Debian Security Advisory

    • Neu
    • Offizieller Beitrag

    Package : atril

    CVE ID : CVE-2023-52076


    It was discovered that missing input sanitising in the Atril document viewer could result in writing arbitrary files in the users home directory if a malformed epub document is opened.


    For the oldstable distribution (bullseye), this problem has been fixed in version 1.24.0-1+deb11u1. This update also disables support for comic book archives, mitigating CVE-2023-51698.


    For the stable distribution (bookworm), this problem has been fixed in version 1.26.0-2+deb12u3.


    We recommend that you upgrade your atril packages.


    For the detailed security status of atril please refer to its security tracker page at:

    Information on source package atril


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Neu
    • Offizieller Beitrag

    Package : libreoffice

    CVE ID : CVE-2024-3044


    Amel Bouziane-Leblond discovered that LibreOffice's support for binding scripts to click events on graphics could result in unchecked script execution.


    For the oldstable distribution (bullseye), this problem has been fixed in version 1:7.0.4-4+deb11u9.


    For the stable distribution (bookworm), this problem has been fixed in version 4:7.4.7-1+deb12u2.


    We recommend that you upgrade your libreoffice packages.


    For the detailed security status of libreoffice please refer to its security tracker page at:

    Information on source package libreoffice


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Neu
    • Offizieller Beitrag

    Package : chromium

    CVE ID : CVE-2024-4761


    A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. Google is aware that an exploit for CVE-2024-4761 exists in the wild.


    For the stable distribution (bookworm), this problem has been fixed in version 124.0.6367.207-1~deb12u1.


    We highly recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Neu
    • Offizieller Beitrag

    Package : firefox-esr

    CVE ID : CVE-2024-4367 CVE-2024-4767 CVE-2024-4768 CVE-2024-4769

    CVE-2024-4770 CVE-2024-4777


    Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or clickjacking.


    For the oldstable distribution (bullseye), these problems have been fixed in version 115.11.0esr-1~deb11u1.


    For the stable distribution (bookworm), these problems have been fixed in version 115.11.0esr-1~deb12u1.


    We recommend that you upgrade your firefox-esr packages.


    For the detailed security status of firefox-esr please refer to its security tracker page at:

    Information on source package firefox-esr


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Neu
    • Offizieller Beitrag

    Package : ghostscript

    CVE ID : CVE-2023-52722 CVE-2024-29510 CVE-2024-33869 CVE-2024-33870

    CVE-2024-33871


    Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.


    For the oldstable distribution (bullseye), these problems have been fixed in version 9.53.3~dfsg-7+deb11u7.


    For the stable distribution (bookworm), these problems have been fixed in version 10.0.0~dfsg-11+deb12u4.


    We recommend that you upgrade your ghostscript packages.


    For the detailed security status of ghostscript please refer to its security tracker page at:

    Information on source package ghostscript


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Neu
    • Offizieller Beitrag

    Package : thunderbird

    CVE ID : CVE-2024-4367 CVE-2024-4767 CVE-2024-4768 CVE-2024-4769

    CVE-2024-4770 CVE-2024-4777


    Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.


    For the oldstable distribution (bullseye), these problems have been fixed in version 1:115.11.0-1~deb11u1.


    For the stable distribution (bookworm), these problems have been fixed in version 1:115.11.0-1~deb12u1.


    We recommend that you upgrade your thunderbird packages.


    For the detailed security status of thunderbird please refer to its security tracker page at:

    Information on source package thunderbird


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Neu
    • Offizieller Beitrag

    Package : chromium

    CVE ID : CVE-2024-4947 CVE-2024-4948 CVE-2024-4949 CVE-2024-4950


    Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.


    For the stable distribution (bookworm), these problems have been fixed in version 125.0.6422.60-1~deb12u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Neu
    • Offizieller Beitrag

    Package : webkit2gtk

    CVE ID : CVE-2024-27834


    The following vulnerabilities have been discovered in the WebKitGTK web engine:


    CVE-2024-27834


    Manfred Paul discovered that an attacker with arbitrary read and

    write capability may be able to bypass Pointer Authentication.


    For the oldstable distribution (bullseye), this problem has been fixed in version 2.44.2-1~deb11u1.


    For the stable distribution (bookworm), this problem has been fixed in version 2.44.2-1~deb12u1.


    We recommend that you upgrade your webkit2gtk packages.


    For the detailed security status of webkit2gtk please refer to its security tracker page at:

    Information on source package webkit2gtk


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/