlRM1dSij6pPFqqCh0aMZr9j8AX8CpZvJBCiR mlfPZe6qS88LKt70zX5xoJOFQ5XS/b9HTMFrv2V6l3pe83Hag0sJOic4WbmI258i B6DFb3qVA9PZjQ+a7JsoPBVc80M3o+rkFbdn2e/d+6ApLxq0XGb3iH0JkYIny41F 3FLYhFI1iRCbX9Oxhe91MmtM2CvI5/UWjALS9+U3IgnuyfnTLUEkCfMnvTLEiMBB Twt/rD+zhOEFMvQazocoqEDDjmo4aJ4CVC78EJYbfthUH55JVordifVS6u0tQM0w XGPJhQPsDIModp0KoukvUVlj/LLKa2q9xr5IAM7G5IM3vah8yAFAiF5BFEE4nIRt BBlwfPPVJjrnZEd+pb02HaKgD7bdmAC775HtX8ExGmMeg54ckXv3gokUbFIzDXBA KXhWjoNztrrRiWIo08knZCIYPTxe0Ou6XvrYxcD0UufxqXkSsCdYzC+aBIJasfpd XpbUZ6ECwK/A7DmaIj7Ar4ssvQKf0uLGmQDzGZiLpNsgXg4tR04xCBwQIU7ONr5b 629hDt0Lo6QCjNsSlWKNdOkiIZ3DIYRGUEq4dL56pa+vz74nhvEYq2pWu5ijCAk7 XOZWuw/CkcMpeXp4Y5yZ88eUYdM3bvpCgriqXvpWJA1NxAiw0/s= =EAEb -END PGP SIGNATURE-
[SECURITY] [DSA 5563-1] intel-microcode security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5563-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 23, 2023 https://www.debian.org/security/faq - - Package: intel-microcode CVE ID : CVE-2023-23583 Debian Bug : 1055962 Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa Milburn, Hisham Shafi, Nir Shlomovich, avis Ormandy, Daniel Moghimi, Josh Eads, Salman Qazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela, Doug Kwan, and Kostik Shtoyk discovered that some Intel processors mishandle repeated sequences of instructions leading to unexpected behavior, which may result in privilege escalation, information disclosure or denial of service. For the oldstable distribution (bullseye), this problem has been fixed in version 3.20231114.1~deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 3.20231114.1~deb12u1. We recommend that you upgrade your intel-microcode packages. For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVfcuFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SRaw/+JwZlE+c2OdKBuLSQCrlASs1iM+iDrbEYKWU/F+RX5HZgB7O5d953MSnC 3jIE0+93CY0oW6iwc3ZTaY4cVt7bVC5MmAzkhcVuxLFNqHoBMUtiqIFX4TguWokA LnuXQRrs6+DyZ+3C0gcvHtINnEJzlhS8Oqb0xyJQqSlpYiNng7Wa/F8rfLYGWh6Z N+KIYlyVRBfSO+9pMhRFCM29DWdakdgC5KfHNtRENZxpgeGRxCQQuJIs30hIqKc2 Zma3AcSDU3hiHYSXTD7GjMxD5MYkV0U3ervXgcsfpmbW0rczOOK49VZHdQC2frYP EYnFGSMwl72adEtdKctocqRSjtnAbCanEY8Ses7ihTB5l9H7u4TXgzJrHnZSiZ0L Xd08AJ8m5zglYg9t4UF3qRYgbdRdAvcOpqggAsZVT5UJWVTVP1rAXhyWGXqh39k9 /+JAwjJUTVBIkgJMWPWvj9vLeR7fNKNkJPRfi6wRVZ+cWf5Z2/VqHRkjgT4pDImy adFzRFFzy2JLLett0wpF7Elkpb/0RFOmZw0GbBIOM3XU+/OD93TcT0o0i4gU7DHi W/tEOUk7tnGcIAz3/h9yaOVObm36RdiAHZ+Mprk/GpiSLBsfBQueo+gra2vo0qcq pEgA2XiHqT1LQeqcfJ5AXvdBZAL4bxeWx6DteLL6k1OLrvg4qUc= =l9kq -END PGP SIGNATURE-
[SECURITY] [DSA 5554-1] postgresql-13 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5554-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 13, 2023 https://www.debian.org/security/faq - - Package: postgresql-13 CVE ID : CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 CVE-2023-39417 Several vulnerabilities have been discovered in the PostgreSQL database system. CVE-2023-5868 Jingzhou Fu discovered a memory disclosure flaw in aggregate function calls. CVE-2023-5869 Pedro Gallegos reported integer overflow flaws resulting in buffer overflows in the array modification functions. CVE-2023-5870 Hemanth Sandrana and Mahendrakar Srinivasarao reported that the pg_cancel_backend role can signal certain superuser processes, potentially resulting in denial of service. CVE-2023-39417 Micah Gate, Valerie Woolard, Tim Carey-Smith, and Christoph Berg reported that an extension script using @substitutions@ within quoting may allow to perform an SQL injection for an attacker having database-level CREATE privileges. For the oldstable distribution (bullseye), these problems have been fixed in version 13.13-0+deb11u1. We recommend that you upgrade your postgresql-13 packages. For the detailed security status of postgresql-13 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/postgresql-13 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVSk+VfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q9rQ/8Co/OgM7q3kXV9szTFTh0K0s2+7W04CRaNA+BGESpsnKUAG22FApRbGMG txECE/zyhih7Bq6knDkjwU1TS3mzd5ra0aQEvuErPcDf1oVAm5rzEf8C2bDBZxqo ZuuV03fuh468TQWdUaICoKWueLbSOr0wkh8YLdTOiwSldQg4JkJ2rmWLVx9mxsuT 5XQRESxgMekCkM3s1H+dIo3Bncf6hW78RYn3oi2i2txwwrEmxsYadaBbvqEkdd/G 0/mrkaxF/H9g0CCxrVlcHCfGNfcd9aM2mcYjQEUeypb3CV6ybQpWKgwc0hxXFKUS ndc9iP/DuOnAJTMOQAzxZ5R4wincO5Godb1x5jdCcSCMOVt/5vj/QF5tAvI/85Rq lwgSY/orrB0GeRtNrbi82UZsvLuiOUbgkad3+qEthD+9FQJgTGvMqQqgC6Mr9Ga1 VVlUwMsZsVjkjbeMm75i7dKi5ya+uqlCdVp3zDw9jGUcfo2+BG2uVepVdoNqWu4b X72TdKbZ2sSkSHh4dt6Qyg5GNazix2DvmE+vB2J8jpbodICgAQ43Jq3Hruda4BjD V0C8a+u/u3Mh7Kax4niHGTYK666JyTMUqdEkJGtLx59POAdqCpIVi3+lGUSu51x/ E5pXXHzEuEYCckpxZ0sJctDG1zOCa0BbTNBVYyJEzaAvAhCzpsI= =frzV -END PGP SIGNATURE-
[SECURITY] [DSA 5553-1] postgresql-15 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5553-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 13, 2023 https://www.debian.org/security/faq - - Package: postgresql-15 CVE ID : CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 CVE-2023-39417 CVE-2023-39418 Several vulnerabilities have been discovered in the PostgreSQL database system. CVE-2023-5868 Jingzhou Fu discovered a memory disclosure flaw in aggregate function calls. CVE-2023-5869 Pedro Gallegos reported integer overflow flaws resulting in buffer overflows in the array modification functions. CVE-2023-5870 Hemanth Sandrana and Mahendrakar Srinivasarao reported that the pg_cancel_backend role can signal certain superuser processes, potentially resulting in denial of service. CVE-2023-39417 Micah Gate, Valerie Woolard, Tim Carey-Smith, and Christoph Berg reported that an extension script using @substitutions@ within quoting may allow to perform an SQL injection for an attacker having database-level CREATE privileges. CVE-2023-39418 Dean Rasheed reported that the MERGE command to enforce UPDATE or SELECT row security policies. For the stable distribution (bookworm), these problems have been fixed in version 15.5-0+deb12u1. We recommend that you upgrade your postgresql-15 packages. For the detailed security status of postgresql-15 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/postgresql-15 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVSkZ9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TEeA//aemORcM7eOsmMwuyYGoAjpV3o2f6Ji58KN/JunoHAU7TytATJbH1ImSt llsXmd4gOnBCrI2HbpFwHTlgP38Ie3XGYh9Ubtb2sfbOWDgOc+OGF9GdgJ2zc50k c/iLHIH4MmhPqC8r2aDSHM74iM0W4iXGp6d4APRIUWcTVP9GXCpVucF1WA0Oy+Pw wLbqP4yp+w+eyjkZZ7sZ8vx5Q5Yk8YBjaXkoOwlR8+3yp7rzLzM8VHYn8hSQ6JLz RJ6/gKizEHNLU1N6fq6UTHNINRq/C5fbwobW5Of8hPr/N+DpzpXI70PXj5DBFC9k MNpAsc9DlQN0RFKVIKYWBiotOV6LHKnUZlHNRzNTS+nyUmdQmc7BO0tkSm8ChNF2 +YPj3LIlZwhgqSn/iI7BA62U5kp3UeF1EoRA1Mfxn7JK2xKo7cq2opluu3dndLIK XsLjUcTOGMq6pNosz9lsJNAvqU7a5cSKCEBGHFdxZct1RHkbPNFcZUmsFhAcxpwx klHYq1Pl54g1sNZS4KWmTW1TlGKj9d0teC9W8kQ+sGbF3HB5O+RsC+1zAvySMLJ/ u7U793pwaIc/B8KKSsDTqUe9wLLkNsRT/BDxCfhs7qj/cRP0++dwLDYGHtSzqThg B/X8uUrJHsHWJ2IhK+jCpIufOaRSqoozsIqo7FNGbDZlt0ml/h0= =CPWu -END PGP SIGNATURE-
[SECURITY] [DSA 5547-1] pmix security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5547-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 04, 2023 https://www.debian.org/security/faq - - Package: pmix CVE ID : CVE-2023-41915 Debian Bug : 1051729 Francois Diakhate reported that a race condition in pmix, a library implementing Process Management Interface (PMI) Exascale API, could allow a malicious user to obtain ownership of an arbitrary file on the filesystem when parts of the PMIx library are called by a process with elevated privileges, resulting in privilege escalation. This may happen under the default configuration of certain workload managers, including Slurm. For the oldstable distribution (bullseye), this problem has been fixed in version 4.0.0-4.1+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 4.2.2-1+deb12u1. We recommend that you upgrade your pmix packages. For the detailed security status of pmix please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pmix Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVGGG5fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QdMQ/7B+6JnojbADILfhhKuVY0hFentvOj1ShNb9+m3xLCE/ZQGBtlddCmCdr1 DqOFYZ+VoxzpOSYP+uobZjo0qvisCdiig/+Pyp6zfYiYxUXoRSCU+2G9MWbxeCwS am/xKmOVAN7h4sN7slu+hpuZf/Xr7fHJ3mmBVkq3a5Q3easj12TMmgtG0zKbQAgx Is6HjfPkOmy3VCmMvZNlGdyVhKgaNsZt3EB8cvG70tOZtNzODKM38HVWGmKUmiSC 9Wm5tP12S0Ms/sZY5A3Cmehgojhdibd8AV4ef7OB3ibB2sK6ix1ddJN8De9pQRvS 77yJ8B5nztaiEr9vXsj/OK1IJBT5zru7KbeQvxhNZZ9F5mjYL24hTlBOO4ZnsdAV XoO3l0yk3bq4asvECywleu+XVWgtOYpMvuJfheKGulzYH/z496yuU4DUKl7qrMki kfUjDhXJEnJ8AdtqLlVfW80Nx5mUaunO0O2Bn7inhHqjc6qZ2QJCIME5A0EvXS42 VYczBwPBhUv3rvFfQ/zTjaIXmrnjwsHNzPkSWupOUeOAHdurC25IWFbIGwbsQRQd Y89m6jMM8z6RazZ/5HKagxfRDxws5VBRKCnTs2npMQlh/E+EV/k6BMDnPVm+wNVy qWY8gh1t6nEwMvMm8lBb3xHeQaM8ZcxjKoQTOL1zmLmZMn61ZpA= =GhRh -END PGP SIGNATURE-
[SECURITY] [DSA 5542-1] request-tracker4 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5542-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 30, 2023 https://www.debian.org/security/faq - - Package: request-tracker4 CVE ID : CVE-2023-41259 CVE-2023-41260 Debian Bug : 1054516 Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. CVE-2023-41259 Tom Wolters reported that Request Tracker is vulnerable to accepting unvalidated RT email headers in incoming email and the mail-gateway REST interface. CVE-2023-41260 Tom Wolters reported that Request Tracker is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST interface. For the oldstable distribution (bullseye), these problems have been fixed in version 4.4.4+dfsg-2+deb11u3. For the stable distribution (bookworm), these problems have been fixed in version 4.4.6+dfsg-1.1+deb12u1. We recommend that you upgrade your request-tracker4 packages. For the detailed security status of request-tracker4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/request-tracker4 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVAFIhfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Rh2xAAiVD21hoYb0v/KZ2tvBYCzLPn5Gt8TGtIAkjfK2Ld11tP+T4T4Y5+rqvd pt19lHHpq7Sv8KintaRXBZvDbFCNd1M9oBjXPf0Cf/Rc3IP8LOKuHA+53wt6mP+q mN589zah9CCjN91qhP+S6viaybIunB8G5qnWXcrkwk/nTAlqtkq9wtMohLfipKEm TYwFFwAeFJhcSnQNN1EmMX4jOY4abE5RmrMPUAHsfLlxXrPqZ8orRYfCh7DZIAnk jeastNtbpOpZbrbPNXAdl4iiGgE2kZc6IiE7siFZYhGhNL1NN3cQh1lG5eRpynZ9 q+UvUlbDM2HE5RZi8ZIdcvysEW3YZR3Tghdcb/cQJxtXKn1auXwmlo/Jf30M9gii kneMxP7SRrhmdFHsWrOlFg8B0TDiOMNs43Q7O80DFzv/e73GZFyawkklc9X1zMj/ LvN+Z2oqcfsiy7XYi88++RK8Q/M9Cs8Y4Hsct9xwGW2qtV7/quLHpJ3NHmuqC8bg AJdVxva33Of5YkZ4e/hygtu8yttlq5ZGnsxHStAC8IziCL/rUQdRRCIoLVjnQTMQ s8A+yYtJJaprCmDvHJU4pSlSMxMjqYHFR8AIO+AMsTUgKyuNzwlTpczE0KtlmB6X F5P0NExyVQE3kWvZzVVqj44M/MiysmNDHuH8qJjdjmm/hFvllaw= =tItS -END PGP SIGNATURE-
[SECURITY] [DSA 5541-1] request-tracker5 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5541-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 30, 2023 https://www.debian.org/security/faq - - Package: request-tracker5 CVE ID : CVE-2023-41259 CVE-2023-41260 CVE-2023-45024 Debian Bug : 1054517 Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. CVE-2023-41259 Tom Wolters reported that Request Tracker is vulnerable to accepting unvalidated RT email headers in incoming email and the mail-gateway REST interface. CVE-2023-41260 Tom Wolters reported that Request Tracker is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST interface. CVE-2023-45024 It was reported that Request Tracker is vulnerable to information leakage via transaction searches made by authenticated users in the transaction query builder. For the stable distribution (bookworm), these problems have been fixed in version 5.0.3+dfsg-3~deb12u2. We recommend that you upgrade your request-tracker5 packages. For the detailed security status of request-tracker5 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/request-tracker5 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVAExFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Rb4w/+L1YcgCKoOMVBlwGlYnlEYZivThfDm1S/hwRwThqZtuDn0PPHw/Skl9Tp z2D7KjB0OEV3bixDCrYowOe4sUpxt8nAmHu0+LM9yik5ZbUh/GkX1gFQhleTA6l1 Oa6PHuukFr31qwIvFse2D1MHyeKTgmWvDN8/l+mL1QB3oQ52Yh82fIBgky1x4tJl NZZKE6GVIyptnUUMYGa3QHK2oGW6RV41htB4aNl3boPrmpIXfw5dS86ZoMi1Tx2Q ww8tvsexwpWhXkGk8DTxgd+gTd0UKQixn+bRm50nuiFx5HZxTieg9ma6wbX4psPA 43r9H4lOxC5K3s/WIvfwexm0057O87BZSa1HvQE/6iGZ/ehQlP1WPxRADxAqdSGD 5G7JonHfSpVWQMa7u6qOZj6A/rWojWq3LN9I7t/SBdxIAYuV6mkLnWK+eYQz3oxQ cR2ob/ymdNrT2Nfafs2WKFpZNDx8pLFl9NVjNEoHrklTfPhZFlDXcPtm0+pk7M73 lfYdMP+3xHVELuL0wckMuoSoddHHv0LmwgXXY+6YVISrQ970YEnxV23Y4dBvI7dY 31TnGKjZ6MwWnqO3kwOlTLj/Zb+fnIfsQwRway9Q0vNa6c2NR0ONASaMtVfS3MsJ jeNKFbuRweOsj9JO3eceDevpS68kBEi1ev071LNhh/oP7KTwRDw= =DPKi -END PGP SIGNATURE-
[SECURITY] [DSA 5539-1] node-browserify-sign security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5539-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 30, 2023 https://www.debian.org/security/faq - - Package: node-browserify-sign CVE ID : CVE-2023-46234 Debian Bug : 1054667 It was reported that incorrect bound checks in the dsaVerify function in node-browserify-sign, a Node.js library which adds crypto signing for browsers, allows an attacker to perform signature forgery attacks by constructing signatures that can be successfully verified by any public key. For the oldstable distribution (bullseye), this problem has been fixed in version 4.2.1-1+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 4.2.1-3+deb12u1. We recommend that you upgrade your node-browserify-sign packages. For the detailed security status of node-browserify-sign please refer to its security tracker page at: https://security-tracker.debian.org/tracker/node-browserify-sign Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmU/2K5fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SYeRAAmffcSYdBfiH/6U30rpfiLylS8zL/ca2sILLKmfYuwG/DH6n5BJ5n+oos RrXpXhOXjhLmTe1f9Sst3hXCv0IIsJoITnrlmfSjp0CmTk3jx/VhQljSeFUCAFUk pyAL27QB76SSwqiJNNqvbKEwwatdtNyNFs/zE7Ir7lFT7hKLwryv70Mwf1xWdh59 ZFMaCGPntGWpgwSHy88kD/z6Oo3SV/Q+U73Y53Rv62ZZMNrX1ploVsI1zPLFrOQS NkUwT+nGCfe13S5GUZ/w5U/joEjXWlDbPH8VSnL7pFBudVP6h6NcgyHds7jYsHbZ AuViuE0ctEu2li/j51fD6MOZu2HRtaxi6EuZpaOTUDbq1qC5GvGa0+4FuNBVO3k3 3N+4fVARStFoWFnoqX8+0kWJvkhvO8O8AVoIMRzWEbLjeBv5nMHxggRfw2cisJeN TGIDvJfDiC7w18TDEIwDwEo1nScCWndPK5LPkI6+j9VQIVKdf9UGJS+pnWgywT9G 6EiSKS+pOQSujNV5XuWDeicV2e3CvgrVQ+kaOKvFBgpGfZwOFV2+324kCnAk1hMu pAnn7/7e/NYdDhpzmAv6fD5GfiW8WhLgRkNpKAQwoPV1Ywwr9S9KBxsWK2Lf1W4t 6RyyKKX8M+gz7rLmeGfjJ4fbGdn/xSH7IWXjBCOiN1W+gwNmsCg= =htaY -END PGP SIGNATURE-
[SECURITY] [DSA 5534-1] xorg-server security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5534-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 25, 2023 https://www.debian.org/security/faq - - Package: xorg-server CVE ID : CVE-2023-5367 CVE-2023-5380 Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged. For the oldstable distribution (bullseye), these problems have been fixed in version 2:1.20.11-1+deb11u8. For the stable distribution (bookworm), these problems have been fixed in version 2:21.1.7-3+deb12u2. We recommend that you upgrade your xorg-server packages. For the detailed security status of xorg-server please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xorg-server Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmU5Ka5fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QyCQ/+I9BqRAzJ78GD6U4eSHq/BIp8eelKlubxCbrRhLAL6bD5RT3WnqpKTvvN wW1BU6Cety4OW9NiWzOwfXPkujHs2JAow5pxmdOld7r616dS5pKNcJKM/mi+KQCb QKQw/KNo2bgy/exJaGM1GjzaAO2jhypH/KHM1qcVziNM75NO2puMu26cqlWZf6vi ALa6RYVQ8MiQqx0jZVjbr2W8L3vs05aB/+mNwucDBFmGeNjTCjQ4AFmSfjkOyZtk nUUOtCwA7dSh8bv62knLrSbh+heV+y+gsK0eQb2akyJLG5iE7CITqn1fU4DrPlFp RxeuYeXczJOPj82ET/+rKvQVUN6OmuDk6yKlpSWajYPTCVgNhzDaLRen05CqXiT1 wprIXezkCzMP6MPg1NAwPMk+VWXHz6fb48612prZBgkUetSF8wvTeZ9+lTG5Avi1 2rcY0EFtKjUVT6uP2ZJGXYs81OM5PGFqkvttcGFHLWNjQe3Hm8upUpcNgbBeNKwR HYLdkMkjrZVbAWKcbaH68ahhd6gvNWEeZFGo/3ZWcdWF73j0zWOYYKkM3bHqBNkb YiNdVtwvt4/d/haOXZ26AJOnq8rdOhfNw+nJm/YqEs7C2R4VmTzQrWRUE4qRCkmr 5RfymT7sAZUB3RcNflxyw9TTO55/LHILIuEQN4IncByzBd5qly8= =pBIG -END PGP SIGNATURE-
[SECURITY] [DSA 5533-1] gst-plugins-bad1.0 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5533-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 24, 2023 https://www.debian.org/security/faq - - Package: gst-plugins-bad1.0 CVE ID : CVE-2023-40474 CVE-2023-40475 CVE-2023-40476 Debian Bug : 1053259 1053260 1053261 Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. For the oldstable distribution (bullseye), these problems have been fixed in version 1.18.4-3+deb11u2. For the stable distribution (bookworm), these problems have been fixed in version 1.22.0-4+deb12u2. We recommend that you upgrade your gst-plugins-bad1.0 packages. For the detailed security status of gst-plugins-bad1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gst-plugins-bad1.0 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmU4L/BfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TxqQ//eRO99HAGSxBpe+slujteJrf9SkyJBdolvoEvz2ZjbiDVSJlwcGdpeYI+ 61ADafQx5L/klbx9FJoiIgRq9OtfzQMAMH3RBhL637EuzFOeQBwBWAQBqs6/MAbi tiYrFusMxPUsxt8EEBCrDZSCOgyW+HOP2nKnmxsx1LnVvYbdHF15m7hRoj6SKvpG Kf8oCHzFKG+4iEKzrSPPRjxVe1ao7I1/xzVPvDN6pFibj3wNNBRM+a5KyHpaAcpw F0V9yT+qYr9FJQEaaIk3rx5JtzNw1KHn8qds8wTZh71mGRI8WkAls8DeKNAE4xtz SGF/SLAUfKukRdYYk2IKe2zLzcrn/KCq9wcdGLOm2ufKJNeiNZUHIr0GxIf/hPOa Kh6yauX7CbUPbYlMRvG1ikt5i3uywNoaClyRXv/8viYrZJC8FfW7Q702UrbBzXzc fkG2jhYXboaZmaMZeX/jXp1tw/GmOvZoPkxQfaf9QHG57ly3gu132dKezzAmXQS8 DHrDFvTqL8QKbS9532YvMsS6/JTMqnoZ6ykcSjgXn1pOedxENxA0xw6S0K9aV4PJ CR9i3DK7CRe/Sf53IlK6+zhsBgrXce3TU8EOAz9PavICEedVaOSIwnW/uPyxQlNe omGF2ka6RC4NvK42/i8SioDWNHtVpUYA/L6hhRrLXP2V9hGHznU= =GYlt -END PGP SIGNATURE-
[SECURITY] [DSA 5532-1] openssl security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5532-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 24, 2023 https://www.debian.org/security/faq - - Package: openssl CVE ID : CVE-2023-5363 Tony Battersby reported that incorrect cipher key and IV length processing in OpenSSL, a Secure Sockets Layer toolkit, may result in loss of confidentiality for some symmetric cipher modes. Additional details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20231024.txt For the stable distribution (bookworm), this problem has been fixed in version 3.0.11-1~deb12u2. We recommend that you upgrade your openssl packages. For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmU4GHNfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TXww//aymYKy2Mo+x2RSQkTt3ojSPDCR0nOfdMPy5yYVUQ0CL4NdngPvtGuTTb H2pdTOBo9RF0YJzCnVA1jCS2UBc//grcsnB3RkW2zzRZbXPTELsLow43/w/jo5lZ vm4VYlxiYUiTzXS88LM4vUGPc62cDE+BzZUDOxsygvwqpqa248T+ZdhDFSoIyoCN WaTBjBmyhiqD7OMp4nv4ui6qX+srBbOrLNoiCbzStwbg03pi4WNrfCIKadIy5ibY FjLL73Uyp/mHj+C1OLotPiKV1CLkW1MsHZYhen4zTchTRNEMORsoVKHLvW/X+njE HCMmRfqIvF82EN+9fw33FGpiI70HLjyQIwVQ+NabJNLANOJG/w7NqVMPngQz7BND ddPOnKMXFpaxmlWM+LR7HBkArSOz/cUb3lpyCheL5rs07FZDGmGZZrHKcvuFKvwS 4gvNoBSkNSMHMloAPcYI6SQsKk6ps62E55tzzhyAgIZChJYy4RH3azT/Ud2JohWe dhN6ScXXYEOQpSePA6egfdY+2ZiH+WJnZu6yoX0WL4gbR2PQTysy/P8HMnd1QvE+ OmzyfBeUPlYEBW7Wg/7u9vROGJEQWmbwbIWptV3/BBVh+b79AvegDARNvh6y+5aX VSbE5QHowfYzmwIASYIJoSggb6LQQY1h+SDVj/E6zlglxDE6qQ8= =OgKn -END PGP SIGNATURE-
[SECURITY] [DSA 5530-1] ruby-rack security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5530-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 22, 2023 https://www.debian.org/security/faq - - Package: ruby-rack CVE ID : CVE-2022-30122 CVE-2022-30123 CVE-2022-44570 CVE-2022-44571 CVE-2022-44572 CVE-2023-27530 CVE-2023-27539 Debian Bug : 1029832 1032803 1033264 Several vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface, which may result in denial of service and shell escape sequence injection. For the oldstable distribution (bullseye), these problems have been fixed in version 2.1.4-3+deb11u1. We recommend that you upgrade your ruby-rack packages. For the detailed security status of ruby-rack please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby-rack Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmU1FpxfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SAig/+MS3miFMErKy2l1DjwlzjchJC0cyfMHdVn1mpWZMd3iRVuKqqhRt/GlLS XYFRaU6loJ69WqZGLdnDJtKiOUkJPip5BIL2EZccYdg7nDkvvXs6ATffnC11B/Sn J0N7YAYubtyE/924H+mLh+rpx5sMkmGWHKGssQzP1e2erpBl3FRIQcWm/E1PkvZY 3VmRbSluAxb3nQ6+bm+5RDNZOzPtkFQkEuGFV4BNFYqh0JWO2lKLkdG6r8+SaeBG Kq5i+WtuHxYEVLB1Go6mvyymh8vDq6Mfimfas9B9SYDKjdiU3VOLoiaXEkjepdQF zSm1QVyk9aYJ6Qb5yy8hrr8XPfVuqlumF+ACpsAK1wH+WtKdiQkdZsvFpcYKn5g4 q3zMa8RSoDAEnnc9AmGGdDOT/5sdosby1XAlrO7EoVGuhzKR7i1CtAdmnvABwf1d Vqv3Jrn6pg+1c278vFc/n/fyXaHiPolRhr4xSxaNiT0OQ/f+ZUJg5NAT8WIS355k efSzAWVpOYB4kMM3OcWWwohkYWf6WuUoZZsIKvdE8dnAhV6NYaChrS6wA3fiLoQu 0U9m+4jdB0IDLy+uffIzYCfeFepyq/Gg8e6TIx/T8Rf1uX8VFAvqiBXc3oIlGQMf aulmQel8mGBXceLIMU+Ze0kRmMf3j5JLWotnKRFNDHAW11U2OWU= =tPF2 -END PGP SIGNATURE-
[SECURITY] [DSA 5519-1] grub2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5519-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 06, 2023 https://www.debian.org/security/faq - - Package: grub2 CVE ID : CVE-2023-4692 CVE-2023-4693 Maxim Suhanov discovered multiple vulnerabilities in GURB2's code to handle NTFS filesystems, which may result in a Secure Boot bypass. For the oldstable distribution (bullseye), these problems have been fixed in version 2.06-3~deb11u6. For the stable distribution (bookworm), these problems have been fixed in version 2.06-13+deb12u1. We recommend that you upgrade your grub2 packages. For the detailed security status of grub2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/grub2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmUgWX5fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0S1bxAAoIlLLu0nPXCGZRJydLVpVdkgkosdnlLxMR/oN2rTAWG6f1I2VatAPSKE rBtRSi32TSuLW3Ir6lY+O7Jk7ONKGGbh4CSD1EcFb1w7sylwHZY5mtpMfS7tCDc2 PAasJXSlMXlzRjO0pPCpazYHHmBYAap/JBVc89ZepwleegAoL1UoIaE+eCRliLS9 H00CWdIsnr7F22HNsN+SYyK0itHyqtgx6M1F5v7eXaGd5bPbN1mCTV8okBkCEU7h p14+sEQtrFLLPW1WyBzSEMPWtgrVcOgGy2wBqZRK5UoCUDBohCyjcZFig7ZQ6vuT YTbDMwxBeI6ycK8BpccD+8kZqzNKjjgUPlvu92FxflqYjg98GIa9rcBhETEbare5 RnwhQteYbr+Yn90hng5xvEXu7CC+7nKm+X4jzM2lHRGm56WCeE26+DQ0JB8J2yu+ donTd+vhgLfTgADb9V0nFJh0hecHqh5/n0Jhu5u/ImxhDzbcqlfijNAl42udQmeQ a2V6sBWJxabgJhEGeazEGuWHqpqXJk9dc8xuqWYYGmv4Fioi+2TVAI8lsnRbX4qp 0MU2hrOCHsnccV0VOvENV3dTzgRO5UqUI0xC88FLckz5JQUjh81dGvezuQ1NQNSE AWamwBka/lqyBTg7AMQEwsiximYYyO4DkSBslzMsNGi5pZCc8rk= =+IHG -END PGP SIGNATURE-
[SECURITY] [DSA 5518-1] libvpx security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5518-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 05, 2023 https://www.debian.org/security/faq - - Package: libvpx CVE ID : CVE-2023-44488 It was discovered that missing input sanitising in the encoding support in libvpx, a multimedia library for the VP8 and VP9 video codecs, may result in denial of service. For the oldstable distribution (bullseye), this problem has been fixed in version 1.9.0-1+deb11u2. For the stable distribution (bookworm), this problem has been fixed in version 1.12.0-1+deb12u2. We recommend that you upgrade your libvpx packages. For the detailed security status of libvpx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libvpx Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmUfC+hfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0ShFg//d7Jd4qC4wXcyMie8BhtQ+mJWjauimf/INZ3HpuFvJy/dXcewbS54rjX6 bCoA7Ph+eMSrHpB8HT7F36kM7bGGHhgiqRacDgyWhTo2I/ypEEuWj0BK29js7ajr vWokgkDIK4xZFqmqV6fKfD2tEa/3IdGxoreuBvta0VOi0mTe1jcuSyiro+DOGCxk SnFpt5Iyvc/uoc+QP3KbqwLqKH8KNOUZDpeIYu3lDByLRDaseuOBuKYGSQsx2lfG 3P5TmAAHJi4KCDm1vpTJW3ifHo7QJkRWhKSfQv66+Lqz3nLfhZR9D9nD9kExFnxP cNCJZqrSdYjtHDXm8VVD+MY2L8ZRCnJkN6Wp9aQHK7i3jhqTv2nsK1mTEbv9HmHo ngfFmXskzgxlnY/5Ye1MSpRflnYskkC7AG/52vYWE00aXnY9OH0Lb7LIseu/YpeY SrSAPcC5ldWgFLH1xfczXgl43Q7bDVYBoiDFGuA6Z1bP0rexuvbKEBBmiEFAOR/F kLE8HbovvuXhGMvpN2RLWGAl7EuBAAJGR/q1/XcQpcdCPVUdkz0YG//o1uNTlUeQ JkiQSzQFBwfvLF0MwnJ/bi7YIZeinEb0bBki01npLvQizafSz4HFyhAQIiRbrQFy 3sVX4BipmVNdzOktp4L62EtKlYFr7fm8/aBZDVtrcn9Lg0CQfkg= =EqLq -END PGP SIGNATURE-
[SECURITY] [DSA 5514-1] glibc security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5514-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 03, 2023 https://www.debian.org/security/faq - - Package: glibc CVE ID : CVE-2023-4911 The Qualys Research Labs discovered a buffer overflow in the dynamic loader's processing of the GLIBC_TUNABLES environment variable. An attacker can exploit this flaw for privilege escalation. Details can be found in the Qualys advisory at https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt For the oldstable distribution (bullseye), this problem has been fixed in version 2.31-13+deb11u7. For the stable distribution (bookworm), this problem has been fixed in version 2.36-9+deb12u3. This update includes fixes for CVE-2023-4527 and CVE-2023-4806 originally planned for the upcoming bookworm point release. We recommend that you upgrade your glibc packages. For the detailed security status of glibc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/glibc Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmUcTjRfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RwIg/9FzdAHadxCbk4N4Yg+aC3CmY68Z0Q2datcBWL5oLnplNNKcgsQqDDrbr4 WBphk1mQBusrOw5t5O2CAZitUk/mcQQ0bsV3YDPKTnKYswYkf6MXIfJ9Ck3uHJ0W yKVczC9g2ZLJ3uhpAIPiKro/XxKJRbek2WLJ+lgXnJz4akhwB1sd1nDEUOKz3gBH jvZj8UvjPHg1gwf1d5Xz4C3Kcd5aso8a/Tpr6iix7UJB8FZmfwlo+Oq4+/obPvJm n5Rj0x6R2GEH/edJylgzrVMOYc5bSZlTs0a4rm90oUHWYL9Y3bDIusJesSedy97H qra/DMFlQRs0JPejC+TUhLmJWvOum30WrPpdQtjSAcWuxKTse/felwyDwwQ3ogP5 tzUOeG/YmHj8kT0owAFUFiQumOifMTVNO2SYHCO3jXSLkMCOw1f9NCmcV3wU05Pe cmFJgiZpzYzg4oY+MOnJAHfryQL4RGhv+VyPk5nhMa9F8405xSvl7did0FPz7YLX aWLAm8xhO/+ZIDowfKGK54zaDt2DHqId7VGNgn196ES8abuY71Le9zj1SIkZIXdA KwEwgGTSxkfWs/ffuzrn7gvmDLvB1u1Gb27Cq3M/WoVlxqGzmufyZM8t9xJhomEY BUNpA4jr0ZKxw5t5oss8xh95OVRCCjK6HAeTbpMXWbeEVCQjV30= =j3fR -END PGP SIGNATURE-
[SECURITY] [DSA 5512-1] exim4 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5512-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 02, 2023 https://www.debian.org/security/faq - - Package: exim4 CVE ID : CVE-2023-42114 CVE-2023-42115 CVE-2023-42116 Several vulnerabilities were discovered in Exim, a mail transport agent, which could result in remote code execution if the EXTERNAL or SPA/NTLM authenticators are used. For the oldstable distribution (bullseye), these problems have been fixed in version 4.94.2-7+deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 4.96-15+deb12u2. We recommend that you upgrade your exim4 packages. For the detailed security status of exim4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/exim4 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmUa1ApfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TGThAAlhXEHvEOP7MfFaNN2Nh6Dl6wtFkPjYKB7wljZajtIkmk7IgsxREOMDC+ In+344UwfMJyZB49uvO15EV1dcHwUlOAIaDrFMN4SyMVWP+OllFEDMnexQ0+UyuP m0AGMdvokXQq+5tgaRjP7ThOVM0z3+hbPzRr4tQi2tjB/0k1/p9vC4aDJuuf1i8M iVDvtF4s38zlB1f6oCezulgb+wd53VGjL6vk8nzCxWe6RNtpsxzZGdRnA30tDGaB PvdMSbDEcx85U7DViAtXzVvJe+1IdSTBxu8rrUqR9Md1V1zLf8PPyblENwZlc/zJ 9ad+EuQnYwsiYUnE72pFYO1mR0b8aE7W8V1t96ijOr323oCN2aWI4HWiteEHcGt8 UlE9CT1OG+c5caf7s0L984wEigJxYzc9gTtjX1Y5kh2CAjmvjxPO3v+jRQkPqP9i /x/ax0IvXXeffEUtru1qFscXsgsNru53yRHoGGCo1vwNNwBLuNyD48yFukNFc8rx KK+fjJrCOeSuM21k97T86k9B6sA26IFz/eQJtPXrSC6lzyU75RBWmbPrjEsnqv7G sGUtz1RLLqELhorv+u2SChWsxHMd5rOsZ46bDGoIe+SW7A568blD5P/fv36HYPPX PjFRU7XLS7SUE08cxMUkLHJWMJ/fwIIyEtjoL26oW7r60ITaljg= =+Ajg -END PGP SIGNATURE-
[SECURITY] [DSA 5510-1] libvpx security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5510-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 29, 2023https://www.debian.org/security/faq - - Package: libvpx CVE ID : CVE-2023-5217 Debian Bug : 1053182 Clement Lecigne discovered a heap-based buffer overflow in libvpx, a multimedia library for the VP8 and VP9 video codecs, which may result in the execution of arbitrary code if a specially crafted VP8 media stream is processed. For the oldstable distribution (bullseye), this problem has been fixed in version 1.9.0-1+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 1.12.0-1+deb12u1. We recommend that you upgrade your libvpx packages. For the detailed security status of libvpx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libvpx Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmUXPQxfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RFDA/9GmZkMOfqEBNeItASvUeQAbPu9w7hh/Ah/Ox9gSFZMvD5QmGTs6Zp8lZY TmOKS2Ls1rgQnfM/c+dm6Le4H9e+EtGYvLI0P6KjIk3T+rA+55os3WoUE99KJsZr j0AZM0jsmaQVuV1MbJIJSGo6a49qRkSIF4eS7/rws8xImu73EgcPQiWep70kF8/i dqnYYqFEKJwT3Oxp2h4zYLM8Jqt8ji4caTHle20rcQ1tdOBCcqDWH87aNk1kqhWE Le281K7sDVYlpyIGSZRsvHbTusESlvp+92sRIQPRDdpMMkSgACBDcHpfCHiJDofD Dn+6Z4zA5XRxHOKlHvYvrg9lDSA1eu9V7oaR2YoBRfIcwd4HxB535FjJRNDGtt+0 thJnuv+zjiA2yK/GTBju52q+96qGcXhPrGOZiQeth4SdxVnK3FKc3lB6HbMgs4ZE RZNhs7AJ4I7pnyX6d8Zux3kPjejrdvBOFT8L+gNYzYn0tkcKHdpK2Xj0OMKboDLF xw26i8GgNb9RUht6Seb1dk2bnel2fJ+rqgxkltpVuTIFjQ942YtHm/a9xj6FLK3D 6CtX1masIZ53uo51k2qWAGJWUqovasIQQHBUeOHgFHw+lHNHNlSsiblu6xc9y4B4 2vpozR449Q3volOr7t7oWv/pmsqrd48ByYXj7NESzD/bm4uOo9E= =NrxQ -END PGP SIGNATURE-
[SECURITY] [DSA 5505-1] lldpd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5505-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 25, 2023https://www.debian.org/security/faq - - Package: lldpd CVE ID : CVE-2023-41910 Matteo Memelli reported an out-of-bounds read flaw when parsing CDP addresses in lldpd, an implementation of the IEEE 802.1ab (LLDP) protocol. A remote attacker can take advantage of this flaw to cause a denial of service via a specially crafted CDP PDU packet. For the oldstable distribution (bullseye), this problem has been fixed in version 1.0.11-1+deb11u2. For the stable distribution (bookworm), this problem has been fixed in version 1.0.16-1+deb12u1. We recommend that you upgrade your lldpd packages. For the detailed security status of lldpd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/lldpd Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKSBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmUR7DtfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Sdnw/3WH0qPypSyEnjG7l5EcQp6jvNLgiS5jElWJK6nlp1hDjDSWXMtCqaUn63 fnZND9xDGRIymeJP+xF7Id52nxLsnz3Xwc+eJzxjfGsXQG7Cserxdw3IlGkxfOg/ WFGObUQt5BsioT5CvZU4irwUzCU2dPbOFnRKgw2KJHQnHvENfDpF/Q5iXMKrnpjm 2RnTZ4QQDBxBy18AESKbOhwQf42RVKq32MZXrmxjJNB9oiLKn+rcMdSHwHIa065k 6iQnUBZM/kyKXdvy4nHhyAUcP1fRlEs2OMlKm1ZHAdLMZZUkpH+lfrWQxvldTnfA R87XMC56O28KsXOKOlNoAMKrQhBW40MwyXaTHrp5DmBaA8ttscSqUjlaCc/dkVvt ll9xAHZpuXwwrqN3eXKG18WnNu0JDdEoHjnF2a/J+KHC3ZM3YCz2e6zLF9sreqRJ VF+aIbTwC40IKrfru9Dk7UZyUzHDsTTC1y6M8QjUEe5ruLNdFr4pxKyAf3sfswU4 9rmqpFP20jBKbCXWzoHyp1cI+Dapfh9rWPYl+FZ177TRIQY2+3wJ1qCYST70cSxN VTQn7P45EHekJ31JCgGohGc9oWRlzr0K1j1cT7nx+kxkqzI9exCj2AKczft7ukNP j3sKllJqdn2j1dPmhYyIggCQiKq/Tj3shTPkdV8PgPzfzigh0w== =Hds+ -END PGP SIGNATURE-
[SECURITY] [DSA 5504-1] bind9 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5504-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 22, 2023https://www.debian.org/security/faq - - Package: bind9 CVE ID : CVE-2023-3341 CVE-2023-4236 Debian Bug : 1052416 1052417 Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2023-3341 A stack exhaustion flaw was discovered in the control channel code which may result in denial of service (named daemon crash). CVE-2023-4236 Robert Story discovered that a flaw in the networking code handling DNS-over-TLS queries could cause named to terminate unexpectedly due to an assertion failure, resulting in denial of service when under high DNS-over-TLS query load conditions. For the oldstable distribution (bullseye), these problems have been fixed in version 1:9.16.44-1~deb11u1. The oldstable distribution (bullseye) is only affected by CVE-2023-3341. For the stable distribution (bookworm), these problems have been fixed in version 1:9.18.19-1~deb12u1. We recommend that you upgrade your bind9 packages. For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmUN9DFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Si0hAAjg9Fdxt8ff9UUBfI5B5KhE2hba1+PlJAroM9NHZUzKNNHVb+/0atqxsI gJ/6NhFtp2DRWlzHbgFt/lcToOOnzXs7R9RQ3iL3QwXx1vsCq0MGLjR3tsk+hzSC vwP02KSo5CcVdyOuHVh7NB9wS+j9ePsBIsEQh+howtIxWZFGd2lE2AxCF0DYU/Gf rMjiwt3SWZ+giYJHIehdn8sqdozQhV/WirKYjdXyAWADPIwQoWacHpPU7Du8aT3d KeknO34OnaWUVRF7NTxCsYkagTrT40lPaLZuPSeh1dm4U6ODF0Lgv4HOc+rHIaqw 6a3rkvXtcXvHbzQ+CREWAMN7l50WjpPV1gUwGRj38huF7zI2JAWY8595e8d1J08S 1i911UzW1diMGLXeV/2Q/8K03LjWMegFJm+4DmUya/lvAW8syxclsIuvl3yHSnXX 8WSNEQLXjJKB4cX+aB2L/zyYHSbO9+rc19u0c/7/I+n2YuDHXTzsrdlEGDR9p51v UqLe7BAN5tUxv0Z+BV0cflFfA5pS1twuKZtjIZztJUSOOQIkmR7Pi8auiV8W+r4V pIHyzuq3BC4d5pzaN3H7xNLgqqLn8bk2i8kEp3ApoObtKP6Pozw6NjT3eW0AXaBi FYI+LWlEA3c+xONpYx6+G1O26dnNksQ0p1aSl2FSfKBF5rgwVVg= =Q0Oq -END PGP SIGNATURE-
[SECURITY] [DSA 5494-1] mutt security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5494-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 10, 2023https://www.debian.org/security/faq - - Package: mutt CVE ID : CVE-2023-4874 CVE-2023-4875 Debian Bug : 1051563 Several NULL pointer dereference flaws were discovered in Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, which may result in denial of service (application crash) when viewing a specially crafted email or when composing from a specially crafted draft message. For the oldstable distribution (bullseye), these problems have been fixed in version 2.0.5-4.1+deb11u3. For the stable distribution (bookworm), these problems have been fixed in version 2.2.9-1+deb12u1. We recommend that you upgrade your mutt packages. For the detailed security status of mutt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mutt Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmT+D8dfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SSRw/9FWka9wnMAzBxcNsxoGxyRD8fWiFitW/MuwDy/29mlPjW+jR1GZsl841e LX6dUHCJYveoo2yccLuj68pTeIVmv9gHh6pHazxCrnMlMq3/677wrT/mJKZZQZzh mAg27I3jUqgUyZPSkS8mXVIA9zLY0qg1Yt5OJx/TJgKdXjHf6xne7ZeCgNo+ESf9 Dtx5fkYSS3yIYPOBRMRJK9kB+4ppsmy5hpSWlsWFrbulKiFEO3nwjcBA6SG6pqJO NmHBp4t5Z1qgSoI5W0WgcL6BzK4Ewz/Jcnh18wCMearITnrpl4TXzeAcPK3jajzg jeUwcu2sPilkOdDq3qXdm58Y5pQDft3gjaDS2XsYuJxyLURrzU4eDAJYGiT4vl1R DPGIwon+0RY1fygtN5Nl6ybAhJ8AMp4JChzhI7RZl//5H+Im3juYymGRj2POG8jp 6uQwyIcC14bvDN9/ZBjJbMqkwhtZPJy/SkteipEVK7LW7J0Hw6jMpDJfbKrttTur BwxuNYdf/NVcLu4jvPNinuxKc4UsJ62HBS8R9i+Ffa96GlHjvuUK2neKuxdhA2m/ /nANosFHK9Wyxg6z9MvoSHsJZY3OjLa3nOfByzTGKKDV4rf8iPqgeg1mv0IWYv0i d3idQbkP65GcT1UgoNBreoO4R3JD07djIQqC1tAa5Rqmb0O7rgQ= =Jqb0 -END PGP SIGNATURE-
[SECURITY] [DSA 5492-1] linux security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5492-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 09, 2023https://www.debian.org/security/faq - - Package: linux CVE ID : CVE-2023-1206 CVE-2023-1989 CVE-2023-2430 CVE-2023-2898 CVE-2023-3611 CVE-2023-3772 CVE-2023-3773 CVE-2023-3776 CVE-2023-3777 CVE-2023-3863 CVE-2023-4004 CVE-2023-4015 CVE-2023-4128 CVE-2023-4132 CVE-2023-4147 CVE-2023-4155 CVE-2023-4194 CVE-2023-4206 CVE-2023-4207 CVE-2023-4208 CVE-2023-4273 CVE-2023-4569 CVE-2023-4622 CVE-2023-20588 CVE-2023-34319 CVE-2023-40283 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2023-1206 It was discovered that the networking stack permits attackers to force hash collisions in the IPv6 connection lookup table, which may result in denial of service (significant increase in the cost of lookups, increased CPU utilization). CVE-2023-1989 Zheng Wang reported a race condition in the btsdio Bluetooth adapter driver that can lead to a use-after-free. An attacker able to insert and remove SDIO devices can use this to cause a denial of service (crash or memory corruption) or possibly to run arbitrary code in the kernel. CVE-2023-2430 Xingyuan Mo discovered that the io_uring subsystem did not properly handle locking when the target ring is configured with IOPOLL, which may result in denial of service. CVE-2023-2898 It was discovered that missing sanitising in the f2fs file system may result in denial of service if a malformed file system is accessed. CVE-2023-3611 The TOTE Robot tool found a flaw in the Btrfs filesystem driver that can lead to a use-after-free. It's unclear whether an unprivileged user can exploit this. CVE-2023-3772 Lin Ma discovered a NULL pointer dereference flaw in the XFRM subsystem which may result in denial of service. CVE-2023-3773 Lin Ma discovered a flaw in the the XFRM subsystem, which may result in denial of service for a user with the CAP_NET_ADMIN capability in any user or network namespace. CVE-2023-3776, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208 It was discovered that a use-after-free in the cls_fw, cls_u32 and cls_route network classifiers may result in denial of service or potential local privilege escalation. CVE-2023-3777 Kevin Rich discovered a use-after-free in Netfilter when flushing table rules, which may result in local privilege escalation for a user with the CAP_NET_ADMIN capability in any user or network namespace. CVE-2023-3863 It was discovered that a use-after-free in the NFC implementation may result in denial of service, an information leak or potential local privilege escalation. CVE-2023-4004 It was discovered that a use-after-free in Netfilter's implementation of PIPAPO (PIle PAcket POlicies) may result in denial of service or potential local privilege escalation for a user with the CAP_NET_ADMIN capability in any user or network namespace. CVE-2023-4015 Kevin Rich discovered a use-after-free in Netfilter when handling bound chain deactivation in certain circumstances, may result in denial of service or potential local privilege escalation for a user with the CAP_NET_ADMIN capability in any user or network namespace. CVE-2023-4132 A use-after-free in the driver for Siano SMS1xxx based MDTV receivers may result in local denial of service. CVE-2023-4147 Kevin Rich discovered a use-after-free in Netfilter when adding a rule with NFTA_RULE_CHAIN_ID, which may result in local privilege escalation for a user with the CAP_NET_ADMIN capability in any user or network namespace. CVE-2023-4155 Andy Nguyen discovered a flaw in the KVM subsystem allowing a KVM guest using EV-ES or SEV-SNP to cause a denial of service. CVE-2023-4194 A type confusion in the implementation of TUN/TAP network devices may allow a local user to bypass network filters. CVE-2023-4273 Maxim Suhanov discovered a stack overflow in the exFAT driver, which may result in local denial of service via a malformed file system. CVE-2023-4569 lonial con discovered flaw in the Netfilter subsystem, which may allow a local attacher to cause a double-deactivations of catchall elements, which results in a memory leak. CVE-2023-4622 Bing-Jhong Billy Jheng discovered a use-after-free within the Unix domain sockets component, which may result in local
[SECURITY] [DSA 5489-1] file security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5489-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 04, 2023https://www.debian.org/security/faq - - Package: file CVE ID : CVE-2022-48554 A buffer overflow was found in file, a file type classification tool, which may result in denial of service if a specially crafted file is processed. For the oldstable distribution (bullseye), this problem has been fixed in version 1:5.39-3+deb11u1. We recommend that you upgrade your file packages. For the detailed security status of file please refer to its security tracker page at: https://security-tracker.debian.org/tracker/file Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmT2NDVfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TNFg/+PpsDJJwxstMnU847dp8aR25v62Bboy3FRLrr16gbJozitu/uzsD9pdj7 avI/WcpFaM2Y9in9odYhSccvgWcloq5o/MSm7IMplAm18O3D+m5pFdZw5GSIQKch 3ZRl5F/37P6Kd2UQPXJoMhAUpNdL3LAjRjhfWji3LiWhNky+bOXLF3/TtPjhZutc ffVoQ8Jvjd0U169i4s0i8lomMFs5AErReatFWbpRtWsGN1FYOUXpNa17n+sUwNan eWkthap+bkCINhFTzFCsiEd+QniY1Pyj8/V5EkWMYJzPPWLe0s93t2ORAGlMRmDz zCVEhtHWqOUz592DH9TqjJ8YeQtNd1o2KvTwYGWv63PN8ksoirFHYPqNj/hh6L4U uPc23tmNGtN7ErZnP45Z1SmSzAXVmm+YJjIjxO2qt2rg/DzdXXR8q/hR9FzYvlMQ v058HQ67Vl1ua5d+66T8L7YgmJMoj6qDCJwmpRetfRPqOwucptPDlvRIYn23xSDQ BkYFIbIPzoyvll+HYfhbkuvwa8hisK9PJfS5wEfU3Isp4CpKXhMkwNPgZyYFLqHt 45Vbu1ROAy10Wwu18Lk+Vl9quUz5J0h3Go7Xuvk3xRx6NJPxRKiBGrqYhWcVw+bH gSn5oQCy0aNh4vzJy3bD8ZbQmXxiX/ytzN2TokgXBiIW6b3zGkM= =kuBK -END PGP SIGNATURE-
[SECURITY] [DSA 5484-1] librsvg security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5484-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 27, 2023 https://www.debian.org/security/faq - - Package: librsvg CVE ID : CVE-2023-38633 Debian Bug : 1041810 Zac Sims discovered a directory traversal in the URL decoder of librsvg, a SAX-based renderer library for SVG files, which could result in read of arbitrary files when processing a specially crafted SVG file with an include element. For the oldstable distribution (bullseye), this problem has been fixed in version 2.50.3+dfsg-1+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 2.54.7+dfsg-1~deb12u1. We recommend that you upgrade your librsvg packages. For the detailed security status of librsvg please refer to its security tracker page at: https://security-tracker.debian.org/tracker/librsvg Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTrXKhfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TYkg//Q+FWCbAqpcLPI+InN0nga0wROM6JVxX3CVPTg6/4U0XKjPRmx4wlX6Rv RPk1n4M8I7pjdtXT1PfdVsXpwT1+mFewUkOb4aLkuX5+0NOJbxAS6L6Oo1jNs4r0 PJYPcda7edePoIScJ2vH14/yhJs+7ROV3hI0to5CpxT5KejGLTbkhWSs79YMvHxZ BPLcSE/NDOCkDzlJ1aVBndmvgqQGujN7hvjynIi8IGEXrPAofqHO1pfVGtBWtK5o ajXwxdAU2t0+wy4Lc0U2NPDF6r9QIeZidamJ0yfgPbuiU4WCx1lbkCAMG4Bf6m5S 4JqbQmgc+rZCBHy3zaKlipFOEyPe2tfrcvH8zljRXSiKL5P0zMwVeYIRsQj3lUvP ge+xV8Gqod99uv4fgN19OWvcP5HOiXxQnkRtReYiQgKut8W0HAXydCsrctAB2Xvp rYIbsnR1lU8dBAaLqnC/nwrsLVLUv7y1oKDDNjXmNT/aF/ISVF70WVywQK/LbhXI yECoGe+TeoxGjCjT+N/PibL3pMIZ/c8ZLMyH+2+Ad/oD614hPVbe7CUmRCX7Vz2a x8v47b4JY2skki9XdASkKsyvBq9Xus6ZY04D0tTj87wF0Vr4iBAbnFWSJnw2tFVL wn7/ncNkpU/MONR8CAPvhgBc8n/nfF9Fbg6ubEeAHdzlp8EOom8= =uwUe -END PGP SIGNATURE-
[SECURITY] [DSA 5480-1] linux security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5480-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 18, 2023 https://www.debian.org/security/faq - - Package: linux CVE ID : CVE-2022-4269 CVE-2022-39189 CVE-2023-1206 CVE-2023-1380 CVE-2023-2002 CVE-2023-2007 CVE-2023-2124 CVE-2023-2269 CVE-2023-2898 CVE-2023-3090 CVE-2023-3111 CVE-2023-3212 CVE-2023-3268 CVE-2023-3338 CVE-2023-3389 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-3863 CVE-2023-4004 CVE-2023-4128 CVE-2023-4132 CVE-2023-4147 CVE-2023-4194 CVE-2023-4273 CVE-2023-20588 CVE-2023-21255 CVE-2023-21400 CVE-2023-31084 CVE-2023-34319 CVE-2023-35788 CVE-2023-40283 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2022-4269 William Zhao discovered that a flaw in the Traffic Control (TC) subsystem when using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred"), may allow a local unprivileged user to cause a denial of service (triggering a CPU soft lockup). CVE-2022-39189 Jann Horn discovered that TLB flush operations are mishandled in the KVM subsystem in certain KVM_VCPU_PREEMPTED situations, which may allow an unprivileged guest user to compromise the guest kernel. CVE-2023-1206 It was discovered that the networking stack permits attackers to force hash collisions in the IPv6 connection lookup table, which may result in denial of service (significant increase in the cost of lookups, increased CPU utilization). CVE-2023-1380 Jisoo Jang reported a heap out-of-bounds read in the brcmfmac Wi-Fi driver. On systems using this driver, a local user could exploit this to read sensitive information or to cause a denial of service. CVE-2023-2002 Ruiahn Li reported an incorrect permissions check in the Bluetooth subsystem. A local user could exploit this to reconfigure local Bluetooth interfaces, resulting in information leaks, spoofing, or denial of service (loss of connection). CVE-2023-2007 Lucas Leong and Reno Robert discovered a time-of-check-to-time-of- use flaw in the dpt_i2o SCSI controller driver. A local user with access to a SCSI device using this driver could exploit this for privilege escalation. This flaw has been mitigated by removing support for the I2OUSRCMD operation. CVE-2023-2124 Kyle Zeng, Akshay Ajayan and Fish Wang discovered that missing metadata validation may result in denial of service or potential privilege escalation if a corrupted XFS disk image is mounted. CVE-2023-2269 Zheng Zhang reported that improper handling of locking in the device mapper implementation may result in denial of service. CVE-2023-2898 It was discovered that missing sanitising in the f2fs file system may result in denial of service if a malformed file system is accessed. CVE-2023-3090 It was discovered that missing initialization in ipvlan networking may lead to an out-of-bounds write vulnerability, resulting in denial of service or potentially the execution of arbitrary code. CVE-2023-3111 The TOTE Robot tool found a flaw in the Btrfs filesystem driver that can lead to a use-after-free. It's unclear whether an unprivileged user can exploit this. CVE-2023-3212 Yang Lan that missing validation in the GFS2 filesystem could result in denial of service via a NULL pointer dereference when mounting a malformed GFS2 filesystem. CVE-2023-3268 It was discovered that an out-of-bounds memory access in relayfs could result in denial of service or an information leak. CVE-2023-3338 Davide Ornaghi discovered a flaw in the DECnet protocol implementation which could lead to a null pointer dereference or use-after-free. A local user can exploit this to cause a denial of service (crash or memory corruption) and probably for privilege escalation. This flaw has been mitigated by removing the DECnet protocol implementation. CVE-2023-3389 Querijn Voet discovered a use-after-free in the io_uring subsystem, which may result in denial of service or privilege escalation. CVE-2023-3611 It was discovered that an out-of-bounds write in the traffic control subsystem for the Quick Fair Queueing scheduler (QFQ) may result in denial of service or privilege escalation. CVE-2023-3609 / CVE-2023-3776 / CVE-2023-4128 It was discovered that a use-after-free in the cls_fw, cls_u32,
[SECURITY] [DSA 5475-1] linux security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5475-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 11, 2023 https://www.debian.org/security/faq - - Package: linux CVE ID : CVE-2022-40982 CVE-2023-20569 CVE-2022-40982 Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware vulnerability for Intel CPUs which allows unprivileged speculative access to data which was previously stored in vector registers. This mitigation requires updated CPU microcode provided in the intel-microcode package. For details please refer to <https://downfall.page/> and <https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html>. CVE-2023-20569 Daniel Trujillo, Johannes Wikner and Kaveh Razavi discovered INCEPTION, also known as Speculative Return Stack Overflow (SRSO), a transient execution attack that leaks arbitrary data on all AMD Zen CPUs. An attacker can mis-train the CPU BTB to predict non- architectural CALL instructions in kernel space and use this to control the speculative target of a subsequent kernel RET, potentially leading to information disclosure via a speculative side-channel. For details please refer to <https://comsec.ethz.ch/research/microarch/inception/> and <https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-7005>. For the oldstable distribution (bullseye), these problems have been fixed in version 5.10.179-5. For the stable distribution (bookworm), these problems have been fixed in version 6.1.38-4. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTV0BlfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SeJw/+Lsm9OPYOCSLnox1Rcdor5uAckTjewBhT7+iGaaThpOu3p7tnJcfqYDIw Ywv1amkgeJTz8j9AW5N/PIXDJsSST1W9/lh5PhGJJqcj9Dd0UTtcHjQwY+KeKa66 rhe/5uqMD2NQhVFTbacaYU87kEeqbuQpb/Z1Q1jmqFkFzrfgAfQy114OM8aS+LRJ V9VKy+TVB+DZ3rRQxr8EEg/dtWbFW0iTHxjDWDSK2AjYSUI7dwLw9Ynbh3xXyHaO EI+BEKK3ugt9IC4Dn29az49tkrxxCCR6VxzsXiezCTrtoO7APVaLOfW4SJFPPWHl ZREQegR7DgKWNVzZtavUpZyrPXidGhBJ7SyQjojd5BlZHnc1X7kNJIYC7Hrlt8JY R8zmdluOucZpqvRNfr4vuFWmR5nucGvBeDmW/3UBUvzWWkqmfiwROPUd7KwbLt47 CWRbqFdFgxQ2trPTKU17V9H5BPKnbU/gj1Cbzcth/Z3+aeKFu+PCUYDfwwPZigjg LXALs7CSdyrStevXpO13IIWqVRg4afUy4VjBLqV7iF+ff3CSlKW3ImuzgVnV/kT3 IfDbqWD5QF2S5jag94/nu/e+m5CKKUZNxu4Xvc598fpohaZKvttZH2U7y9FQqT3u x/YwSsBfN3jLgqiwDyY+q10eITjGyhzmjFklrS50/btTTPk8l2s= =hjVd -END PGP SIGNATURE-
[SECURITY] [DSA 5474-1] intel-microcode security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5474-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 11, 2023 https://www.debian.org/security/faq - - Package: intel-microcode CVE ID : CVE-2022-40982 CVE-2022-41804 CVE-2023-23908 Debian Bug : 1043305 This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for security vulnerabilities. CVE-2022-40982 Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware vulnerability which allows unprivileged speculative access to data which was previously stored in vector registers. For details please refer to <https://downfall.page/> and <https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html>. CVE-2022-41804 Unauthorized error injection in Intel SGX or Intel TDX for some Intel Xeon Processors which may allow a local user to potentially escalate privileges. CVE-2023-23908 Improper access control in some 3rd Generation Intel Xeon Scalable processors may result in an information leak. For the oldstable distribution (bullseye), these problems have been fixed in version 3.20230808.1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 3.20230808.1~deb12u1. We recommend that you upgrade your intel-microcode packages. For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTV0BxfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RzLg//VXN+boskHdyaumxfcvnUf6pTh6ebU05fxKID1YmhXN155xmXDrVqkvvs 5+qbGrNJUc89Ix2sLp/GlxC3sve4pnFe8jix/GrEN1bvc+bvDC565E6Ragcey1b+ nB0viJZmhraXfB7VMjhlXG7Q2xxkXAYaJ5F3pvv2AWZt8/9P7We9KdQzxRpPXZSj 0e5yVzRjo1elv2Mm6yDFNFXGc+dIxoBROSo7/6hIkPGtQyKMYdSYYmWJFQdf+szU 4Z0lsFOGA6d1cri+I4RlxfsY3zIjZWANiKg7lR7dUzSO4q6j857zDHle2vpw5sTX kzXKID0am4dItKPH/gcX9lv5J8ozD2LMeebnUTmvOvBdAiVS1an5a2MI9TBo8VzL zdTqzwmQQHIjVY3mqVGnFupc5uxx2HStkMKHYXGyXOAapg2AecUDZrbD6rcg5kxY /CpSss3KHEpu8WosOCkYWhAbXOA7s6Wv6pZZ/qBtrjma2QwYK9dACL6Y2hRDIlEj e9X6fqc6Vqw0zosuenbnxypFJF27428Ev0ZOYKc9EdyxIVixAo2x5OnwOLyzpqaM f0X2DSyjCAc3zS+zxMpbRMtM8kCmz5V68RYWCzKBAZNsOmi2kWK7pkuaP1j9BEYB H/bo69fugJOSJppKi8GLwAnxLd7NqEXl6SBFP8CDfZJ9Rq8P1P4= =FLgQ -END PGP SIGNATURE-
[SECURITY] [DSA 5470-1] python-werkzeug security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5470-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 06, 2023 https://www.debian.org/security/faq - - Package: python-werkzeug CVE ID : CVE-2023-23934 CVE-2023-25577 Debian Bug : 1031370 Several vulnerabilities were discovered in python-werkzeug, a collection of utilities for WSGI applications. CVE-2023-23934 It was discovered that Werkzeug did not properly handle the parsing of nameless cookies which may allow shadowing of other cookies. CVE-2023-25577 It was discovered that Werkzeug could parse unlimited number of parts, including file parts, which may result in denial of service. For the oldstable distribution (bullseye), these problems have been fixed in version 1.0.1+dfsg1-2+deb11u1. We recommend that you upgrade your python-werkzeug packages. For the detailed security status of python-werkzeug please refer to its security tracker page at: https://security-tracker.debian.org/tracker/python-werkzeug Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTPlDVfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Tf+Q//aeMto4dd1KPg5CyID1LMkB7MtvB6WqtKg2PbOsFqt0rtCXE/uFwYMUAA PRahKOcmSJEgKqtUcGakBXRxsSqZEYLohM/Jdr8WmWWpZcUuVBazSQZ6w28AspLE P0CaOyWZM7hD1ZFAjmpZ5yR0+Bs3p1WiaIl116noiQe4OVBfW1idBVDF0L+zO40r nmcPWUzwi2HcjkFK5l3a9avDuu8CsRNylcUukDc/uz99GPJSBycydff5Hh/K6k4K NQqI9FwPIRNdBxK84r+EYrmhWhVhPi6WcZ1Om8Wl/OQbuT/+pchytQpREbP2v0Dg QEVglP1J171NU5cKBuiE+zUMM1eEh0e6S7VTVt8Nc1t9x/0F+9akhUIAnyfLO9no KNDDr2Y5UNvUVGJ7+b2NlXTTkcqm3bCLciqmyCMavuDV2O48TD1n2yVAHjUzt/Yw ARqBizYMLTWqRLnNWG1dmyZp0VuZy80/PcaHCOh7Q1+78QHrlkr8KYptwhA8jj3c qhxbOORWkmphHwwtVIa2UNDQ3oRGYM9cgDYjcZqHFxZ5OueM/lDlDTFt7YGzGOMe K0bG0vmKT8KV4EUQkCfp/eU8ei+nOUjmAIP0sqyvh6bOp+CY88hwvC6PZ8OMg+Ue oOg3RJQqRfpFcQ4MLJe0hXbmbLQKyjD1jn7w7v5nRsj/5tF9FxQ= =oxjB -END PGP SIGNATURE-
[SECURITY] [DSA 5466-1] ntpsec security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5466-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 04, 2023 https://www.debian.org/security/faq - - Package: ntpsec CVE ID : CVE-2023-4012 Debian Bug : 1038422 It was discovered that ntpd in ntpsec, a secure, hardened, and improved implementation derived from the original NTP project, could crash if NTS is disabled and an NTS-enabled client request (mode 3) is received. For the stable distribution (bookworm), this problem has been fixed in version 1.2.2+dfsg1-1+deb12u1. We recommend that you upgrade your ntpsec packages. For the detailed security status of ntpsec please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ntpsec Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTMiPdfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QCoRAAiCGW5caem2KkAZjuk/GUZ6Gd1/FIiyU5rYJQ403XJs3rfB4plt1FiEjM dNy3TpoUXmngXKhuJTmEEtRvCjkP1mw6CytsWqhPAJSPuHznLYsdbm9wUBA3vVec 2efb31KXaye3L764GgardYuKSei2i+FtToejls72qFjAxXSPreYaSbTXHUMpTqI3 1vMpG8fDhijJP3Ax1JSsGOwHxnudg9/WPGrkVnRlJ0VTWxDJchVGGOvUaXyy13qu ZYI3YK8cBWQVTu7SSVNiEpZ1LxoBTw84mNoDoVCpoW72oNiZGYoA4Ff45JoSQz0m j73Vqd6j2+E8xZdwri/f483XTd+KVbimomSZZ5ks8eE9+X35LZxA7vfdEuhrD0Qh VuDO3z7TTqRMhW5aAWjNs27uH6tynxNvw4ShEi0iegLkZH930Q7dHe6CptJvQcem lzdE0teNRlg7+/W+h64QyY7wrqBou+Hkv+lP+gABUfzjS10YwY5ZrzwBdPTvFS7/ /esIhIf72Mg1FTNJvC2s6TirOnxu90b6JjabAcObBkXDmL/KlEid7Rl67sTvaLV/ V+9c6Jy9NXlvyoXvBJJ7cOTkKYok1LowIwvtzEiwFBiZCeA+B4g8rgePL7ZiPOAz Uuq7kwDMj5hU+jYfVs2iAcavWpXBIOgryKibn2wNkQW+NxjSMA4= =L3OU -END PGP SIGNATURE-
[SECURITY] [DSA 5462-1] linux security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5462-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 30, 2023 https://www.debian.org/security/faq - - Package: linux CVE ID : CVE-2023-20593 Tavis Ormandy discovered that under specific microarchitectural circumstances, a vector register in AMD "Zen 2" CPUs may not be written to 0 correctly. This flaw allows an attacker to leak sensitive information across concurrent processes, hyper threads and virtualized guests. For details please refer to <https://lock.cmpxchg8b.com/zenbleed.html> and <https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8>. This issue can also be mitigated by a microcode update through the amd64-microcode package or a system firmware (BIOS/UEFI) update. However, the initial microcode release by AMD only provides updates for second generation EPYC CPUs. Various Ryzen CPUs are also affected, but no updates are available yet. For the stable distribution (bookworm), this problem has been fixed in version 6.1.38-2. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTGCyRfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Tjjw//SsbN4RnQHqV1G0XVWxApVK1DYoKw6+tHxkkf301jV2abDMcIO1keVNol gc2yENQyzeoGd++eBqO0MD9GnvrbutT6n7wChuyvB7bzFDQQA6hJHLcFLkKYA3D1 6yFgczWL0Tx7wcrpKU9gVMWAe928VE4hJGVd6nFF02YS0GF8voY/ymiCqbuQA05f LOmeHNIWyzulBG0qNwQE6HT6s6LkLMCZAawpe3D85cE6exFWRDKJhxKY8GcZvJDV 8G80Ik1xYAQ6Q5HqwxUr2Rp0sN7a8SghF817Sn/Bx6ahvej61ZTgDn7QhKLkGwu2 /DOnMcKwKd9WB7gS9T4YLd6rNOPCL4J5P06ia4/JbocExIu19pEEfQvb7gf5PVl3 994DykFy9ByKiXYh91U9QNyKaBZSjMFeN9Mg8FbbuwZGLLNACkhZc72JK4yKsxTq 5cucuVBzwbwvvrK63h3YVDyOv8vRiI/jquxOMehsrSGOuaHpd2VduQdnS0ayKjqX STOKNRMA+GGjIoNdLyfe9HDlm3ztwsjrxoO0eXqWjUc7EA6KOfsF7NLFju2YXEt9 80Yr6kCS5/IukkhZBAP4GwV4mLKG1yZ7vzwb15pAihvtw7UFrrzifkcL0yPf7Cx8 wVtTUdl+5Y4Dfy+i9/LT0sY4fVEKfZZoXnDV733vxTTKKNQSpFk= =ceVi -END PGP SIGNATURE-
[SECURITY] [DSA 5461-1] linux security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5461-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 30, 2023 https://www.debian.org/security/faq - - Package: linux CVE ID : CVE-2023-3390 CVE-2023-3610 CVE-2023-20593 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2023-3390 A use-after-free flaw in the netfilter subsystem caused by incorrect error path handling may result in denial of service or privilege escalation. CVE-2023-3610 A use-after-free flaw in the netfilter subsystem caused by incorrect refcount handling on the table and chain destroy path may result in denial of service or privilege escalation. CVE-2023-20593 Tavis Ormandy discovered that under specific microarchitectural circumstances, a vector register in AMD "Zen 2" CPUs may not be written to 0 correctly. This flaw allows an attacker to leak sensitive information across concurrent processes, hyper threads and virtualized guests. For details please refer to <https://lock.cmpxchg8b.com/zenbleed.html> and <https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8>. This issue can also be mitigated by a microcode update through the amd64-microcode package or a system firmware (BIOS/UEFI) update. However, the initial microcode release by AMD only provides updates for second generation EPYC CPUs. Various Ryzen CPUs are also affected, but no updates are available yet. For the oldstable distribution (bullseye), these problems have been fixed in version 5.10.179-3. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTGCxhfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q2Lw//W7eGT2uTxzgwGK1ivLNtzu4VnZfX3luCzLc2Gy49YhSTPfepMsR+EZWU zMfxMwXp7HcgUUAj6VnKPSYt0lmauDVy9POUl20nOzM8hFScemhFJ+DVSeeJrfhR RPUroaJNLpJS1QjYJisi2tjKnoc8IhCkw/X88I4S4dAzekmRTLeEdeAIP0jyRYDi Pd+nW8vR2bcMG4jAaA/lBu17FgysEpHMleMzr9Ocw7k6eqlcIo12w36Ml51MmXZW Lxr7XKrAM6p9TuL+BY0i4FvW0f7hvbpMdhIaAzUf+7LQj9Tn5rGNaHB+NhLO6HB1 spOXfZLVCM10LDCDIUR3lz0hUNI/10bKtoarbvoygevVzuvGWLTmI5P/uei9Bv1m jqd+FOtkZuYsuQzvzIrVISGL2ltpD3055mBaOJWIBrDl+mrR88m+LAMA5iJiCuvh M6rfJgraQFHeMFJi1ojDgNyyRaasxOKXRcWAYOvgZ1XKLfJ10OkieYq5CO1c7iKW 4NkwBklDP8wEHoZHMEY3KnLnGcNO93wBBGcQVIBlMXu0IKlf/BT0Rcj0ynz5g5N1 MgvGAJio+yTr4QWRz/GQRtF3Lf5r4Ezib/Y2Qv9PUbVWzmmiUyQsATjcp9d+sLSB hJhR9+9d4DefRAPGFOSCA6d01qL8HygsvKyyGB4C1DdbSlT3APc= =3UcB -END PGP SIGNATURE-
[SECURITY] [DSA 5459-1] amd64-microcode security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5459-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 25, 2023 https://www.debian.org/security/faq - - Package: amd64-microcode CVE ID : CVE-2023-20593 Debian Bug : 1041863 Tavis Ormandy discovered that under specific microarchitectural circumstances, a vector register in "Zen 2" CPUs may not be written to 0 correctly. This flaw allows an attacker to leak register contents across concurrent processes, hyper threads and virtualized guests. For details please refer to https://lock.cmpxchg8b.com/zenbleed.html https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8 The initial microcode release by AMD only provides updates for second generation EPYC CPUs: Various Ryzen CPUs are also affected, but no updates are available yet. Fixes will be provided in a later update once they are released. For more specific details and target dates please refer to the AMD advisory at https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html For the oldstable distribution (bullseye), this problem has been fixed in version 3.20230719.1~deb11u1. Additionally the update contains a fix for CVE-2019-9836. For the stable distribution (bookworm), this problem has been fixed in version 3.20230719.1~deb12u1. We recommend that you upgrade your amd64-microcode packages. For the detailed security status of amd64-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/amd64-microcode Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTAOR1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Rncg/9Hl5y0YP0GpLU0RtfWXOKZw/TLqJ2Ia5Xn29IYZ+SQfBgS1nqpX+J9xQP y4x8DvjRacj30IhC2wkaczkNm8FvbIiqedraVrUj9ZMmVWoQohIZWrsnwuWbZRlz Dium6J+tFXG3azP/1rAc1bZAd0kUnc8r6jmOpluh5KpQf1+KqRUWQuVopG1N9SZC FC7nAMhLE9E2/dITj2i4InP0CG/+uqlJO5S9rGfKaPHpTK2vjDzJr3yWGQ4yS/so mc+l9nkHb2+UEEHDQ9HMN7A5AuYPk1vU49YOQ+FsgdFamhpchTrf/JbljCtg0WpZ JFok1N1MizHxXQ0S5UdFYaFV//4yW7gPhnlq5hAr4G2czAaOEOZWfzNN+dRJGtvq DNQd/B08ZqlTxEqNWZS5I3YOgITUm0pUYXPqneZsdOlMJD4/qkXn9WT6a9zo3yMU sumxBGgaXMTV68K7qzFQTVYBMJt2vO3e8JThMClU/MRUe1lfwyCMVawsmtxrHtr0 zF/7NUZteXND9vD1fmY6b0V9Owerms9PitPmlahi3++PX3RvXcrZxC7HXFKGmEva nYapN0Kl4TvkWhpGoZHANsjHdyle4q/DrhgEv331IA+btTVSbiesKBZhTIfdmM2G IsaZXtP2GL6igyrPBV09Sm6YheVMc3FiENs7tTpBqyQIoARTZUQ= =WvUu -END PGP SIGNATURE-
[SECURITY] [DSA 5453-1] linux security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5453-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 16, 2023 https://www.debian.org/security/faq - - Package: linux CVE ID : CVE-2023-2156 CVE-2023-31248 CVE-2023-35001 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2023-2156 It was discovered that a flaw in the handling of the RPL protocol may allow an unauthenticated remote attacker to cause a denial of service if RPL is enabled (not by default in Debian). CVE-2023-31248 Mingi Cho discovered a use-after-free flaw in the Netfilter nf_tables implementation when using nft_chain_lookup_byid, which may result in local privilege escalation for a user with the CAP_NET_ADMIN capability in any user or network namespace. CVE-2023-35001 Tanguy DUBROCA discovered an out-of-bounds reads and write flaw in the Netfilter nf_tables implementation when processing an nft_byteorder expression, which may result in local privilege escalation for a user with the CAP_NET_ADMIN capability in any user or network namespace. For the oldstable distribution (bullseye), these problems have been fixed in version 5.10.179-2. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmS0YGlfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TwvQ/9HMnIxwHN5bFR2s54gMpngZZyGpDjfYHAb4oZ/fPX87FNClaHhfPe5JKo 0kgATsO0BNcLA1EtZYj4kaQ9jkphsvrEWMIn97U/LKhRVzjy+KzdAhKmkHm4DJwB uMfn50aITomV5n4LwA1HogWbeiLziUIwtiDGEps7Vj+fRXak49vSO3zTGp3bFNkg aJAnMszfpp0a/auQhfKmegWGyplCE0b7d30PqMVAhjx0EJwJdTeZXTt9dxLtFgTY OUhD9F2d4gRn+lNIMYnh34Jxn1Oep+PooqZ2hWYqiTCGyoaUDnc5pHb6EypbuFz/ fHtFogum2MmiHT+AihQ/gWTsnReu4zkMYXP6D7B9KzTMpYzvfaHiWenUZPdalPIs INkmRGa2BsrRqM2l6orAddTH68cKMmauJTAkh0vMbfCRn6YBZxXCAXJc4Cqfnrrk 2G7y0AZAEJUdGlakv6+RxXOCH0RvTqW4wz2ZN1CzZvVlTnhTENRJWcWtsWoDTotw VUWIPIZTur9n4cSNRW7OUUL0MxIRl9UVOrCpFVzZkKtPxuQIpyeIBbWOsV+9nQ/+ BVIkEv5M/rPfBHWRmTMub9fqaRTVAqqfsYOSIrAkC7gilpv2wUM81Wiv+22R9ViP xDPIEh5cGgOS4pbHAMQU5JDyZhFiahj2D5kw9P/CmXNcYD/OZ24= =H+7m -END PGP SIGNATURE-
[SECURITY] [DSA 5448-1] linux security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5448-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 05, 2023 https://www.debian.org/security/faq - - Package: linux CVE ID : CVE-2023-2124 CVE-2023-2156 CVE-2023-2269 CVE-2023-3090 CVE-2023-3212 CVE-2023-3268 CVE-2023-3269 CVE-2023-3390 CVE-2023-31084 CVE-2023-32250 CVE-2023-32254 CVE-2023-35788 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2023-2124 Kyle Zeng, Akshay Ajayan and Fish Wang discovered that missing metadata validation may result in denial of service or potential privilege escalation if a corrupted XFS disk image is mounted. CVE-2023-2156 It was discovered that the IPv6 RPL protocol implementation in the Linux kernel did not properly handled user-supplied data, resulting in a triggerable assertion. An unauthenticated remote attacker can take advantage of this flaw for denial of service. CVE-2023-2269 Zheng Zhang reported that improper handling of locking in the device mapper implementation may result in denial of service. CVE-2023-3090 It was discovered that missing initialization in ipvlan networking may lead to an out-of-bounds write vulnerability, resulting in denial of service or potentially the execution of arbitrary code. CVE-2023-3212 Yang Lan that missing validation in the GFS2 filesystem could result in denial of service via a NULL pointer dereference when mounting a malformed GFS2 filesystem. CVE-2023-3268 It was discovered that an out-of-bounds memory access in relayfs could result in denial of service or an information leak. CVE-2023-3269 Ruihan Li discovered that incorrect lock handling for accessing and updating virtual memory areas (VMAs) may result in privilege escalation. CVE-2023-3390 A use-after-free flaw in the netfilter subsystem caused by incorrect error path handling may result in denial of service or privilege escalation. CVE-2023-31084 It was discovered that the DVB Core driver does not properly handle locking of certain events, allowing a local user to cause a denial of service. CVE-2023-32250 / CVE-2023-32254 Quentin Minster discovered two race conditions in KSMBD, a kernel server which implements the SMB3 protocol, which could result in denial of service or potentially the execution of arbitrary code. CVE-2023-35788 Hangyu Hua discovered an out-of-bounds write vulnerability in the Flower classifier which may result in denial of service or the execution of arbitrary code. For the stable distribution (bookworm), these problems have been fixed in version 6.1.37-1. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmSlxzBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TqhA//aamUmnSElduaBWsCIn+Bbz1QeZgUqeAtdLVyAR8DHhWOW5CQtaIYAGCN bH8zYl4DULQNoWccNJKAB6mmh+eLK74L4W9Kkd4C3HL2g2CACDijoO79BlOE35VW 33/S+bhg5gzC1qyv5A6HKt9QltyIA6cI9B+WPPG+uA79T/+12mWI7XbGUYiOaNeR WgOFK8iOhg7KemZqUFsbsG4qRGN0fzGHsU8KOLmF83hP6ObbPZKvVIdRHm0z7ff1 Xba6El+i75LRx0Fqv6tQ3pZE43blXJZIlesUw1M44U493FINmUNTpPAkbJPlHbOb zBC61YcNiPhzyDu2bux+fyoNIfZxh4u9THm8SqWz5mejIFcjGgA9tNsQE3o9c1q/ bZ/QyWoYYOCNBUeLTfOOHuTLlxK7HslTIp4A7J2uLrUiTrmPXldXmIl0FsFc4l+8 qkBaZ+p58XbB7K02VIkr39gFx90GbF+Na0AaUoPGPyQBLz0X87uY6FyOCBY/SbyU 3ARTQT4O55jX+zgK7cUasrS/jVIDEczMIWkf0yHbL4a6ihiNc2Isc1s0gjTF26ji AAE3BdIXi/V+CU4pHX8uq9BVwrDT0rm5BLgLJEo7n/oAWg6Tiq77TGOovQ1mgqF1 TTCY/41xmwkD9UflCu5gdq7jyIqDKPBxjemTZuMhoztQXL9D9tI= =MBf4 -END PGP SIGNATURE-
[SECURITY] [DSA 5446-1] ghostscript security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5446-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 03, 2023 https://www.debian.org/security/faq - - Package: ghostscript CVE ID : CVE-2023-36664 It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly handle permission validation for pipe devices, which could result in the execution of arbitrary commands if malformed document files are processed. For the oldstable distribution (bullseye), this problem has been fixed in version 9.53.3~dfsg-7+deb11u5. For the stable distribution (bookworm), this problem has been fixed in version 10.0.0~dfsg-11+deb12u1. We recommend that you upgrade your ghostscript packages. For the detailed security status of ghostscript please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ghostscript Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmSjKvpfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0T5lBAAivkfCmcEfUUjFaT3xhCMNFX5bCHJalKiZ0YpLfLOq6zhveOUoemlI6Va lXRmV3kOz7ZdgghXkQ+TxrdcK0GmKy/Mb5Osi4oWU9KcID8Qa/Gu0aEGuz0YCCik yGcaUMlkaZZRtnse5lPOf27avgBDZEkw5vwSXlCEdgleOY/fpX13sKdOrUB5H4Ma 79T5RqcLIxMQn/L2YChfjz+3iuY5rfgY50d00g+1r+xomALzQBqYpMFB2iM52gwo BTOQ9nVr2+fuQdfE71ZVHjqOn+xVhJhhKp7fG/uzPz021L1Jec0xvjxh3WGEPfc8 kF6sShnoze06l9LfyyVsH629+G0zxcvaK2chku5iJU1zzUh5NQiCMbo6Tdp1c8Ox IuuPwdVIRJbMqCDPvz+UJ/KxbnAhN77f/3eb98wTdPWHdW6t5LPdngDxXimHg6RX i2eANVjFOp6XZZ6iju9TvsxPq/MMiBlbD5KPnUK8n6sl8O1b7lHZgy7KU2qFIqWc s482gsrf9ZIMMR4PgNJjp3YQDXjkME/AgUwWKpEx91MKSyc1ygfZYJr7WRnwg81d gTX7hx/GW9fcwprTcGn2H3FmJsnuIYz9wsgLp5x6/WWB1tF7ZGzhYHNgK0QphejD DGTDUTqRcYsiVTkfutBJw2OzDVoIQyrUn78y9Ux1aueF1NM1fMQ= =bsYs -END PGP SIGNATURE-
[SECURITY] [DSA 5439-1] bind9 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5439-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 25, 2023 https://www.debian.org/security/faq - - Package: bind9 CVE ID : CVE-2023-2828 CVE-2023-2911 Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2023-2828 Shoham Danino, Anat Bremler-Barr, Yehuda Afek and Yuval Shavitt discovered that a flaw in the cache-cleaning algorithm used in named can cause that named's configured cache size limit can be significantly exceeded, potentially resulting in denial of service. CVE-2023-2911 It was discovered that a flaw in the handling of recursive-clients quota may result in denial of service (named daemon crash). For the oldstable distribution (bullseye), these problems have been fixed in version 1:9.16.42-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 1:9.18.16-1~deb12u1. We recommend that you upgrade your bind9 packages. For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmSYn4BfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SIow/+NMkHaZ0gfBNWdISK9yp+eF/TkmoVQqhjUyw7fUGtfyYydgyRmtJhvVoH 3Qp9/Vw05wJjHPqjsxynLfRcdxKAnRYOFBeMaSa018dXHzxYnyyeeOZPlNdQEAzG nPifxiJhRgbbRPmYwQYIDmFVkguhyEClOlHo2xkJW8hbNcA+Nt5wlQ6+ymt4nWwe XmA19SWGaYVYUVWbMABXD+GtVPh5GMbdlnHBDSaJ00RSjIiVuhuskP1u2lTZkvju mfrj1hi9+uHqhLdEQF6gLORCTX283GsOAO9kmoByKKcP36p1sOrRK24TM3lujq0q w5CKFgGIZKU55TDUcIhpYbr4sYvm9LaQ0t6ZpZMISqQrh0zDZ6xgHOqG4bbe2I6q izRuI8OP6RCkDOrxUl4K4xX7M4HLgZB7JZ7l/4o+z9+VlDDbWRi+YtTRc/Rks5SI 9oSFLgbZW43GZqNv7pg2uML5GUAzSgYRFE3tIzKIDPp+gEArJK94PXPAmA2BLXa/ wUpby4ChIlWj24dTwYF6/VnOrALD6azQbjUafueyTYKG0uqKSI3xxd3LX0dKGGxA yFqm8T7qZ8+5sifOMtygbHzav6afqc7oSRm6CNrXcMjdbHooto+4PGl4X3TOWw97 F7STRwURJrd9CkZ+CJG01Ws/eRgGRqKS/hbxaTyoD7IShdkwOQE= =3Zit -END PGP SIGNATURE-
[SECURITY] [DSA 5434-1] minidlna security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5434-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 21, 2023 https://www.debian.org/security/faq - - Package: minidlna CVE ID : CVE-2023-33476 Debian Bug : 1037052 A heap-based buffer overflow vulnerability was found in the HTTP chunk parsing code of minidlna, a lightweight DLNA/UPnP-AV server, which may result in denial of service or the execution of arbitrary code. For the oldstable distribution (bullseye), this problem has been fixed in version 1.3.0+dfsg-2+deb11u2. For the stable distribution (bookworm), this problem has been fixed in version 1.3.0+dfsg-2.2+deb12u1. We recommend that you upgrade your minidlna packages. For the detailed security status of minidlna please refer to its security tracker page at: https://security-tracker.debian.org/tracker/minidlna Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmSS/7tfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TzDA//ZBIbt2df3MU96n7Aef5oAYAmssjm1OPj1jUn1R3GNzj5fzHjvJWrY7yI UtsWrJd6UpImAuPrNCLL5F0HQ4AWsEVVHac/GpjWgeaHv4NwGXhPBBABujJ46hBA nhenlk6ROqc750G1Lj9cP9UvLOqGvhJzDH/aeCiuJh6nRxU8aRm/Wg2lFFy/3M6T mwgTfZ0VZlIX2raAFZyA4P3a63eVv0iaiEUM7Cu/Fva3N3jmOyqueMziPPPbOPDZ /4kpHv6STdFX1VkMdQ0ZGwW4sRneWUeBIHdO1iVHlQqHtzymC9hZgpNiRG+jxLjF jY5n2cOcF5RLoFILkNeKXyYziUX3syvPEKLH14kxk3hFdhTxx9E140URAaBr7X/m 72caxOh5MY4b4CzWnDmxYB8uuAjLSaeKudm1ABq8GFIBYhIxhdjtpO1MgyWoziZ1 AOsr8r9NqhmaFSVCZ88ajsn1hK+zv2HKeFoiDQfuFS1Gn0yykunt348eyHIltBYf rnMIB9xQtmzEA3yRakiKzEWfzzwm4pdkEGbckCoOxDmptT5zKX95qX5GnlFaflXN 92cY0O5IR9IM2WuPYF0yX7EniCJxTQO+R3Sy/dkU/tNEn4riKql2WIttHd0c7jJN NGi07tm/TAx7X+tkhcp7KBNubyUVvHKctnEKsX/LgM1Jv60/3R8= =gHmj -END PGP SIGNATURE-
[SECURITY] [DSA 5433-1] libx11 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5433-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 21, 2023 https://www.debian.org/security/faq - - Package: libx11 CVE ID : CVE-2023-3138 Debian Bug : 1038133 Gregory James Duck reported that missing input validation in various functions provided by libx11, the X11 client-side library, may result in denial of service. For the oldstable distribution (bullseye), this problem has been fixed in version 2:1.7.2-1+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 2:1.8.4-2+deb12u1. We recommend that you upgrade your libx11 packages. For the detailed security status of libx11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libx11 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmSSwdZfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RK+xAAlgl5li8mTpTB5e+HbDF5DSrw8BtyiKKrn8X/D35DuLwPE14MoT1u9yx0 7mqUjuNkQjOyQ4DS4DW+UZlk+q4ljlj2lw2qTvtSXVgw42VWVyZGnZfeuH+Bhdmq cf5jxD69+3TdmIn3iC1egTUUlUm1aUS6h0GvioFF+QZ+Nbu43QpiPMe4EEOSLauF b9l6CJMo4bfN6+luKX5q/wd9sG2P5aHEPpp1UXphFDfi3XjITsLJthDGwKOk0B6M +AQcEO9sTMZiwdK9iIK1ySg1oJpaQtTie2MdXJynIs0PA2uYQa6ORwXYwsv4Fdpv MSSF4mHfkzninuGcSfkH0FN+zS4H28Qh/nflrTCf1i4fCmS5Nn9k+Hfueo4B4NeT IIA2HnaNItWePD7KBo6griGpRU4L1xcktx2x4VAwOz7zSLq+Ydd0xEdGj1oM2Lpw C/euNCesBhonBuYWuKiZCp10zirPdgupm9K9x974OtnnkeJ+gvfUYgzGtELUQ4ef NqIAks1HlGmqZSfgtEjTYFFMVKd7OUSaLUxbrxdzttnXVYHSFfn8o1ESt/JxBosg 78DhI/LognZM9/XyXDkmEpDhB0RPN7AIy+t0dKcn53eTBaERy+ES4HXL8dflSbbJ Iopa8jVXqkyZ+gqu94jYGXYHmKmzd8TwlL6fRvC2/Jg3LYWYBEQ= =XLRD -END PGP SIGNATURE-
[SECURITY] [DSA 5412-1] libraw security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5412-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 27, 2023 https://www.debian.org/security/faq - - Package: libraw CVE ID : CVE-2021-32142 CVE-2023-1729 Debian Bug : 1031790 1036281 Several vulnerabilities were discovered in libraw, a library for reading RAW files obtained from digital photo cameras, which may result in denial of service or the execution of arbitrary code if specially crafted files are processed. For the stable distribution (bullseye), these problems have been fixed in version 0.20.2-1+deb11u1. We recommend that you upgrade your libraw packages. For the detailed security status of libraw please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libraw Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmRyXNFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0S6ehAAlIVUex5cV2eOg9y4Z4MrXPPEl7DPhsEItBnU6tA0PQLxImblhRY2+bru Fw7S3ovXQxOJQRW3CQ7ykRenfERuZXvENJwbauwD4XFAFPOHcs0lEkdAumQ4pEnx czetY/GXvXVqZ5L2LD8SDLrPLO37u5JNZGclVHn+2OkzSPm3rMwvXXPy0uik6PG1 dlJBTbAeTm8bCls+TEvcCD3M1EgwqcJ4Cemnd43R4BvLsd8FJWWB41XrbvEtt5s6 44k3eJ19EkjYJ/lfi2Uu2b6m1crdFt1DSFl1UlGaMWL/Jz+R8OzAYenlY7RRXzZO sMSPlt4B4TUC1AG0WgeZhec4StNDhdQyNZ4ild/2yUqR0cdMLWIHs1Lst+Yr4sKO 4BAe75otA93nV49bicwgA+8Sb4nehLZAIm+dUbc+6SmqwntHsfZpSyWTt4FuAH6d M8R6hOAXkQ7DI9x9eod1NLH0FXqcl61qAKrfs348Rd4vPZY5TCndxvSJDuyynDFs 9GrYKgN0mN/2ePAgj2Y7CvfUnkoVwK9AeQRETkSLzTwivT+XBc2RUaYRohGARp7D XnoEhtvLUx1Efr1LKXNizT958kpBPvTp3fVf6iP/fW9VtZudbvQb2wBrF7iDe/r4 PX2OoYXdbm5qiV7wU20M+YQwZqIva95FQkKxdtPfnYzAWpWMa8g= =Bfzv -END PGP SIGNATURE-
[SECURITY] [DSA 5407-1] cups-filters security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5407-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 21, 2023 https://www.debian.org/security/faq - - Package: cups-filters CVE ID : CVE-2023-24805 Debian Bug : 1036224 It was discovered that missing input sanitising in cups-filters, when using the Backend Error Handler (beh) backend to create an accessible network printer, may result in the execution of arbitrary commands. For the stable distribution (bullseye), this problem has been fixed in version 1.28.7-1+deb11u2. We recommend that you upgrade your cups-filters packages. For the detailed security status of cups-filters please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cups-filters Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmRqIcNfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q/TQ//eDHbekYkCVNTzg+F+bWhG/PboO6n5Xs2eQCrYmObK4DEXx/lUvpIh77u H5EHwMcJaYQpoaDoxJH6ETtGZ+PHsHcf9hjcg3GWhWt1tQ93UIgW3o0y/piyfTyS OIsNv2lk1F7FMvfUOYS/xHxbRdNPKYcEUUqcMJT4Lmj7RS0LpOWpiisxS8BwgUYi AL9ZtyOZTx6R/TXIWkAlR/KW+5OWyRC8SnYaesr2nkTabnwfuDs2RRLj0mUNIKd5 Buj2NsRoEQ1diugBM2/3XHPJaeoCgZeoh2JzZ2V84JRbSxyNVJNJJh+Ot4ONO/Y8 7PrXH7HQPgAyhikKyfgs0OTisHPC32Ezds8lB96eBE7yuy8Oi09vu1WtvQgm9xAd 3sCNgb/PMx8ONTwxLkSfb4tElcNPcjYpMzXJmKIBr4AE8vs3SY2oGyEfeBdj8v2o M62HFxHlPvc2+9KSIh5TLWTvr0Qkpn0etwp7wO+e1M8dCswIQRyimwg6Rfduxi0+ Yr9Fw+vWwh/c9JAg3SdNerGPNB7IWXCQ11+qWk3ai36wqsxMwZC81kTWeFRzaFEl 5xeMWkeCpi91CZr1LM3RKj7UySMLwI/m2BLGEvz11jVZUSW3xu/2UOTD1q1vSr9g Twj2cg6u1RQDzitAqZbxe1aXxwrbnlCTxtnriBD7iqTvb0yQ20A= =upCN -END PGP SIGNATURE-
[SECURITY] [DSA 5406-1] texlive-bin security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5406-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 20, 2023 https://www.debian.org/security/faq - - Package: texlive-bin CVE ID : CVE-2023-32700 Max Chernoff discovered that improperly secured shell-escape in LuaTeX may result in arbitrary shell command execution, even with shell escape disabled, if specially crafted tex files are processed. For the stable distribution (bullseye), this problem has been fixed in version 2020.20200327.54578-7+deb11u1. We recommend that you upgrade your texlive-bin packages. For the detailed security status of texlive-bin please refer to its security tracker page at: https://security-tracker.debian.org/tracker/texlive-bin Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmRogV1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q8Mw//dU+/D/UBb2JkwXlEIokR3DA2T8caFdICcRICYBEAZCGIonM2uzbUIy5D bRtAit45gOqWY+VS+Z0zuPPTzUek7m99+L3yjXg9FSW1qsWVgBQu6w+L9CBDQBf0 KUbzaXgAsqQoxzul08SwQY3gQV620PuNpt20HfVM4QUR03r92QHH1pSPzA6nWzcR UYoj8rK2F0NYish95yuLrU+sRCw5LWbPpQkwDFw6L37Ml0GQJ6lIa/2jhHrUe/VR D4PU9knWeYcudegUNjt5UfbLk2DWR99zaIazBJUazBFoBiLJwx9b6UqvJHzyvdQF O9v6zRC+Ds9jIpbV0fwVRSRqaxYB23SgpJXp7gB0lVhWDFFLJ9EkI8sftsgTwEhP xfZ1xHrzdIfWjmuIHo4+HQhDUzikJNe7HYlLP6vE1LszGMJhusrbxkgjJqcqSH+J Zdaw4IzfVYd9ms0Kc0Ec5N1DABOW4UoN5//gq13Ny43QW/K8wzzEKFnwe84FPEwz Fe5iMfZswjXsCyn3Se/fJWcFp082TW6iOOegcJaYD/YcbzmKigJv8L8XlyLNjaEV OyXsdY6AQlXSRp7bbcMtmqoH2b3wsS5KX4mD+XJ+sJynbSW8xwMRiqOan3h0PtL8 7RHEiBCbeqznhdkZbs5NDVURUqT+Jy5+yUlHc5+BFqVNQ4e9LsA= =3/W/ -END PGP SIGNATURE-
[SECURITY] [DSA 5403-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5403-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2023 https://www.debian.org/security/faq - - Package: thunderbird CVE ID : CVE-2023-32205 CVE-2023-32206 CVE-2023-32207 CVE-2023-32211 CVE-2023-32212 CVE-2023-32213 CVE-2023-32215 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the stable distribution (bullseye), these problems have been fixed in version 1:102.11.0-1~deb11u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmRhMc9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QQgw/9GxNcer8MiXFdQY+lYrRTVxNy2AqwhHz65PFypIRD9h24drCYdzsyFlhE bxlr/SqGIuHNZX4B84XIoC079BFp9PsX8lazDteyx5JOKmUMkrXxf1LFsLP/GuWw 2NtsMp0njJry4FNAnw7hcqtYe+Tyg5ooxmkohAYAedsnLz+tM2gdV3OcKYufy3BB PJBa8O8f1Lf/X1ssn2Bt5OTAU5VT99LcCiuq63T/uN3D7mG5QW4q4ApqFJ+l2cF4 KCP6Q8ITKbZDnDBIp8k1pFfqpEEV2gChYDIW8BXxMqfLWi37E/chhD/xzhG1BNc1 1JPdjYbB2up1tT6IAYmB/qodb5sZpBEoRwOQLmViJzNItlC9u4h5ppR0oQR0R9AL 6gcDo2gDWE5wOSqVfoGrzgUl9FyxgDMppl4HzXNzP6qZ5fkCEvKAVcGvMuNy0rAt T4Aw5jNl0ePTurCU+zMM8EGdQTqCaEjDnIawfAaEMtv5Hb/wXP8KPPCU8mouUO/E iOlQfZS7bqBeZQZgADfnZx3pXQmDYB3fdb0BTsjnD4PJMtpR5YkAJPhAQEkO/ul/ emNwPVc6G5Ly5k92XVKXeomW1nUugqLKmxyo5eHPgPa4/HJfPWayb5v7XSUIs8T2 nZo4Zu7CQrQGNghVxY3RlKjfdQ38ty5s3RW4bIlp5RZMmuv59ds= =WOGd -END PGP SIGNATURE-
[SECURITY] [DSA 5402-1] linux security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5402-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 13, 2023 https://www.debian.org/security/faq - - Package: linux CVE ID : CVE-2023-0386 CVE-2023-31436 CVE-2023-32233 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2023-0386 It was discovered that under certain conditions the overlayfs filesystem implementation did not properly handle copy up operations. A local user permitted to mount overlay mounts in user namespaces can take advantage of this flaw for local privilege escalation. CVE-2023-31436 Gwangun Jung reported a a flaw causing heap out-of-bounds read/write errors in the traffic control subsystem for the Quick Fair Queueing scheduler (QFQ) which may result in information leak, denial of service or privilege escalation. CVE-2023-32233 Patryk Sondej and Piotr Krysiuk discovered a use-after-free flaw in the Netfilter nf_tables implementation when processing batch requests, which may result in local privilege escalation for a user with the CAP_NET_ADMIN capability in any user or network namespace. For the stable distribution (bullseye), these problems have been fixed in version 5.10.179-1. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmRfblBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0S/ehAAimoZ2PphbMF53apge94ZKEnKKG2k43nEIDBumQsa8tFCmVxHKrxTV+qo 2OnkmuXO2W7kexlHNtnHfKie7pYI+0vLrxNQqyBBDHfUAvUC7cvVgZUG+O+K9v+r TY60UJBkVwW3bY99MUMtwSsy0pN7dHqc/YQTWacPYSVuZ/GRn5/PLhDu9p6vdROD BxYtcGF93I0EfGgjCqPZ16rivCwtIck4/GaQCBgypDa2N0h92Y/uTEebaA3LEC72 DuiJc1kPHpecGe11Xay1+KVt0q3CjwAxbjj740t/ySn+OzGqbSRpLk5IIsLuZL8F hh+tsB3PDTpO9yOVNokO7h0wlja03uVFyddwPf8jkv0fsFo26OTkl1aISA6/gmT2 hymNBwPs5OAxX2f7Fe9jwHllBlLCb+xwiejBcrdNUMOsG2Krd7B5ABlj4shQPylQ 9NxPHgk9GrCjBFcRaCPoQBaIw5AT7R3Rv7xkyH/XzlXCvuckiJlZMwIw7AVDnRtv orZ42xSxaZu1AyIVv48f2JinLrLTBIjj7BQrzq5M+9SXL3bGbv9ChzwoxSK7STc4 UJ13fZxmQbC50c0xmT1VbiYDIeE85cCOkuF+Heyqw3vJioFFl9tHEt8GT1FrHoUl 9IcX1l0CB62Sh7s8jdFnvSVur5ZfZbXyUIxWeNIHrF9PinQsVJY= =sqnY -END PGP SIGNATURE-
[SECURITY] [DSA 5391-1] libxml2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5391-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 20, 2023https://www.debian.org/security/faq - - Package: libxml2 CVE ID : CVE-2023-28484 CVE-2023-29469 Debian Bug : 1034436 1034437 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. CVE-2023-28484 A NULL pointer dereference flaw when parsing invalid XML schemas may result in denial of service. CVE-2023-29469 It was reported that when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors. For the stable distribution (bullseye), these problems have been fixed in version 2.9.10+dfsg-6.7+deb11u4. We recommend that you upgrade your libxml2 packages. For the detailed security status of libxml2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libxml2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmRBo8BfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SJJg//UIK3AxfSJq/tbbIu1hav33WMU6LMM0Jg/eEFB6gY4NFM45GMFn4UuSVb uenD4Nx5CyRnahhypbxzZdsVO9DjrAGjBpoyjlOHNQPddHRYbujZU0gVHwfam50f KJjdnkzFwsxkTOwF0UloNwqAvBUp2LG5Eqjz1CPvcbAAyRYIyyYdj3uLRuz/Zv8J 6z/nvDndCsN4RWqioGvaH084Y0QsmkGV7devmEDZ9ybiiGBQ4Dq3H2aTMYwx63Mc N7kbcGEZiuBT4S5fZXzmlH5lEKjlSbOzhqXyL4UxnrXs7RaAc+qqamokTKyy2hzf aW7zoEPymSl7Zoix3r8BR4GZs6HlPUhwOdnuRhqqOzF1Q2qmefj5GtlmuhtSmZKa n8AdLuFEp42Rxii6u8UJZ7RS3lqH70RgMgBKtjLD4TX6RpisSwGzrjKh7AonFLPF eaEXbABD8/wTePQCbzYNn8xWgkT8A4a3PRnQEwFJO51ajhx772O9XepqSh46INnx raxFAyOPveHXfi+6msmP7gf5TxNa9FA69eQOoyZJpMxlm8u4DvPNPN75TdA4alMD g5l41yCec745vFt1lhBHki//CTey7NCi5ElqBKlvoQV7SgIUeHW5U6TWDgWTTfZN 69MWFk14M7ddEP+0cckyTcHun2vid7dm84iEwwbg0dMHcmpDV1Y= =btNX -END PGP SIGNATURE-
[SECURITY] [DSA 5388-1] haproxy security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5388-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2023https://www.debian.org/security/faq - - Package: haproxy CVE ID : CVE-2023-0836 It was reported that HAProxy, a fast and reliable load balancing reverse proxy, does not properly initialize connection buffers when encoding the FCGI_BEGIN_REQUEST record. A remote attacker can take advantage of this flaw to cause an information leak. For the stable distribution (bullseye), this problem has been fixed in version 2.2.9-2+deb11u5. We recommend that you upgrade your haproxy packages. For the detailed security status of haproxy please refer to its security tracker page at: https://security-tracker.debian.org/tracker/haproxy Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmQ4YxlfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RA+g/8C9B17OgAEYmOivNLX/0SmHC0WQft66LH5a3lrr+xgncSO6h7REzVlgMX IffI+RnTxTuHH0sMb8S1rYsAfaHeAHGzXOEKiooPVwMix3TMTR6mocv5D1V4smTi I8JWZSDIzPLKn1EYKQDXxg8wz6nEVsc5njF8SAcWZ1fDDLgbbVtUEY9SL2dkGLF+ QlsGWnsseN6AzNfVm7vYIdTzSFbc1Hd3mnlL+uIolhKkGLtQ+iMTLxWjxu1n4MqI Yh3VR/f2BUVez9JP3GZ/BOEZU/M3b91QYjmY2OghAlNBBXlL/jMmbZAAAfFukIK1 JIb23iLac/bjv6e8yixwLX0q+t0j4ZTpxmln+iiIPLSZ/1IBYXOvf6nrP/cIueGq wlMFdD6qRm7s8cIsx4Gw8bb+ge9zUCOdkX0uPzLDRWul3e+69fdmWazcmDXIFOrg Bcp5cp4i33r0+T338rimyN4Q6CyqYQ756gf5mK8kq/vVLI4qyLYmVjZj2eAUI6EP WptxP0UKUarFtpYsc2XRRFb66bxaRTf1yuPvR3aRJKnBW4+KnuiTho1J5wa/HaK5 51NWwbgmICsbGsfI5/S0cHpYcvdSRG5SAZavFGUT/dIlsOD4OdjevHGnN021AYP1 +EqLuX8Zsq5DQKh3s/yUsl6svTTBOiXZxVer9DLYD+D4yuqkqIc= =6SUU -END PGP SIGNATURE-
[SECURITY] [DSA 5383-1] ghostscript security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5383-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 05, 2023https://www.debian.org/security/faq - - Package: ghostscript CVE ID : CVE-2023-28879 Debian Bug : 1033757 It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, is prone to a buffer overflow vulnerability in the (T)BCP encoding filters, which could result in the execution of arbitrary code if malformed document files are processed (despite the -dSAFER sandbox being enabled). For the stable distribution (bullseye), this problem has been fixed in version 9.53.3~dfsg-7+deb11u4. We recommend that you upgrade your ghostscript packages. For the detailed security status of ghostscript please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ghostscript Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmQt3rNfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SoRRAAiGi3uTGuwMOc2Nh6RAqZ+vUewF+B0NUkGFAI0SJCaD5J8ka0qLDoG9pN zm5hotukboDIkG+r6jYE0BpGGReQNtstsmQfFUc8HWbe7wyTNv+r8HADU9Cfe44R Jd1yVokt4opHU16D+OJC4Ffdm0iQt6iW1Ua2MbftJH7IF1c+fL7wST45WZz6z6dl ac0cRPHn17JMH9oH0fsR+A2dBrCIIVdAQT2Rb1y9WpzAALZ92PfNA0DsCqytkaod 6Xxd8lYGVd46nFz8gcpGi6JSrGxnegTlc4QWkTF5Xvn1hTyzN4ciWHhzzvE1IzWi nFUtELH3/1vbhcyGRFSjjzcfSZhkYqnAFeA28skgTaNV4W8M3RxvPSSd6ElcUvJE qX1Sk3o6q4fKLS42bnNAlB54FsJGsoue4ihn+1gOwp6bVTHmyOPAWbdZeVWrCfll sA3JyGTcGw8pkDxxXfYJk+QnFtH6h+X5/tBXL2iXxpKTd1i65ZGnEQF5VRR9WE4M x/afmsE7az6MS6m6GffiH9dyp+zRPKnvPMWdABatNYXPDUpl4ciFQC3BcU7lcJ7b 56nvAycgRRiAcAMO8q88jDAN9TABrAupW/Z9psa27ANGp4qpdJ9mIpeQI+T1bfAw JjtlKgN6zU63Ij8CiZeVEWbMAm5McRldbC3jiWYv2W/RSOmL7So= =ZcFg -END PGP SIGNATURE-
[SECURITY] [DSA 5382-1] cairosvg security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5382-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 05, 2023https://www.debian.org/security/faq - - Package: cairosvg CVE ID : CVE-2023-27586 Debian Bug : 1033295 It was reported that cairosvg, a SVG converter based on Cairo, can send requests to external hosts when processing specially crafted SVG files with external file resource loading. An attacker can take advantage of this flaw to perform a server-side request forgery or denial of service. Fetching of external files is disabled by default with this update. For the stable distribution (bullseye), this problem has been fixed in version 2.5.0-1.1+deb11u1. We recommend that you upgrade your cairosvg packages. For the detailed security status of cairosvg please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cairosvg Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmQt1clfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SHSA/+JRGHd5ccJTCZWYjtXDsq3tjP77dofbJW24Q+jEa22iQNkHHaW+k7jA+0 DupIu6apNuA8WoGbBYEA24zG0c/XplIKYC7N0e+23wrX0pbamNyENIkWtFKSeY0U nYcNCSD+rL3GasVKiUOvdaWk7PZqxgIU1+ORgnvDVUHY2BB15cEVDKAvcwIrd71K kU6JbGdAoufek30UszsyMTs+ULp00uErgzq3jrxnJ5NCAnj8i7sI+DGY/aqEkOFE gZi7gIRDkK68VPMxQAUFCB7n/vIsqFrJTdwJ3xIhaZixEXgbLr4TBY1VhqixljNi jSq2A72lTqotiKbXLiBy8l2vf+9T1au9qhImMViN3Sr6NDm3mjc/2wQv8ECopMiX MsbaJOjS/Fslbzc6jleK+xvhwkpwqbOYd9eyhX5FEEGdzHRJR093dy7Rp1t58QIk jOw4gS5psq6YEDtcTwyA7CAUZpZ0KGPiaM9+sY68iFsIa/b3HKnkGD+/Xp727CZL StSTYx/LOB/VSGOhxmSxQMpVJ9UMcFoCFfq+4xij1losWprs4nbEa/4CsPWWYuL/ eWuMywMvev9adj55x6voruJ2eKxFFiQ+wR2JcdKXY5oXqzNAfjKLLHPjzq2co0Os IJ9x3kAM9eCct13Iq1gsz4tuj3zJgI4458cci5iMiRKjwdsClAM= =vgG/ -END PGP SIGNATURE-
[SECURITY] [DSA 5380-1] xorg-server security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-5380-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 29, 2023https://www.debian.org/security/faq - - Package: xorg-server CVE ID : CVE-2023-1393 Jan-Niklas Sohn discovered that a user-after-free flaw in the Composite extension of the X.org X server may result in privilege escalation if the X server is running under the root user. For the stable distribution (bullseye), this problem has been fixed in version 2:1.20.11-1+deb11u6. We recommend that you upgrade your xorg-server packages. For the detailed security status of xorg-server please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xorg-server Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmQkNc1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TcaA/+MDyL5ZfwUH63eGRjsDgYlfwiTKPEOG6XLjT5dmTX8nBJtt+SSP8TA2u7 Tm76IUS6chdLDTkhoEo0iEfaFMOWyCWcDcWJY9BEGxIlOu84Hbx+zzwx1sFFHytL NKRLTWHiMknT9j4mBnmgqUeXSWtyhzHBHniRpHgTFvnVMOdLCyZSg9EjWAldxVhK KluolmLF6j+KCG14OWx62lUrX5hFOW9fUPVs2FHVD02qp8/MjyLLJAGVA0GVDqC/ uXs46KWrpudUjqh4uOERY0Pa9zQ/CCZnp/VElr8kdOVWsChvs2sC63/6H/2dHyUV TPI5dEO/IDa96SKxNLQl0pHIhzPUAntJPVfu40edhXiLBrkag13y+e/ipvjk1OTD h2W0cq8GQ2Y+mNNme0CmS8xVO9V4XT1ScA1HpeDEPooOxFsepCSdWsEHDLUQOjkW uUMVRGpeE+RM4DX4roU/dfn029kzZWTx7/50XW2++8iQvLJY9G79pkMUyh/QLhQ1 XgNTU684YbUQTgeLuMJXlB9hU0YWeO20/Yq9pFAzIhT2IRELcdF7cQm2Yvfy7eHc bs3OwdyqVrZkzBwFYj6bFm2iSQVgAl3lyv4QwZel82dMEZusD2bggrwsWB8tjsY5 T8GL0HjdNpLSHQb2AwlmsdmteXkvQLiZarw74dQBLTvjpVGjP4s= =FUIu -END PGP SIGNATURE-