Debian Security Advisory

    • Offizieller Beitrag

    Package : thunderbird

    CVE ID : CVE-2024-8381 CVE-2024-8382 CVE-2024-8383 CVE-2024-8384


    Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.


    For the stable distribution (bookworm), these problems have been fixed in version 1:115.15.0-1~deb12u1.


    We recommend that you upgrade your thunderbird packages.


    For the detailed security status of thunderbird please refer to its security tracker page at:

    Information on source package thunderbird


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : chromium

    CVE ID : CVE-2024-8636 CVE-2024-8637 CVE-2024-8638 CVE-2024-8639


    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.


    For the stable distribution (bookworm), these problems have been fixed in version 128.0.6613.137-1~deb12u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : git

    CVE ID : CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 CVE-2024-32002

    CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465

    Debian Bug : 1034835 1071160


    Multiple issues were found in Git, a fast, scalable, distributed revision control system, which may result in file overwrites outside the repository, arbitrary configuration injection or arbitrary code execution.


    For the stable distribution (bookworm), these problems have been fixed in version 1:2.39.5-0+deb12u1.


    We recommend that you upgrade your git packages.


    For the detailed security status of git please refer to its security tracker page at:

    Information on source package git


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : expat

    CVE ID : CVE-2024-45490 CVE-2024-45491 CVE-2024-45492


    Shang-Hung Wan discovered multiple vulnerabilities in the Expat XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code.


    For the stable distribution (bookworm), these problems have been fixed in version 2.5.0-1+deb12u1.


    We recommend that you upgrade your expat packages.


    For the detailed security status of expat please refer to its security tracker page at:

    Information on source package expat


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : php-twig

    CVE ID : CVE-2024-45411


    Fabien Potencier discovered that under some conditions the sandbox mechanism of Twig, a template engine for PHP, could by bypassed.


    For the stable distribution (bookworm), this problem has been fixed in version 3.5.1-1+deb12u1.


    We recommend that you upgrade your php-twig packages.


    For the detailed security status of php-twig please refer to its security tracker page at:

    Information on source package php-twig


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : libreoffice

    CVE ID : CVE-2024-7788


    Yufan You discovered that Libreoffice's handling of documents based on ZIP archives was suspectible to spoofing attacks when the repair mode attempts to address a malformed archive structure.


    For additional information please refer to https://www.libreoffice.org/about-us/secur…/cve-2024-7788/


    For the stable distribution (bookworm), this problem has been fixed in version 4:7.4.7-1+deb12u5.


    We recommend that you upgrade your libreoffice packages.


    For the detailed security status of libreoffice please refer to its security tracker page at:

    Information on source package libreoffice


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : chromium

    CVE ID : CVE-2024-8904 CVE-2024-8905 CVE-2024-8906 CVE-2024-8907

    CVE-2024-8908 CVE-2024-8909


    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.


    For the stable distribution (bookworm), these problems have been fixed in version 129.0.6668.58-1~deb12u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : ruby-saml

    CVE ID : CVE-2024-45409

    Debian Bug : 1081560


    It was discovered that ruby-saml, a SAML library implementing the client side of a SAML authorization, does not properly verify the signature of the SAML Response, which could result in bypass of authentication in an application using the ruby-saml library.


    For the stable distribution (bookworm), this problem has been fixed in version 1.13.0-1+deb12u1.


    We recommend that you upgrade your ruby-saml packages.


    For the detailed security status of ruby-saml please refer to its security tracker page at:

    Information on source package ruby-saml


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : chromium

    CVE ID : CVE-2024-9120 CVE-2024-9121 CVE-2024-9122 CVE-2024-9123


    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.


    For the stable distribution (bookworm), these problems have been fixed in version 129.0.6668.70-1~deb12u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : tryton-server

    CVE ID : not yet available


    Albert Cervera discovered two missing authorisation checks in the Tryton application platform.


    For the stable distribution (bookworm), this problem has been fixed in version 6.0.29-2+deb12u3.


    We recommend that you upgrade your tryton-server packages.


    For the detailed security status of tryton-server please refer to its security tracker page at:

    Information on source package tryton-server


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : booth

    CVE ID : CVE-2024-3049


    It was discovered that the Booth cluster ticket manager failed to correctly validate some authentication hashes.


    For the stable distribution (bookworm), this problem has been fixed in version 1.0-283-g9d4029a-2+deb12u1.


    We recommend that you upgrade your booth packages.


    For the detailed security status of booth please refer to its security tracker page at:

    Information on source package booth


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : cups-filters

    CVE ID : CVE-2024-47076 CVE-2024-47176

    Debian Bug : 1082820 1082827


    Simone Margaritelli reported several vulnerabilities in cups-filters.

    Missing validation of IPP attributes returned from an IPP server and multiple bugs in the cups-browsed component can result in the execution of arbitrary commands without authentication when a print job is started.


    For the stable distribution (bookworm), these problems have been fixed in version 1.28.17-3+deb12u1.


    We recommend that you upgrade your cups-filters packages.


    For the detailed security status of cups-filters please refer to its security tracker page at:

    Information on source package cups-filters


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : cups

    CVE ID : CVE-2024-47175


    Simone Margaritelli reported that cups, the Common UNIX Printing System, does not properly sanitize IPP attributes when creating PPD files, which may result in the execution of arbitrary code.


    For the stable distribution (bookworm), this problem has been fixed in version 2.4.2-3+deb12u8.


    We recommend that you upgrade your cups packages.


    For the detailed security status of cups please refer to its security tracker page at:

    Information on source package cups


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in incorrect parsing of multipart/form-data, bypass of the cgi.force_direct directive or incorrect logging.


    For the stable distribution (bookworm), these problems have been fixed in version 8.2.24-1~deb12u1.


    We recommend that you upgrade your php8.2 packages.


    For the detailed security status of php8.2 please refer to its security tracker page at:

    Information on source package php8.2


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : chromium

    CVE ID : CVE-2024-7025 CVE-2024-9369 CVE-2024-9370


    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.


    For the stable distribution (bookworm), these problems have been fixed in version 129.0.6668.89-1~deb12u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : linux

    CVE ID : CVE-2023-31083 CVE-2024-27017 CVE-2024-35937 CVE-2024-35943

    CVE-2024-35966 CVE-2024-40972 CVE-2024-41016 CVE-2024-41096

    CVE-2024-41098 CVE-2024-42228 CVE-2024-42314 CVE-2024-43835

    CVE-2024-43859 CVE-2024-43884 CVE-2024-43892 CVE-2024-44931

    CVE-2024-44938 CVE-2024-44939 CVE-2024-44940 CVE-2024-44946

    CVE-2024-44947 CVE-2024-44974 CVE-2024-44977 CVE-2024-44982

    CVE-2024-44983 CVE-2024-44985 CVE-2024-44986 CVE-2024-44987

    CVE-2024-44988 CVE-2024-44989 CVE-2024-44990 CVE-2024-44991

    CVE-2024-44995 CVE-2024-44998 CVE-2024-44999 CVE-2024-45000

    CVE-2024-45002 CVE-2024-45003 CVE-2024-45006 CVE-2024-45007

    CVE-2024-45008 CVE-2024-45009 CVE-2024-45010 CVE-2024-45011

    CVE-2024-45016 CVE-2024-45018 CVE-2024-45019 CVE-2024-45021

    CVE-2024-45022 CVE-2024-45025 CVE-2024-45026 CVE-2024-45028

    CVE-2024-45029 CVE-2024-46673 CVE-2024-46674 CVE-2024-46675

    CVE-2024-46676 CVE-2024-46677 CVE-2024-46679 CVE-2024-46685

    CVE-2024-46686 CVE-2024-46689 CVE-2024-46694 CVE-2024-46702

    CVE-2024-46707 CVE-2024-46711 CVE-2024-46713 CVE-2024-46714

    CVE-2024-46715 CVE-2024-46716 CVE-2024-46717 CVE-2024-46719

    CVE-2024-46720 CVE-2024-46721 CVE-2024-46722 CVE-2024-46723

    CVE-2024-46724 CVE-2024-46725 CVE-2024-46726 CVE-2024-46731

    CVE-2024-46732 CVE-2024-46734 CVE-2024-46735 CVE-2024-46737

    CVE-2024-46738 CVE-2024-46739 CVE-2024-46740 CVE-2024-46743

    CVE-2024-46744 CVE-2024-46745 CVE-2024-46746 CVE-2024-46747

    CVE-2024-46750 CVE-2024-46752 CVE-2024-46755 CVE-2024-46756

    CVE-2024-46757 CVE-2024-46758 CVE-2024-46759 CVE-2024-46761

    CVE-2024-46763 CVE-2024-46770 CVE-2024-46771 CVE-2024-46773

    CVE-2024-46777 CVE-2024-46780 CVE-2024-46781 CVE-2024-46782

    CVE-2024-46783 CVE-2024-46784 CVE-2024-46791 CVE-2024-46794

    CVE-2024-46795 CVE-2024-46798 CVE-2024-46800 CVE-2024-46802

    CVE-2024-46804 CVE-2024-46805 CVE-2024-46807 CVE-2024-46810

    CVE-2024-46812 CVE-2024-46814 CVE-2024-46815 CVE-2024-46817

    CVE-2024-46818 CVE-2024-46819 CVE-2024-46821 CVE-2024-46822

    CVE-2024-46826 CVE-2024-46828 CVE-2024-46829 CVE-2024-46830

    CVE-2024-46832 CVE-2024-46835 CVE-2024-46836 CVE-2024-46840

    CVE-2024-46844 CVE-2024-46846 CVE-2024-46848 CVE-2024-46849

    CVE-2024-46852 CVE-2024-46853 CVE-2024-46854 CVE-2024-46855

    CVE-2024-46857 CVE-2024-46858 CVE-2024-46859 CVE-2024-46865


    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.


    For the stable distribution (bookworm), these problems have been fixed in version 6.1.112-1.


    We recommend that you upgrade your linux packages.


    For the detailed security status of linux please refer to its security tracker page at:

    Information on source package linux


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : firefox-esr

    CVE ID : CVE-2024-9392 CVE-2024-9393 CVE-2024-9394 CVE-2024-9401


    Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.


    Debian follows the extended support releases (ESR) of Firefox.

    Starting with this update we're now following the 128.x releases.


    Between 115.x and 128.x, Firefox has seen a number of feature updates. For more information please refer to https://www.mozilla.org/en-US/firefox/128.0esr/releasenotes/


    For the stable distribution (bookworm), these problems have been fixed in version 128.3.0esr-1~deb12u1.


    We recommend that you upgrade your firefox-esr packages.


    For the detailed security status of firefox-esr please refer to its security tracker page at:

    Information on source package firefox-esr


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : oath-toolkit

    CVE ID : CVE-2024-47191


    Fabian Vogt reported that the PAM module in oath-toolkit, a collection of components to build one-time password authentication systems, does not safely perform file operations in users's home directories when using the usersfile feature (allowing to place the OTP state in the home directory of the to-be-authenticated user). A local user can take advantage of this flaw for root privilege escalation.


    For the stable distribution (bookworm), this problem has been fixed in version 2.6.7-3.1+deb12u1.


    We recommend that you upgrade your oath-toolkit packages.


    For the detailed security status of oath-toolkit please refer to its security tracker page at:

    Information on source package oath-toolkit


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : mediawiki

    CVE ID : CVE-2024-47913


    Dom Walden discovered that the AbuseFilter extension in MediaWiki, a website engine for collaborative work, performed incomplete authorisation checks.


    For the stable distribution (bookworm), this problem has been fixed in version 1:1.39.10-1~deb12u1.


    We recommend that you upgrade your mediawiki packages.


    For the detailed security status of mediawiki please refer to its security tracker page at:

    Information on source package mediawiki


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Offizieller Beitrag

    Package : libgsf

    CVE ID : CVE-2024-36474 CVE-2024-42415

    Debian Bug : 1084056


    Integer overflows flaws were discovered in the Compound Document Binary File format parser of libgsf, the GNOME Project G Structured File Library, which could result in the execution of arbitrary code if a specially crafted file is processed.


    For the stable distribution (bookworm), these problems have been fixed in version 1.14.50-1+deb12u1.


    We recommend that you upgrade your libgsf packages.


    For the detailed security status of libgsf please refer to its security tracker page at:

    Information on source package libgsf


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/