Debian Security Advisory

    • Neu
    • Offizieller Beitrag

    Package : libarchive

    CVE ID : CVE-2024-20696

    Debian Bug : 1086155


    A heap-based out-of-bounds write vulnerability was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed.


    For the stable distribution (bookworm), this problem has been fixed in version 3.6.2-1+deb12u2.


    We recommend that you upgrade your libarchive packages.


    For the detailed security status of libarchive please refer to its security tracker page at:

    Information on source package libarchive


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Neu
    • Offizieller Beitrag

    Package : nss

    CVE ID : CVE-2024-0743 CVE-2024-6602 CVE-2024-6609


    Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or potentially the execution of arbitary code.


    For the stable distribution (bookworm), these problems have been fixed in version 2:3.87.1-1+deb12u1.


    We recommend that you upgrade your nss packages.


    For the detailed security status of nss please refer to its security tracker page at:

    Information on source package nss


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Neu
    • Offizieller Beitrag

    Package : ghostscript

    CVE ID : CVE-2024-46951 CVE-2024-46952 CVE-2024-46953 CVE-2024-46955

    CVE-2024-46956


    Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.


    For the stable distribution (bookworm), these problems have been fixed in version 10.0.0~dfsg-11+deb12u6.


    We recommend that you upgrade your ghostscript packages.


    For the detailed security status of ghostscript please refer to its security tracker page at:

    Information on source package ghostscript


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Neu
    • Offizieller Beitrag

    Package : symfony

    CVE ID : CVE-2024-50340 CVE-2024-50342 CVE-2024-50343 CVE-2024-50345


    Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to privilege escalation, information disclosure, incorrect validation or an open redirect.


    For the stable distribution (bookworm), these problems have been fixed in version 5.4.23+dfsg-1+deb12u3.


    We recommend that you upgrade your symfony packages.


    For the detailed security status of symfony please refer to its security tracker page at:

    Information on source package symfony


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Neu
    • Offizieller Beitrag

    Package : mpg123

    CVE ID : CVE-2024-10573

    Debian Bug : 1086443


    An out-of-bounds write vulnerability when handling crafted streams was discovered in mpg123, a real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2 and 3, which could result in the execution of arbitrary code.


    For the stable distribution (bookworm), this problem has been fixed in version 1.31.2-1+deb12u1.


    We recommend that you upgrade your mpg123 packages.


    For the detailed security status of mpg123 please refer to its security tracker page at:

    Information on source package mpg123


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Neu
    • Offizieller Beitrag

    Package : chromium

    CVE ID : CVE-2024-10826 CVE-2024-10827


    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.


    For the stable distribution (bookworm), these problems have been fixed in version 130.0.6723.116-1~deb12u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Neu
    • Offizieller Beitrag

    Package : postgresql-15

    CVE ID : CVE-2024-10976 CVE-2024-10977 CVE-2024-10978 CVE-2024-10979


    Multiple security issues were discovered in PostgreSQL, which may result in the execution of arbitrary code, privilege escalation or log manipulation.


    For the stable distribution (bookworm), these problems have been fixed in version 15.9-0+deb12u1.


    We recommend that you upgrade your postgresql-15 packages.


    For the detailed security status of postgresql-15 please refer to its security tracker page at:

    Information on source package postgresql-15


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Neu
    • Offizieller Beitrag

    Package : symfony

    CVE ID : CVE-2024-51996


    Moritz Rauch discovered that the Symfony PHP framework implemented persisted remember-me cookies incorrectly, which could result in authentication bypass.


    For the stable distribution (bookworm), this problem has been fixed in version 5.4.23+dfsg-1+deb12u4.


    We recommend that you upgrade your symfony packages.


    For the detailed security status of symfony please refer to its security tracker page at:

    Information on source package symfony


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Neu
    • Offizieller Beitrag

    Package : thunderbird

    CVE ID : CVE-2024-11159


    A security issue was discovered in Thunderbird, which could result in the disclosure of OpenPGP encrypted messages.


    For the stable distribution (bookworm), this problem has been fixed in version 1:128.4.3esr-1~deb12u1.


    We recommend that you upgrade your thunderbird packages.


    For the detailed security status of thunderbird please refer to its security tracker page at:

    Information on source package thunderbird


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Neu
    • Offizieller Beitrag

    Package : needrestart

    CVE ID : CVE-2024-11003 CVE-2024-48990 CVE-2024-48991 CVE-2024-48992


    The Qualys Threat Research Unit discovered several local privilege escalation vulnerabilities in needrestart, a utility to check which daemons need to be restarted after library upgrades. A local attacker can execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable (CVE-2024-48990) or running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable (CVE-2024-48992). Additionally a local attacker can trick needrestart into running a fake Python interpreter (CVE-2024-48991) or cause needrestart to call the Perl module Module::ScanDeps with attacker-controlled files (CVE-2024-11003).


    Details can be found in the Qualys advisory at https://www.qualys.com/2024/11/19/nee…needrestart.txt


    For the stable distribution (bookworm), these problems have been fixed in version 3.6-4+deb12u2.


    We recommend that you upgrade your needrestart packages.


    For the detailed security status of needrestart please refer to its security tracker page at:

    Information on source package needrestart


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Neu
    • Offizieller Beitrag

    Package : libmodule-scandeps-perl

    CVE ID : CVE-2024-10224


    The Qualys Threat Research Unit discovered that libmodule-scandeps-perl, a Perl module to recursively scan Perl code for dependencies, allows an attacker to execute arbitrary shell commands via specially crafted file names.


    Details can be found in the Qualys advisory at https://www.qualys.com/2024/11/19/nee…needrestart.txt


    For the stable distribution (bookworm), this problem has been fixed in version 1.31-2+deb12u1.


    We recommend that you upgrade your libmodule-scandeps-perl packages.


    For the detailed security status of libmodule-scandeps-perl please refer to its security tracker page at:

    Information on source package libmodule-scandeps-perl


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Neu
    • Offizieller Beitrag

    Package : chromium

    CVE ID : CVE-2024-11110 CVE-2024-11111 CVE-2024-11112 CVE-2024-11113

    CVE-2024-11114 CVE-2024-11115 CVE-2024-11116 CVE-2024-11117

    CVE-2024-11395


    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.


    For the stable distribution (bookworm), these problems have been fixed in version 131.0.6778.85-1~deb12u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Neu
    • Offizieller Beitrag

    Package : linux

    CVE ID : CVE-2022-45888 CVE-2023-52812 CVE-2024-26952 CVE-2024-26954

    CVE-2024-35964 CVE-2024-36244 CVE-2024-36478 CVE-2024-36914

    CVE-2024-36915 CVE-2024-36923 CVE-2024-38540 CVE-2024-38553

    CVE-2024-41080 CVE-2024-42322 CVE-2024-43868 CVE-2024-43904

    CVE-2024-43911 CVE-2024-44949 CVE-2024-49950 CVE-2024-49960

    CVE-2024-49974 CVE-2024-49986 CVE-2024-49991 CVE-2024-50012

    CVE-2024-50036 CVE-2024-50067 CVE-2024-50072 CVE-2024-50126

    CVE-2024-50215 CVE-2024-50218 CVE-2024-50228 CVE-2024-50229

    CVE-2024-50230 CVE-2024-50232 CVE-2024-50233 CVE-2024-50234

    CVE-2024-50235 CVE-2024-50236 CVE-2024-50237 CVE-2024-50242

    CVE-2024-50243 CVE-2024-50244 CVE-2024-50245 CVE-2024-50247

    CVE-2024-50249 CVE-2024-50250 CVE-2024-50251 CVE-2024-50252

    CVE-2024-50255 CVE-2024-50256 CVE-2024-50257 CVE-2024-50259

    CVE-2024-50261 CVE-2024-50262 CVE-2024-50264 CVE-2024-50265

    CVE-2024-50267 CVE-2024-50268 CVE-2024-50269 CVE-2024-50271

    CVE-2024-50272 CVE-2024-50273 CVE-2024-50276 CVE-2024-50278

    CVE-2024-50279 CVE-2024-50280 CVE-2024-50282 CVE-2024-50283

    CVE-2024-50284 CVE-2024-50286 CVE-2024-50287 CVE-2024-50290

    CVE-2024-50292 CVE-2024-50295 CVE-2024-50296 CVE-2024-50299

    CVE-2024-50301 CVE-2024-50302 CVE-2024-53042 CVE-2024-53043

    CVE-2024-53052 CVE-2024-53054 CVE-2024-53055 CVE-2024-53057

    CVE-2024-53058 CVE-2024-53059 CVE-2024-53060 CVE-2024-53061

    CVE-2024-53063 CVE-2024-53066 CVE-2024-53070 CVE-2024-53072

    CVE-2024-53081 CVE-2024-53082 CVE-2024-53088 CVE-2024-53093


    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.


    For the stable distribution (bookworm), these problems have been fixed in version 6.1.119-1.


    We recommend that you upgrade your linux packages.


    For the detailed security status of linux please refer to its security tracker page at:

    Information on source package linux


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    • Neu
    • Offizieller Beitrag

    Package : php8.2

    CVE ID : CVE-2024-8929 CVE-2024-8932 CVE-2024-11233 CVE-2024-11234

    CVE-2024-11236


    Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service, CLRF injection or information disclosure.


    For the stable distribution (bookworm), these problems have been fixed in version 8.2.26-1~deb12u1.


    We recommend that you upgrade your php8.2 packages.


    For the detailed security status of php8.2 please refer to its security tracker page at:

    Information on source package php8.2


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/