Debian Security Advisory

    • Offizieller Beitrag

    Package : guix

    CVE ID : CVE-2024-27297


    It was discovered that insufficient restriction of unix daemon sockets in the GNU Guix functional package manager could result in sandbox bypass.


    For the oldstable distribution (bullseye), this problem has been fixed in version 1.2.0-4+deb11u2.


    For the stable distribution (bookworm), this problem has been fixed in version 1.4.0-3+deb12u1.


    We recommend that you upgrade your guix packages.


    For the detailed security status of guix please refer to its security tracker page at:

    Information on source package guix


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : thunderbird

    CVE ID : CVE-2024-2609 CVE-2024-3302 CVE-2024-3852 CVE-2024-3854

    CVE-2024-3857 CVE-2024-3859 CVE-2024-3861 CVE-2024-3864


    Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.


    For the oldstable distribution (bullseye), this problem has been fixed in version 1:115.10.1-1~deb11u1.


    For the stable distribution (bookworm), this problem has been fixed in version 1:115.10.1-1~deb12u1.


    We recommend that you upgrade your thunderbird packages.


    For the detailed security status of thunderbird please refer to its security tracker page at:

    Information on source package thunderbird


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : openjdk-11

    CVE ID : CVE-2024-21011 CVE-2024-21012 CVE-2024-21068 CVE-2024-21085

    CVE-2024-21094


    Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure.


    For the oldstable distribution (bullseye), these problems have been fixed in version 11.0.23+9-1~deb11u1.


    We recommend that you upgrade your openjdk-11 packages.


    For the detailed security status of openjdk-11 please refer to its security tracker page at:

    Information on source package openjdk-11


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : openjdk-17

    CVE ID : CVE-2024-21011 CVE-2024-21012 CVE-2024-21068 CVE-2024-21094


    Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure.


    For the oldstable distribution (bullseye), these problems have been fixed in version 17.0.11+9-1~deb11u1.


    For the stable distribution (bookworm), these problems have been fixed in version 17.0.11+9-1~deb12u1.


    We recommend that you upgrade your openjdk-17 packages.


    For the detailed security status of openjdk-17 please refer to its security tracker page at:

    Information on source package openjdk-17


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : glibc

    CVE ID : CVE-2024-2961

    Debian Bug : 1069191


    Charles Fol discovered that the iconv() function in the GNU C library is prone to a buffer overflow vulnerability when converting strings to the ISO-2022-CN-EXT character set, which may lead to denial of service (application crash) or the execution of arbitrary code.


    For the oldstable distribution (bullseye), this problem has been fixed in version 2.31-13+deb11u9.


    For the stable distribution (bookworm), this problem has been fixed in version 2.36-9+deb12u6.


    We recommend that you upgrade your glibc packages.


    For the detailed security status of glibc please refer to its security tracker page at:

    Information on source package glibc


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : pdns-recursor

    CVE ID : CVE-2024-25583


    It was discovered that PDNS Recursor, a resolving name server, was susceptible to denial of service if recursive forwarding is configured.


    For the stable distribution (bookworm), this problem has been fixed in version 4.8.8-1.


    We recommend that you upgrade your pdns-recursor packages.


    For the detailed security status of pdns-recursor please refer to its security tracker page at:

    Information on source package pdns-recursor


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : chromium

    CVE ID : CVE-2024-4058 CVE-2024-4059 CVE-2024-4060


    Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.


    For the stable distribution (bookworm), these problems have been fixed in version 124.0.6367.78-1~deb12u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : chromium

    CVE ID : CVE-2024-4331 CVE-2024-4368


    Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.


    For the stable distribution (bookworm), these problems have been fixed in version 124.0.6367.118-1~deb12u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : ruby3.1

    CVE ID : CVE-2024-27280 CVE-2024-27281 CVE-2024-27282


    Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in information disclosure, denial of service or the execution of arbitrary code.


    For the stable distribution (bookworm), these problems have been fixed in version 3.1.2-7+deb12u1.


    We recommend that you upgrade your ruby3.1 packages.


    For the detailed security status of ruby3.1 please refer to its security tracker page at:

    Information on source package ruby3.1


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : glibc

    CVE ID : CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602


    Several vulnerabilities were discovered in nscd, the Name Service Cache Daemon in the GNU C library which may lead to denial of service or the execution of arbitrary code.


    For the oldstable distribution (bullseye), these problems have been fixed in version 2.31-13+deb11u10.


    For the stable distribution (bookworm), these problems have been fixed in version 2.36-9+deb12u7.


    We recommend that you upgrade your glibc packages.


    For the detailed security status of glibc please refer to its security tracker page at:

    Information on source package glibc


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : less

    CVE ID : CVE-2022-48624 CVE-2024-32487

    Debian Bug : 1064293 1068938 1069681


    Several vulnerabilities were discovered in less, a file pager, which may result in the execution of arbitrary commands if a file with a specially crafted file name is processed.


    For the oldstable distribution (bullseye), these problems have been fixed in version 551-2+deb11u2.


    For the stable distribution (bookworm), these problems have been fixed in version 590-2.1~deb12u2.


    We recommend that you upgrade your less packages.


    For the detailed security status of less please refer to its security tracker page at:

    Information on source package less


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : linux

    CVE ID : CVE-2024-26605 CVE-2024-26817 CVE-2024-26922 CVE-2024-26923

    CVE-2024-26924 CVE-2024-26925 CVE-2024-26926 CVE-2024-26936

    CVE-2024-26939 CVE-2024-26980 CVE-2024-26981 CVE-2024-26983

    CVE-2024-26984 CVE-2024-26987 CVE-2024-26988 CVE-2024-26989

    CVE-2024-26992 CVE-2024-26993 CVE-2024-26994 CVE-2024-26996

    CVE-2024-26997 CVE-2024-26999 CVE-2024-27000 CVE-2024-27001

    CVE-2024-27002 CVE-2024-27003 CVE-2024-27004 CVE-2024-27008

    CVE-2024-27009 CVE-2024-27013 CVE-2024-27014 CVE-2024-27015

    CVE-2024-27016 CVE-2024-27018 CVE-2024-27019 CVE-2024-27020

    CVE-2024-27022


    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.


    For the stable distribution (bookworm), these problems have been fixed in version 6.1.90-1.


    We recommend that you upgrade your linux packages.


    For the detailed security status of linux please refer to its security tracker page at:

    Information on source package linux


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : linux

    CVE ID : CVE-2023-6270 CVE-2023-7042 CVE-2023-28746 CVE-2023-47233

    CVE-2023-52429 CVE-2023-52434 CVE-2023-52435 CVE-2023-52447

    CVE-2023-52458 CVE-2023-52482 CVE-2023-52486 CVE-2023-52488

    CVE-2023-52489 CVE-2023-52491 CVE-2023-52492 CVE-2023-52493

    CVE-2023-52497 CVE-2023-52498 CVE-2023-52583 CVE-2023-52587

    CVE-2023-52594 CVE-2023-52595 CVE-2023-52597 CVE-2023-52598

    CVE-2023-52599 CVE-2023-52600 CVE-2023-52601 CVE-2023-52602

    CVE-2023-52603 CVE-2023-52604 CVE-2023-52606 CVE-2023-52607

    CVE-2023-52614 CVE-2023-52615 CVE-2023-52616 CVE-2023-52617

    CVE-2023-52618 CVE-2023-52619 CVE-2023-52620 CVE-2023-52622

    CVE-2023-52623 CVE-2023-52627 CVE-2023-52635 CVE-2023-52637

    CVE-2023-52642 CVE-2023-52644 CVE-2023-52650 CVE-2024-0340

    CVE-2024-0565 CVE-2024-0607 CVE-2024-0841 CVE-2024-1151

    CVE-2024-22099 CVE-2024-23849 CVE-2024-23850 CVE-2024-23851

    CVE-2024-24857 CVE-2024-24858 CVE-2024-24861 CVE-2024-26581

    CVE-2024-26593 CVE-2024-26600 CVE-2024-26601 CVE-2024-26602

    CVE-2024-26606 CVE-2024-26610 CVE-2024-26614 CVE-2024-26615

    CVE-2024-26622 CVE-2024-26625 CVE-2024-26627 CVE-2024-26635

    CVE-2024-26636 CVE-2024-26640 CVE-2024-26641 CVE-2024-26642

    CVE-2024-26643 CVE-2024-26644 CVE-2024-26645 CVE-2024-26651

    CVE-2024-26654 CVE-2024-26659 CVE-2024-26663 CVE-2024-26664

    CVE-2024-26665 CVE-2024-26671 CVE-2024-26673 CVE-2024-26675

    CVE-2024-26679 CVE-2024-26684 CVE-2024-26685 CVE-2024-26687

    CVE-2024-26688 CVE-2024-26689 CVE-2024-26695 CVE-2024-26696

    CVE-2024-26697 CVE-2024-26698 CVE-2024-26702 CVE-2024-26704

    CVE-2024-26707 CVE-2024-26712 CVE-2024-26720 CVE-2024-26722

    CVE-2024-26727 CVE-2024-26733 CVE-2024-26735 CVE-2024-26736

    CVE-2024-26743 CVE-2024-26744 CVE-2024-26747 CVE-2024-26748

    CVE-2024-26749 CVE-2024-26751 CVE-2024-26752 CVE-2024-26753

    CVE-2024-26754 CVE-2024-26763 CVE-2024-26764 CVE-2024-26766

    CVE-2024-26771 CVE-2024-26772 CVE-2024-26773 CVE-2024-26776

    CVE-2024-26777 CVE-2024-26778 CVE-2024-26779 CVE-2024-26781

    CVE-2024-26782 CVE-2024-26787 CVE-2024-26788 CVE-2024-26790

    CVE-2024-26791 CVE-2024-26793 CVE-2024-26795 CVE-2024-26801

    CVE-2024-26804 CVE-2024-26805 CVE-2024-26808 CVE-2024-26809

    CVE-2024-26810 CVE-2024-26812 CVE-2024-26813 CVE-2024-26814

    CVE-2024-26816 CVE-2024-26817 CVE-2024-26820 CVE-2024-26825

    CVE-2024-26833 CVE-2024-26835 CVE-2024-26839 CVE-2024-26840

    CVE-2024-26843 CVE-2024-26845 CVE-2024-26846 CVE-2024-26848

    CVE-2024-26851 CVE-2024-26852 CVE-2024-26855 CVE-2024-26857

    CVE-2024-26859 CVE-2024-26861 CVE-2024-26862 CVE-2024-26863

    CVE-2024-26870 CVE-2024-26872 CVE-2024-26874 CVE-2024-26875

    CVE-2024-26877 CVE-2024-26878 CVE-2024-26880 CVE-2024-26882

    CVE-2024-26883 CVE-2024-26884 CVE-2024-26885 CVE-2024-26889

    CVE-2024-26891 CVE-2024-26894 CVE-2024-26895 CVE-2024-26897

    CVE-2024-26898 CVE-2024-26901 CVE-2024-26903 CVE-2024-26906

    CVE-2024-26907 CVE-2024-26910 CVE-2024-26917 CVE-2024-26920

    CVE-2024-26922 CVE-2024-26923 CVE-2024-26924 CVE-2024-26925

    CVE-2024-26926 CVE-2024-26931 CVE-2024-26934 CVE-2024-26935

    CVE-2024-26937 CVE-2024-26950 CVE-2024-26951 CVE-2024-26955

    CVE-2024-26956 CVE-2024-26957 CVE-2024-26958 CVE-2024-26960

    CVE-2024-26961 CVE-2024-26965 CVE-2024-26966 CVE-2024-26969

    CVE-2024-26970 CVE-2024-26973 CVE-2024-26974 CVE-2024-26976

    CVE-2024-26978 CVE-2024-26979 CVE-2024-26981 CVE-2024-26984

    CVE-2024-26988 CVE-2024-26993 CVE-2024-26994 CVE-2024-26997

    CVE-2024-26999 CVE-2024-27000 CVE-2024-27001 CVE-2024-27004

    CVE-2024-27008 CVE-2024-27013 CVE-2024-27020 CVE-2024-27024

    CVE-2024-27025 CVE-2024-27028 CVE-2024-27030 CVE-2024-27038

    CVE-2024-27043 CVE-2024-27044 CVE-2024-27045 CVE-2024-27046

    CVE-2024-27047 CVE-2024-27051 CVE-2024-27052 CVE-2024-27053

    CVE-2024-27059 CVE-2024-27065 CVE-2024-27073 CVE-2024-27074

    CVE-2024-27075 CVE-2024-27076 CVE-2024-27077 CVE-2024-27078

    CVE-2024-27388 CVE-2024-27437


    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.


    For the oldstable distribution (bullseye), these problems have been fixed in version 5.10.216-1.


    We recommend that you upgrade your linux packages.


    For the detailed security status of linux please refer to its security tracker page at:

    Information on source package linux


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : glib2.0

    CVE ID : CVE-2024-34397


    Alicia Boya Garcia reported that the GDBus signal subscriptions in the GLib library are prone to a spoofing vulnerability. A local attacker can take advantage of this flaw to cause a GDBus-based client to behave incorrectly, with an application-dependent impact.


    gnome-shell is updated along with this update to avoid a screencast regression after fixing CVE-2024-34397.


    For the oldstable distribution (bullseye), this problem has been fixed in version 2.66.8-1+deb11u2.


    For the stable distribution (bookworm), this problem has been fixed in version 2.74.6-2+deb12u1.


    We recommend that you upgrade your glib2.0 packages.


    For the detailed security status of glib2.0 please refer to its security tracker page at:

    Information on source package glib2.0


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : chromium

    CVE ID : CVE-2024-4558 CVE-2024-4559


    Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.


    For the stable distribution (bookworm), these problems have been fixed in version 124.0.6367.155-1~deb12u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : wordpress

    CVE ID : CVE-2023-2745 CVE-2023-5561 CVE-2023-38000 CVE-2023-39999

    CVE-2024-31210

    Debian Bug : 1036296


    Several security vulnerabilities have been discovered in Wordpress, a popular content management framework, which may lead to exposure of sensitive information to an unauthorized actor in WordPress or allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack.


    Furthermore this update resolves a possible cross-site-scripting vulnerability, a PHP File Upload bypass via the plugin installer and a possible remote code execution vulnerability which requires an attacker to control all the properties of a deserialized object though.


    For the oldstable distribution (bullseye), these problems have been fixed in version 5.7.11+dfsg1-0+deb11u1.


    For the stable distribution (bookworm), these problems have been fixed in version 6.1.6+dfsg1-0+deb12u1.


    We recommend that you upgrade your wordpress packages.


    For the detailed security status of wordpress please refer to its security tracker page at:

    Information on source package wordpress


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : glib2.0

    Debian Bug : 1070730 1070736 1070743 1070745 1070749 1070752


    The update for glib2.0 released as DSA 5682-1 caused a regression in ibus affecting text entry with non-trivial input methods. Updated

    glib2.0 packages are available to correct this issue.


    For the oldstable distribution (bullseye), this problem has been fixed in version 2.66.8-1+deb11u3.


    For the stable distribution (bookworm), this problem has been fixed in version 2.74.6-2+deb12u2.


    We recommend that you upgrade your glib2.0 packages.


    For the detailed security status of glib2.0 please refer to its security tracker page at:

    Information on source package glib2.0


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : webkit2gtk

    CVE ID : CVE-2023-42843 CVE-2023-42950 CVE-2023-42956 CVE-2024-23252

    CVE-2024-23254 CVE-2024-23263 CVE-2024-23280 CVE-2024-23284


    The following vulnerabilities have been discovered in the WebKitGTK web engine:


    CVE-2023-42843


    Kacper Kwapisz discovered that visiting a malicious website may

    lead to address bar spoofing.


    CVE-2023-42950


    Nan Wang and Rushikesh Nandedkar discovered that processing

    maliciously crafted web content may lead to arbitrary code

    execution.


    CVE-2023-42956


    SungKwon Lee discovered that processing web content may lead to a

    denial-of-service.


    CVE-2024-23252


    anbu1024 discovered that processing web content may lead to a

    denial-of-service.


    CVE-2024-23254


    James Lee discovered that a malicious website may exfiltrate audio

    data cross-origin.


    CVE-2024-23263


    Johan Carlsson discovered that processing maliciously crafted web

    content may prevent Content Security Policy from being enforced.


    CVE-2024-23280


    An anonymous researcher discovered that a maliciously crafted

    webpage may be able to fingerprint the user.


    CVE-2024-23284


    Georg Felber and Marco Squarcina discovered that processing

    maliciously crafted web content may prevent Content Security

    Policy from being enforced.


    For the oldstable distribution (bullseye), these problems have been fixed in version 2.44.1-1~deb11u1.


    For the stable distribution (bookworm), these problems have been fixed in version 2.44.1-1~deb12u1.


    We recommend that you upgrade your webkit2gtk packages.


    For the detailed security status of webkit2gtk please refer to its security tracker page at:

    Information on source package webkit2gtk


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : dav1d

    CVE ID : CVE-2024-1580


    Nick Galloway discovered an integer overflow in dav1d, a fast and small

    AV1 video stream decoder which could result in memory corruption.


    For the oldstable distribution (bullseye), this problem has been fixed in version 0.7.1-3+deb11u1.


    For the stable distribution (bookworm), this problem has been fixed in version 1.0.0-2+deb12u1.


    We recommend that you upgrade your dav1d packages.


    For the detailed security status of dav1d please refer to its security tracker page at:

    Information on source package dav1d


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : chromium

    CVE ID : CVE-2024-4671


    A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. Google is aware that an exploit for CVE-2024-4671 exists in the wild.


    For the stable distribution (bookworm), this problem has been fixed in version 124.0.6367.201-1~deb12u1.


    We highly recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/