Debian Security Advisory

    • Offizieller Beitrag

    Package : chromium

    CVE ID : CVE-2022-0971 CVE-2022-0972 CVE-2022-0973 CVE-2022-0974

    CVE-2022-0975 CVE-2022-0976 CVE-2022-0977 CVE-2022-0978

    CVE-2022-0979 CVE-2022-0980


    Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.


    For the stable distribution (bullseye), these problems have been fixed in version 99.0.4844.74-1~deb11u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : bind9

    CVE ID : CVE-2021-25220 CVE-2022-0396


    Two vulnerabilities were found in the BIND DNS server, which could result in denial of service or cache poisoning.


    For the oldstable distribution (buster), this problem has been fixed in version 1:9.11.5.P4+dfsg-5.1+deb10u7.


    For the stable distribution (bullseye), this problem has been fixed in version 1:9.16.27-1~deb11u1.


    We recommend that you upgrade your bind9 packages.


    For the detailed security status of bind9 please refer to its security tracker page at:

    Information on source package bind9


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : thunderbird

    CVE ID : CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386

    CVE-2022-26387


    Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure.


    For the oldstable distribution (buster), these problems have been fixed in version 1:91.7.0-2~deb10u1.


    For the stable distribution (bullseye), these problems have been fixed in version 1:91.7.0-2~deb11u1.


    We recommend that you upgrade your thunderbird packages.


    For the detailed security status of thunderbird please refer to its security tracker page at:

    Information on source package thunderbird


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : php-twig

    CVE ID : CVE-2022-23614


    Marlon Starkloff discovered that twig, a template engine for PHP, did not correctly enforce sandboxing. This would allow a malicious user to execute arbitrary code.


    For the stable distribution (bullseye), this problem has been fixed in version 2.14.3-1+deb11u1.


    We recommend that you upgrade your php-twig packages.


    For the detailed security status of php-twig please refer to its security tracker page at:

    Information on source package php-twig


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : tiff

    CVE ID : CVE-2022-0561 CVE-2022-0562 CVE-2022-0865 CVE-2022-0891

    CVE-2022-0907 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924

    CVE-2022-22844


    Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service if malformed image files are processed.


    For the oldstable distribution (buster), these problems have been fixed in version 4.1.0+git191117-2~deb10u4.


    For the stable distribution (bullseye), these problems have been fixed in version 4.2.0-1+deb11u1.


    We recommend that you upgrade your tiff packages.


    For the detailed security status of tiff please refer to its security tracker page at:

    Information on source package tiff


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : faad2

    CVE ID : CVE-2018-20196 CVE-2018-20199 CVE-2018-20360 CVE-2019-6956

    CVE-2021-32272 CVE-2021-32273 CVE-2021-32274 CVE-2021-32276

    CVE-2021-32277 CVE-2021-32278


    Multiple vulnerabilities have been discovered in the freeware Advanced Audio Decoder, which may result in denial of service or potentially the execution of arbitrary code if malformed media files are processed.


    For the oldstable distribution (buster), these problems have been fixed in version 2.10.0-1~deb10u1.


    We recommend that you upgrade your faad2 packages.


    For the detailed security status of faad2 please refer to its security tracker page at:

    Information on source package faad2


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : chromium

    CVE ID : CVE-2022-1096


    A security issue was discovered in Chromium, which could result in the execution of arbitrary code if a malicious website is visited.


    For the stable distribution (bullseye), this problem has been fixed in version 99.0.4844.84-1~deb11u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : zlib

    CVE ID : CVE-2018-25032

    Debian Bug : 1008265


    Danilo Ramos discovered that incorrect memory handling in zlib's deflate handling could result in denial of service or potentially the execution of arbitrary code if specially crafted input is processed.


    For the oldstable distribution (buster), this problem has been fixed in version 1:1.2.11.dfsg-1+deb10u1.


    For the stable distribution (bullseye), this problem has been fixed in version 1:1.2.11.dfsg-2+deb11u1.


    We recommend that you upgrade your zlib packages.


    For the detailed security status of zlib please refer to its security tracker page at:

    Information on source package zlib


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : chromium

    CVE ID : CVE-2022-1125 CVE-2022-1127 CVE-2022-1128 CVE-2022-1129

    CVE-2022-1130 CVE-2022-1131 CVE-2022-1132 CVE-2022-1133

    CVE-2022-1134 CVE-2022-1135 CVE-2022-1136 CVE-2022-1137

    CVE-2022-1138 CVE-2022-1139 CVE-2022-1141 CVE-2022-1142

    CVE-2022-1143 CVE-2022-1144 CVE-2022-1145 CVE-2022-1146


    Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.


    For the stable distribution (bullseye), these problems have been fixed in version 100.0.4896.60-1~deb11u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : firefox-esr

    CVE ID : CVE-2022-1097 CVE-2022-1196 CVE-2022-24713 CVE-2022-28281

    CVE-2022-28282 CVE-2022-28285 CVE-2022-28286 CVE-2022-28289


    Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.


    For the oldstable distribution (buster), these problems have been fixed in version 91.8.0esr-1~deb10u1.


    For the stable distribution (bullseye), these problems have been fixed in version 91.8.0esr-1~deb11u1.


    We recommend that you upgrade your firefox-esr packages.


    For the detailed security status of firefox-esr please refer to its security tracker page at:

    Information on source package firefox-esr


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : chromium

    CVE ID : CVE-2022-1232


    Sergei Glazunov discovered a security issue in Chromium, which could result in the execution of arbitrary code if a malicious website is visited.


    For the stable distribution (bullseye), this problem has been fixed in version 100.0.4896.75-1~deb11u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : webkit2gtk

    CVE ID : CVE-2022-22624 CVE-2022-22628 CVE-2022-22629


    The following vulnerabilities have been discovered in the WebKitGTK web engine:


    CVE-2022-22624


    Kirin discovered that processing maliciously crafted web content

    may lead to arbitrary code execution.


    CVE-2022-22628


    Kirin discovered that Processing maliciously crafted web content

    may lead to arbitrary code execution.


    CVE-2022-22629


    Jeonghoon Shin discovered that processing maliciously crafted web

    content may lead to arbitrary code execution.


    For the oldstable distribution (buster), these problems have been fixed in version 2.36.0-3~deb10u1.


    For the stable distribution (bullseye), these problems have been fixed in version 2.36.0-3~deb11u1.


    We recommend that you upgrade your webkit2gtk packages.


    For the detailed security status of webkit2gtk please refer to its security tracker page at:

    Information on source package webkit2gtk


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : wpewebkit

    CVE ID : CVE-2022-22624 CVE-2022-22628 CVE-2022-22629


    The following vulnerabilities have been discovered in the WPE WebKit web engine:


    CVE-2022-22624


    Kirin discovered that processing maliciously crafted web content

    may lead to arbitrary code execution.


    CVE-2022-22628


    Kirin discovered that Processing maliciously crafted web content

    may lead to arbitrary code execution.


    CVE-2022-22629


    Jeonghoon Shin discovered that processing maliciously crafted web

    content may lead to arbitrary code execution.


    For the stable distribution (bullseye), these problems have been fixed in version 2.36.0-2~deb11u1.


    We recommend that you upgrade your wpewebkit packages.


    For the detailed security status of wpewebkit please refer to its security tracker page at:

    Information on source package wpewebkit


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : xen

    CVE ID : CVE-2022-23033 CVE-2022-23034 CVE-2022-23035 CVE-2022-26356

    CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360

    CVE-2022-26361


    Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks.


    For the stable distribution (bullseye), these problems have been fixed in version 4.14.4+74-gd7b22226b5-1.


    We recommend that you upgrade your xen packages.


    For the detailed security status of xen please refer to its security tracker page at:

    Information on source package xen


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : thunderbird

    CVE ID : CVE-2022-1097 CVE-2022-1196 CVE-2022-1197 CVE-2022-24713

    CVE-2022-28281 CVE-2022-28282 CVE-2022-28285 CVE-2022-28286

    CVE-2022-28289


    Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.


    For the oldstable distribution (buster), these problems have been fixed in version 1:91.8.0-1~deb10u1.


    For the stable distribution (bullseye), these problems have been fixed in version 1:91.8.0-1~deb11u1.


    We recommend that you upgrade your thunderbird packages.


    For the detailed security status of thunderbird please refer to its security tracker page at:

    Information on source package thunderbird


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : subversion

    CVE ID : CVE-2021-28544 CVE-2022-24070


    Several vulnerabilities were discovered in Subversion, a version control system.


    CVE-2021-28544


    Evgeny Kotkov reported that Subversion servers reveal 'copyfrom'

    paths that should be hidden according to configured path-based

    authorization (authz) rules.


    CVE-2022-24070


    Thomas Weissschuh reported that Subversion's mod_dav_svn is prone to

    a use-after-free vulnerability when looking up path-based

    authorization rules, which can result in denial of service (crash of

    HTTPD worker handling the request).


    For the oldstable distribution (buster), these problems have been fixed in version 1.10.4-1+deb10u3.


    For the stable distribution (bullseye), these problems have been fixed in version 1.14.1-3+deb11u1.


    We recommend that you upgrade your subversion packages.


    For the detailed security status of subversion please refer to its security tracker page at:

    Information on source package subversion


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : chromium

    CVE ID : CVE-2022-1305 CVE-2022-1306 CVE-2022-1307 CVE-2022-1308

    CVE-2022-1309 CVE-2022-1310 CVE-2022-1311 CVE-2022-1312

    CVE-2022-1313 CVE-2022-1314


    Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.


    For the stable distribution (bullseye), these problems have been fixed in version 100.0.4896.88-1~deb11u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : chromium

    CVE ID : CVE-2022-1364


    A security issue was discovered in Chromium, which could result in the execution of arbitrary code.


    For the stable distribution (bullseye), this problem has been fixed in version 100.0.4896.127-1~deb11u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : gzip

    CVE ID : CVE-2022-1271

    Debian Bug : 1009168


    cleemy desu wayo reported that incorrect handling of filenames by zgrep in gzip, the GNU compression utilities, can result in overwrite of arbitrary files or execution of arbitrary code if a file with a specially crafted filename is processed.


    For the oldstable distribution (buster), this problem has been fixed in version 1.9-3+deb10u1.


    For the stable distribution (bullseye), this problem has been fixed in version 1.10-4+deb11u1.


    We recommend that you upgrade your gzip packages.


    For the detailed security status of gzip please refer to its security tracker page at:

    Information on source package gzip


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : xz-utils

    CVE ID : CVE-2022-1271

    Debian Bug : 1009167


    cleemy desu wayo reported that incorrect handling of filenames by xzgrep in xz-utils, the XZ-format compression utilities, can result in overwrite of arbitrary files or execution of arbitrary code if a file with a specially crafted filename is processed.


    For the oldstable distribution (buster), this problem has been fixed in version 5.2.4-1+deb10u1.


    For the stable distribution (bullseye), this problem has been fixed in version 5.2.5-2.1~deb11u1.


    We recommend that you upgrade your xz-utils packages.


    For the detailed security status of xz-utils please refer to its security tracker page at:

    Information on source package xz-utils


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/