Debian Security Advisory

    • Offizieller Beitrag

    Package : expat

    CVE ID : CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314

    CVE-2022-25315

    Debian Bug : 1005894 1005895


    Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.


    For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u3.


    For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u2.


    We recommend that you upgrade your expat packages.


    For the detailed security status of expat please refer to its security tracker page at:

    Information on source package expat


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : thunderbird

    CVE ID : CVE-2022-0566


    An out-of-bounds write was discovered in Thunderbird, which could be triggered via a malformed email message.


    For the oldstable distribution (buster), this problem has been fixed in version 1:91.6.1-1~deb10u1.


    For the stable distribution (bullseye), this problem has been fixed in version 1:91.6.1-1~deb11u1.


    We recommend that you upgrade your thunderbird packages.


    For the detailed security status of thunderbird please refer to its security tracker page at:

    Information on source package thunderbird


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : cyrus-sasl2

    CVE ID : CVE-2022-24407


    It was discovered that the SQL plugin in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, is prone to a SQL injection attack. An authenticated remote attacker can take advantage of this flaw to execute arbitrary SQL commands and for privilege escalation.


    For the oldstable distribution (buster), this problem has been fixed in version 2.1.27+dfsg-1+deb10u2.


    For the stable distribution (bullseye), this problem has been fixed in version 2.1.27+dfsg-2.1+deb11u1.


    We recommend that you upgrade your cyrus-sasl2 packages.


    For the detailed security status of cyrus-sasl2 please refer to its security tracker page at:

    Information on source package cyrus-sasl2


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : varnish

    CVE ID : CVE-2021-36740 CVE-2022-23959

    Debian Bug : 991040 1004433


    Brief introduction


    CVE-2021-36740


    Martin Blix Grydeland discovered that Varnish is vulnerable to

    request smuggling attacks if the HTTP/2 protocol is enabled.


    CVE-2022-23959


    James Kettle discovered a request smuggling attack against the

    HTTP/1 protocol implementation in Varnish.


    For the oldstable distribution (buster), these problems have been fixed in version 6.1.1-1+deb10u3.


    For the stable distribution (bullseye), these problems have been fixed in version 6.5.1-1+deb11u2.


    We recommend that you upgrade your varnish packages.


    For the detailed security status of varnish please refer to its security tracker page at:

    Information on source package varnish


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : chromium

    CVE ID : CVE-2022-0789 CVE-2022-0790 CVE-2022-0791 CVE-2022-0792

    CVE-2022-0793 CVE-2022-0794 CVE-2022-0795 CVE-2022-0796

    CVE-2022-0797 CVE-2022-0798 CVE-2022-0799 CVE-2022-0800

    CVE-2022-0801 CVE-2022-0802 CVE-2022-0803 CVE-2022-0804

    CVE-2022-0805 CVE-2022-0806 CVE-2022-0807 CVE-2022-0808

    CVE-2022-0809


    Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.


    For the stable distribution (bullseye), these problems have been fixed in version 99.0.4844.51-1~deb11u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : firefox-esr

    CVE ID : CVE-2022-26485 CVE-2022-26486


    Two security issues have been found in the Mozilla Firefox web browser, which result in the execution of arbitrary code.


    For the oldstable distribution (buster), these problems have been fixed in version 91.6.1esr-1~deb10u1.


    For the stable distribution (bullseye), these problems have been fixed in version 91.6.1esr-1~deb11u1.


    We recommend that you upgrade your firefox-esr packages.


    For the detailed security status of firefox-esr please refer to its security tracker page at:

    Information on source package firefox-esr


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : containerd

    CVE ID : CVE-2022-23648


    Felix Wilhelm discovered that the containerd container runtime was susceptible to information disclosure via malformed container images.


    For the stable distribution (bullseye), this problem has been fixed in version 1.4.13~ds1-1~deb11u1.


    We recommend that you upgrade your containerd packages.


    For the detailed security status of containerd please refer to its security tracker page at:

    Information on source package containerd


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : linux

    CVE ID : CVE-2021-43976 CVE-2022-0330 CVE-2022-0435 CVE-2022-0516

    CVE-2022-0847 CVE-2022-22942 CVE-2022-24448 CVE-2022-24959

    CVE-2022-25258 CVE-2022-25375


    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.


    CVE-2021-43976


    Zekun Shen and Brendan Dolan-Gavitt discovered a flaw in the

    mwifiex_usb_recv() function of the Marvell WiFi-Ex USB Driver. An

    attacker able to connect a crafted USB device can take advantage of

    this flaw to cause a denial of service.


    CVE-2022-0330


    Sushma Venkatesh Reddy discovered a missing GPU TLB flush in the

    i915 driver, resulting in denial of service or privilege escalation.


    CVE-2022-0435


    Samuel Page and Eric Dumazet reported a stack overflow in the

    networking module for the Transparent Inter-Process Communication

    (TIPC) protocol, resulting in denial of service or potentially the

    execution of arbitrary code.


    CVE-2022-0516


    It was discovered that an insufficient check in the KVM subsystem

    for s390x could allow unauthorized memory read or write access.


    CVE-2022-0847


    Max Kellermann discovered a flaw in the handling of pipe buffer

    flags. An attacker can take advantage of this flaw for local

    privilege escalation.


    CVE-2022-22942


    It was discovered that wrong file file descriptor handling in the

    VMware Virtual GPU driver (vmwgfx) could result in information leak

    or privilege escalation.


    CVE-2022-24448


    Lyu Tao reported a flaw in the NFS implementation in the Linux

    kernel when handling requests to open a directory on a regular file,

    which could result in a information leak.


    CVE-2022-24959


    A memory leak was discovered in the yam_siocdevprivate() function of

    the YAM driver for AX.25, which could result in denial of service.


    CVE-2022-25258


    Szymon Heidrich reported the USB Gadget subsystem lacks certain

    validation of interface OS descriptor requests, resulting in memory

    corruption.


    CVE-2022-25375


    Szymon Heidrich reported that the RNDIS USB gadget lacks validation

    of the size of the RNDIS_MSG_SET command, resulting in information

    leak from kernel memory.


    For the stable distribution (bullseye), these problems have been fixed in version 5.10.92-2.


    We recommend that you upgrade your linux packages.


    For the detailed security status of linux please refer to its security tracker page at:

    Information on source package linux


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : spip


    It was discovered that SPIP, a website engine for publishing, would allow a malicious user to execute arbitrary code.


    For the oldstable distribution (buster), this problem has been fixed in version 3.2.4-1+deb10u7.


    For the stable distribution (bullseye), this problem has been fixed in version 3.2.11-3+deb11u3.


    We recommend that you upgrade your spip packages.


    For the detailed security status of spip please refer to its security tracker page at:

    Information on source package spip


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : thunderbird

    CVE ID : CVE-2022-26485 CVE-2022-26486


    Two security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.


    For the oldstable distribution (buster), these problems have been fixed in version 1:91.6.2-1~deb10u1.


    For the stable distribution (bullseye), these problems have been fixed in version 1:91.6.2-1~deb11u1.


    We recommend that you upgrade your thunderbird packages.


    For the detailed security status of thunderbird please refer to its security tracker page at:

    Information on source package thunderbird


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : linux

    CVE ID : CVE-2020-36310 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487

    CVE-2022-0492 CVE-2022-0617 CVE-2022-25636

    Debian Bug : 990279


    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.


    CVE-2020-36310


    A flaw was discovered in the KVM implementation for AMD processors,

    which could lead to an infinite loop. A malicious VM guest could

    exploit this to cause a denial of service.


    CVE-2022-0001 (INTEL-SA-00598)


    Researchers at VUSec discovered that the Branch History Buffer in

    Intel processors can be exploited to create information side-

    channels with speculative execution. This issue is similar to

    Spectre variant 2, but requires additional mitigations on some

    processors.


    This can be exploited to obtain sensitive information from a

    different security context, such as from user-space to the kernel,

    or from a KVM guest to the kernel.


    CVE-2022-0002 (INTEL-SA-00598)


    This is a similar issue to CVE-2022-0001, but covers exploitation

    within a security context, such as from JIT-compiled code in a

    sandbox to hosting code in the same process.


    This is partly mitigated by disabling eBPF for unprivileged users

    with the sysctl: kernel.unprivileged_bpf_disabled=2. This is

    already the default in Debian 11 "bullseye".


    CVE-2022-0487


    A use-after-free was discovered in the MOXART SD/MMC Host Controller

    support driver. This flaw does not impact the Debian binary packages

    as CONFIG_MMC_MOXART is not set.


    CVE-2022-0492


    Yiqi Sun and Kevin Wang reported that the cgroup-v1 subsystem does

    not properly restrict access to the release-agent feature. A local

    user can take advantage of this flaw for privilege escalation and

    bypass of namespace isolation.


    CVE-2022-0617


    butt3rflyh4ck discovered a NULL pointer dereference in the UDF

    filesystem. A local user that can mount a specially crafted UDF

    image can use this flaw to crash the system.


    CVE-2022-25636


    Nick Gregory reported a heap out-of-bounds write flaw in the

    netfilter subsystem. A user with the CAP_NET_ADMIN capability could

    use this for denial of service or possibly for privilege escalation.


    For the stable distribution (bullseye), these problems have been fixed in version 5.10.103-1. This update additionally includes many more bug fixes from stable updates 5.10.93-5.10.103 inclusive.


    We recommend that you upgrade your linux packages.


    For the detailed security status of linux please refer to its security tracker page at:

    Information on source package linux


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : linux

    CVE ID : CVE-2020-29374 CVE-2020-36322 CVE-2021-3640 CVE-2021-3744

    CVE-2021-3752 CVE-2021-3760 CVE-2021-3764 CVE-2021-3772

    CVE-2021-4002 CVE-2021-4083 CVE-2021-4135 CVE-2021-4155

    CVE-2021-4203 CVE-2021-20317 CVE-2021-20321 CVE-2021-20322

    CVE-2021-22600 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713

    CVE-2021-28714 CVE-2021-28715 CVE-2021-28950 CVE-2021-38300

    CVE-2021-39685 CVE-2021-39686 CVE-2021-39698 CVE-2021-39713

    CVE-2021-41864 CVE-2021-42739 CVE-2021-43389 CVE-2021-43975

    CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45469

    CVE-2021-45480 CVE-2022-0001 CVE-2022-0002 CVE-2022-0322

    CVE-2022-0330 CVE-2022-0435 CVE-2022-0487 CVE-2022-0492

    CVE-2022-0617 CVE-2022-0644 CVE-2022-22942 CVE-2022-24448

    CVE-2022-24959 CVE-2022-25258 CVE-2022-25375

    Debian Bug : 988044 989285 990411 994050


    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.


    CVE-2020-29374


    Jann Horn of Google reported a flaw in Linux's virtual memory

    management. A parent and child process initially share all their

    memory, but when either writes to a shared page, the page is

    duplicated and unshared (copy-on-write). However, in case an

    operation such as vmsplice() required the kernel to take an

    additional reference to a shared page, and a copy-on-write occurs

    during this operation, the kernel might have accessed the wrong

    process's memory. For some programs, this could lead to an

    information leak or data corruption.


    This issue was already fixed for most architectures, but not on

    MIPS and System z. This update corrects that.


    CVE-2020-36322, CVE-2021-28950


    The syzbot tool found that the FUSE (filesystem-in-user-space)

    implementation did not correctly handle a FUSE server returning

    invalid attributes for a file. A local user permitted to run a

    FUSE server could use this to cause a denial of service (crash).


    The original fix for this introduced a different potential denial

    of service (infinite loop in kernel space), which has also been

    fixed.


    CVE-2021-3640


    Lin Ma discovered a race condiiton in the Bluetooth protocol

    implementation that can lead to a use-after-free. A local

    user could exploit this to cause a denial of service (memory

    corruption or crash) or possibly for privilege escalation.


    CVE-2021-3744, CVE-2021-3764


    minihanshen reported bugs in the ccp driver for AMD

    Cryptographic Coprocessors that could lead to a resource leak.

    On systems using this driver, a local user could exploit this to

    cause a denial of service.


    CVE-2021-3752


    Likang Luo of NSFOCUS Security Team discovered a flaw in the

    Bluetooth L2CAP implementation that can lead to a user-after-free.

    A local user could exploit this to cause a denial of service

    (memory corruption or crash) or possibly for privilege escalation.


    CVE-2021-3760, CVE-2021-4202


    Lin Ma discovered race conditions in the NCI (NFC Controller

    Interface) driver, which could lead to a use-after-free. A local

    user could exploit this to cause a denial of service (memory

    corruption or crash) or possibly for privilege escalation.


    This driver is not enabled in Debian's official kernel

    configurations.


    CVE-2021-3772


    A flaw was found in the SCTP protocol implementation, which would

    allow a networked attacker to break an SCTP association. The

    attacker would only need to know or guess the IP addresses and

    ports for the association.


    CVE-2021-4002


    It was discovered that hugetlbfs, the virtual filesystem used by

    applications to allocate huge pages in RAM, did not flush the

    CPU's TLB in one case where it was necessary. In some

    circumstances a local user would be able to read and write huge

    pages after they are freed and reallocated to a different process.

    This could lead to privilege escalation, denial of service or

    information leaks.


    CVE-2021-4083


    Jann Horn reported a race condition in the local (Unix) sockets

    garbage collector, that can lead to use-after-free. A local user

    could exploit this to cause a denial of service (memory corruption

    or crash) or possibly for privilege escalation.


    CVE-2021-4135


    A flaw was found in the netdevsim driver which would lead to an

    information leak.


    This driver is not enabled in Debian's official kernel

    configurations.


    CVE-2021-4155


    Kirill Tkhai discovered a data leak in the way the XFS_IOC_ALLOCSP

    IOCTL in the XFS filesystem allowed for a size increase of files

    with unaligned size. A local attacker can take advantage of this

    flaw to leak data on the XFS filesystem.


    CVE-2021-4203


    Jann Horn reported a race condition in the local (Unix) sockets

    implementation that can lead to a use-after-free. A local user

    could exploit this to leak sensitive information from the kernel.


    CVE-2021-20317


    It was discovered that the timer queue structure could become

    corrupt, leading to waiting tasks never being woken up. A local

    user with certain privileges could exploit this to cause a denial

    of service (system hang).


    CVE-2021-20321


    A race condition was discovered in the overlayfs filesystem

    driver. A local user with access to an overlayfs mount and to its

    underlying upper directory could exploit this for privilege

    escalation.


    CVE-2021-20322


    An information leak was discovered in the IPv4 implementation. A

    remote attacker could exploit this to quickly discover which UDP

    ports a system is using, making it easier for them to carry out a

    DNS poisoning attack against that system.


    CVE-2021-22600


    The syzbot tool found a flaw in the packet socket (AF_PACKET)

    implementation which could lead to incorrectly freeing memory. A

    local user with CAP_NET_RAW capability (in any user namespace)

    could exploit this for denial of service (memory corruption or

    crash) or possibly for privilege escalation.


    CVE-2021-28711, CVE-2021-28712, CVE-2021-28713 (XSA-391)


    Juergen Gross reported that malicious PV backends can cause a denial

    of service to guests being serviced by those backends via high

    frequency events, even if those backends are running in a less

    privileged environment.


    CVE-2021-28714, CVE-2021-28715 (XSA-392)


    Juergen Gross discovered that Xen guests can force the Linux

    netback driver to hog large amounts of kernel memory, resulting in

    denial of service.


    CVE-2021-38300


    Piotr Krysiuk discovered a flaw in the classic BPF (cBPF) JIT

    compiler for MIPS architectures. A local user could exploit

    this to excute arbitrary code in the kernel.


    This issue is mitigated by setting sysctl

    net.core.bpf_jit_enable=0, which is the default. It is *not*

    mitigated by disabling unprivileged use of eBPF.


    CVE-2021-39685


    Szymon Heidrich discovered a buffer overflow vulnerability in the

    USB gadget subsystem, resulting in information disclosure, denial of

    service or privilege escalation.


    CVE-2021-39686


    A race condition was discovered in the Android binder driver, that

    could lead to incorrect security checks. On systems where the

    binder driver is loaded, a local user could exploit this for

    privilege escalation.


    CVE-2021-39698


    Linus Torvalds reported a flaw in the file polling implementation,

    which could lead to a use-after-free. A local user could exploit

    this for denial of service (memory corruption or crash) or

    possibly for privilege escalation.


    CVE-2021-39713


    The syzbot tool found a race condition in the network scheduling

    subsystem which could lead to a use-after-free. A local user

    could exploit this for denial of service (memory corruption or

    crash) or possibly for privilege escalation.


    CVE-2021-41864


    An integer overflow was discovered in the Extended BPF (eBPF)

    subsystem. A local user could exploit this for denial of service

    (memory corruption or crash), or possibly for privilege

    escalation.


    This can be mitigated by setting sysctl

    kernel.unprivileged_bpf_disabled=1, which disables eBPF use by

    unprivileged users.


    CVE-2021-42739


    A heap buffer overflow was discovered in the firedtv driver for

    FireWire-connected DVB receivers. A local user with access to a

    firedtv device could exploit this for denial of service (memory

    corruption or crash), or possibly for privilege escalation.


    CVE-2021-43389


    The Active Defense Lab of Venustech discovered a flaw in the CMTP

    subsystem as used by Bluetooth, which could lead to an

    out-of-bounds read and object type confusion. A local user with

    CAP_NET_ADMIN capability in the initial user namespace could

    exploit this for denial of service (memory corruption or crash),

    or possibly for privilege escalation.


    CVE-2021-43975


    Brendan Dolan-Gavitt reported a flaw in the

    hw_atl_utils_fw_rpc_wait() function in the aQuantia AQtion ethernet

    device driver which can result in denial of service or the execution

    of arbitrary code.


    CVE-2021-43976


    Zekun Shen and Brendan Dolan-Gavitt discovered a flaw in the

    mwifiex_usb_recv() function of the Marvell WiFi-Ex USB Driver. An

    attacker able to connect a crafted USB device can take advantage of

    this flaw to cause a denial of service.


    CVE-2021-44733


    A race condition was discovered in the Trusted Execution

    Environment (TEE) subsystem for Arm processors, which could lead

    to a use-after-free. A local user permitted to access a TEE

    device could exploit this for denial of service (memory corruption

    or crash) or possibly for privilege escalation.


    CVE-2021-45095


    It was discovered that the Phone Network protocol (PhoNet) driver

    has a reference count leak in the pep_sock_accept() function.


    CVE-2021-45469


    Wenqing Liu reported an out-of-bounds memory access in the f2fs

    implementation if an inode has an invalid last xattr entry. An

    attacker able to mount a specially crafted image can take advantage

    of this flaw for denial of service.


    CVE-2021-45480


    A memory leak flaw was discovered in the __rds_conn_create()

    function in the RDS (Reliable Datagram Sockets) protocol subsystem.


    CVE-2022-0001 (INTEL-SA-00598)


    Researchers at VUSec discovered that the Branch History Buffer in

    Intel processors can be exploited to create information side-

    channels with speculative execution. This issue is similar to

    Spectre variant 2, but requires additional mitigations on some

    processors.


    This can be exploited to obtain sensitive information from a

    different security context, such as from user-space to the kernel,

    or from a KVM guest to the kernel.


    CVE-2022-0002 (INTEL-SA-00598)


    This is a similar issue to CVE-2022-0001, but covers exploitation

    within a security context, such as from JIT-compiled code in a

    sandbox to hosting code in the same process.


    This can be partly mitigated by disabling eBPF for unprivileged

    users with the sysctl: kernel.unprivileged_bpf_disabled=2. This

    update does that by default.


    CVE-2022-0322


    Eiichi Tsukata discovered a flaw in the sctp_make_strreset_req()

    function in the SCTP network protocol implementation which can

    result in denial of service.


    CVE-2022-0330


    Sushma Venkatesh Reddy discovered a missing GPU TLB flush in the

    i915 driver, resulting in denial of service or privilege escalation.


    CVE-2022-0435


    Samuel Page and Eric Dumazet reported a stack overflow in the

    networking module for the Transparent Inter-Process Communication

    (TIPC) protocol, resulting in denial of service or potentially the

    execution of arbitrary code.


    CVE-2022-0487


    A use-after-free was discovered in the MOXART SD/MMC Host Controller

    support driver. This flaw does not impact the Debian binary packages

    as CONFIG_MMC_MOXART is not set.


    CVE-2022-0492


    Yiqi Sun and Kevin Wang reported that the cgroup-v1 subsystem does

    not properly restrict access to the release-agent feature. A local

    user can take advantage of this flaw for privilege escalation and

    bypass of namespace isolation.


    CVE-2022-0617


    butt3rflyh4ck discovered a NULL pointer dereference in the UDF

    filesystem. A local user that can mount a specially crafted UDF

    image can use this flaw to crash the system.


    CVE-2022-0644


    Hao Sun reported a missing check for file read permission in the

    finit_module() and kexec_file_load() system calls. The security

    impact of this is unclear, since these system calls are usually

    only available to the root user.


    CVE-2022-22942


    It was discovered that wrong file file descriptor handling in the

    VMware Virtual GPU driver (vmwgfx) could result in information leak

    or privilege escalation.


    CVE-2022-24448


    Lyu Tao reported a flaw in the NFS implementation in the Linux

    kernel when handling requests to open a directory on a regular file,

    which could result in a information leak.


    CVE-2022-24959


    A memory leak was discovered in the yam_siocdevprivate() function of

    the YAM driver for AX.25, which could result in denial of service.


    CVE-2022-25258


    Szymon Heidrich reported the USB Gadget subsystem lacks certain

    validation of interface OS descriptor requests, resulting in memory

    corruption.


    CVE-2022-25375


    Szymon Heidrich reported that the RNDIS USB gadget lacks validation

    of the size of the RNDIS_MSG_SET command, resulting in information

    leak from kernel memory.


    For the oldstable distribution (buster), these problems have been fixed in version 4.19.232-1. This update additionally includes many more bug fixes from stable updates 4.19.209-4.19.232 inclusive.


    We recommend that you upgrade your linux packages.


    For the detailed security status of linux please refer to its security tracker page at:

    Information on source package linux


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : firefox-esr

    CVE ID : CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386

    CVE-2022-26387


    Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, spoofing or sandbox bypass.


    For the oldstable distribution (buster), these problems have been fixed in version 91.7.0esr-1~deb10u1.


    For the stable distribution (bullseye), these problems have been fixed in version 91.7.0esr-1~deb11u1.


    We recommend that you upgrade your firefox-esr packages.


    For the detailed security status of firefox-esr please refer to its security tracker page at:

    Information on source package firefox-esr


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : tryton-server

    CVE ID : CVE-2022-26661 CVE-2022-26662


    Jeremy Mousset discovered two XML parsing vulnerabilities in the Tryton application platform, which may result in information disclosure or denial of service.


    For the oldstable distribution (buster), these problems have been fixed in version 5.0.4-2+deb10u1.


    For the stable distribution (bullseye), these problems have been fixed in version 5.0.33-2+deb11u1.


    We recommend that you upgrade your tryton-server packages.


    For the detailed security status of tryton-server please refer to its security tracker page at:

    Information on source package tryton-server


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : tryton-proteus

    CVE ID : CVE-2022-26661 CVE-2022-26662


    Jeremy Mousset discovered two XML parsing vulnerabilities in the Tryton application platform, which may result in information disclosure or denial of service.


    For the oldstable distribution (buster), these problems have been fixed in version 5.0.1-3+deb10u1.


    For the stable distribution (bullseye), these problems have been fixed in version 5.0.8-1+deb11u1.


    We recommend that you upgrade your tryton-proteus packages.


    For the detailed security status of tryton-proteus please refer to its security tracker page at:

    Information on source package tryton-proteus


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : nbd

    CVE ID : CVE-2022-26495 CVE-2022-26496

    Debian Bug : 1003863 1006915


    Two vulnerabilities were discovered in the server for the Network Block Device (NBD), which could result in the execution of arbitrary code.


    For the oldstable distribution (buster), these problems have been fixed in version 1:3.19-3+deb10u1.


    For the stable distribution (bullseye), these problems have been fixed in version 1:3.21-1+deb11u1.


    We recommend that you upgrade your nbd packages.


    For the detailed security status of nbd please refer to its security tracker page at:

    Information on source package nbd


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : expat


    The update for expat released as DSA 5085-1 introduced regressions for applications using URI characters (':' in particular) for a namespace separator (while the HTML API docs of function XML_ParserCreateNS have been advising against their use). Updated expat packages are now available which relax the fix for CVE-2022-25236 with regard to RFC 3986 URI characters.


    For the oldstable distribution (buster), this problem has been fixed in version 2.2.6-2+deb10u4.


    For the stable distribution (bullseye), this problem has been fixed in version 2.2.10-2+deb11u3.


    We recommend that you upgrade your expat packages.


    For the detailed security status of expat please refer to its security tracker page at:

    Information on source package expat


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : libphp-adodb

    CVE ID : CVE-2021-3850

    Debian Bug : 1004376


    Emmet Leahy reported that libphp-adodb, a PHP database abstraction layer library, allows to inject values into a PostgreSQL connection string.

    Depending on how the library is used this flaw can result in authentication bypass, reveal a server IP address or have other unspecified impact.


    For the oldstable distribution (buster), this problem has been fixed in version 5.20.14-1+deb10u1.


    For the stable distribution (bullseye), this problem has been fixed in version 5.20.19-1+deb11u1.


    We recommend that you upgrade your libphp-adodb packages.


    For the detailed security status of libphp-adodb please refer to its security tracker page at:

    Information on source package libphp-adodb


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : haproxy

    CVE ID : CVE-2022-0711


    A flaw was discovered in the way HAProxy, a fast and reliable load balancing reverse proxy, processes HTTP responses containing the "Set-Cookie2" header, which can result in an unbounded loop, causing a denial of service.


    For the stable distribution (bullseye), this problem has been fixed in version 2.2.9-2+deb11u3.


    We recommend that you upgrade your haproxy packages.


    For the detailed security status of haproxy please refer to its security tracker page at:

    Information on source package haproxy


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : openssl

    CVE ID : CVE-2021-4160 CVE-2022-0778

    Debian Bug : 989604


    Tavis Ormandy discovered that the BN_mod_sqrt() function of OpenSSL could be tricked into an infinite loop. This could result in denial of service via malformed certificates.


    Additional details can be found in the upstream advisory:

    https://www.openssl.org/news/secadv/20220315.txt


    In addition this update corrects a carry propagation bug specific to MIPS architectures.


    For the oldstable distribution (buster), this problem has been fixed in version 1.1.1d-0+deb10u8.


    For the stable distribution (bullseye), this problem has been fixed in version 1.1.1k-1+deb11u2.


    We recommend that you upgrade your openssl packages.


    For the detailed security status of openssl please refer to its security tracker page at:

    Information on source package openssl


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/