Beiträge von Micha

    Package : thunderbird

    CVE ID : CVE-2024-10458 CVE-2024-10459 CVE-2024-10460 CVE-2024-10461

    CVE-2024-10462 CVE-2024-10463 CVE-2024-10464 CVE-2024-10465

    CVE-2024-10466 CVE-2024-10467


    Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.


    Debian follows the Thunderbird upstream releases. Support for the 115.x series has ended, so starting with this update we're now following the 128.x series.


    For the stable distribution (bookworm), these problems have been fixed in version 1:128.4.0esr-1~deb12u1. This version is not yet available for the i386 architecture.


    We recommend that you upgrade your thunderbird packages.


    For the detailed security status of thunderbird please refer to its security tracker page at:

    Information on source package thunderbird


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : chromium

    CVE ID : CVE-2024-10487 CVE-2024-10488


    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.


    For the stable distribution (bookworm), these problems have been fixed in version 130.0.6723.91-1~deb12u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : firefox-esr

    CVE ID : CVE-2024-10458 CVE-2024-10459 CVE-2024-10460 CVE-2024-10461

    CVE-2024-10462 CVE-2024-10463 CVE-2024-10464 CVE-2024-10465

    CVE-2024-10466 CVE-2024-10467


    Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing or information disclosure.


    For the stable distribution (bookworm), these problems have been fixed in version 128.4.0esr-1~deb12u1.


    We recommend that you upgrade your firefox-esr packages.


    For the detailed security status of firefox-esr please refer to its security tracker page at:

    Information on source package firefox-esr


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : xorg-server

    CVE ID : CVE-2024-9632

    Debian Bug : 1086244


    Jan-Niklas Sohn discovered that a heap-based buffer overflow in the _XkbSetCompatMap function in the X Keyboard Extension of the X.org X server may result in privilege escalation if the X server is running privileged.


    For the stable distribution (bookworm), this problem has been fixed in version 2:21.1.7-3+deb12u8.


    We recommend that you upgrade your xorg-server packages.


    For the detailed security status of xorg-server please refer to its security tracker page at:

    Information on source package xorg-server


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : chromium

    CVE ID : CVE-2024-10229 CVE-2024-10230 CVE-2024-10231


    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.


    For the stable distribution (bookworm), these problems have been fixed in version 130.0.6723.69-1~deb12u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : activemq

    CVE ID : CVE-2023-46604


    Christoper L. Shannon discovered that the implementation of the OpenWire protocol in Apache ActiveMQ was susceptible to the execution of arbitrary code.


    For the stable distribution (bookworm), these problems have been fixed in version 5.17.2+dfsg-2+deb12u1.


    We recommend that you upgrade your activemq packages.


    For the detailed security status of activemq please refer to its security tracker page at:

    Information on source package activemq


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : twisted

    CVE ID : CVE-2023-46137 CVE-2024-41671 CVE-2024-41810


    Multiple security issues were found in Twisted, an event-based framework for internet applications, which could result in incorrect ordering of HTTP requests or cross-site scripting.


    For the stable distribution (bookworm), these problems have been fixed in version 22.4.0-4+deb12u1.


    We recommend that you upgrade your twisted packages.


    For the detailed security status of twisted please refer to its security tracker page at:

    Information on source package twisted


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : libheif

    CVE ID : CVE-2023-29659 CVE-2023-49462 CVE-2024-41311


    Multiple security issues were found in libheif, a library to parse HEIF and AVIF files, which could result in denial of service or potentially the execution of arbitrary code.


    For the stable distribution (bookworm), these problems have been fixed in version 1.15.1-1+deb12u1.


    We recommend that you upgrade your libheif packages.


    For the detailed security status of libheif please refer to its security tracker page at:

    Information on source package libheif


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : python-sql

    CVE ID : CVE-2024-9774


    Cedric Krier discovered that python-sql, a library to write SQL queries in a pythonic way, performed insufficient sanitising which could result in SQL injection.


    For the stable distribution (bookworm), this problem has been fixed in version 1.4.0-1+deb12u1.


    We recommend that you upgrade your python-sql packages.


    For the detailed security status of python-sql please refer to its security tracker page at:

    Information on source package python-sql


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : openjdk-17

    CVE ID : CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235


    Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure.


    For the stable distribution (bookworm), these problems have been fixed in version 17.0.13+11-2~deb12u1.


    We recommend that you upgrade your openjdk-17 packages.


    For the detailed security status of openjdk-17 please refer to its security tracker page at:

    Information on source package openjdk-17


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : chromium

    CVE ID : CVE-2024-9954 CVE-2024-9955 CVE-2024-9956 CVE-2024-9957

    CVE-2024-9958 CVE-2024-9959 CVE-2024-9960 CVE-2024-9961

    CVE-2024-9962 CVE-2024-9963 CVE-2024-9964 CVE-2024-9965

    CVE-2024-9966


    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.


    For the stable distribution (bookworm), these problems have been fixed in version 130.0.6723.58-1~deb12u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : webkit2gtk

    CVE ID : CVE-2024-40866 CVE-2024-44187


    The following vulnerabilities have been discovered in the WebKitGTK web engine:


    CVE-2024-40866


    Hafiizh and YoKo Kho discovered that visiting a malicious website

    may lead to address bar spoofing.


    CVE-2024-44187


    Narendra Bhati discovered that a malicious website may exfiltrate

    data cross-origin.


    For the stable distribution (bookworm), these problems have been fixed in version 2.46.0-2~deb12u1.


    We recommend that you upgrade your webkit2gtk packages.


    For the detailed security status of webkit2gtk please refer to its security tracker page at:

    Information on source package webkit2gtk


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : python-reportlab

    CVE ID : CVE-2023-33733


    Elyas Damej discovered that a sandbox mechanism in ReportLab, a Python library to create PDF documents, could be bypassed which may result in the execution of arbitrary code when converting malformed HTML to a PDF document.


    For the stable distribution (bookworm), this problem has been fixed in version 3.6.12-1+deb12u1.


    We recommend that you upgrade your python-reportlab packages.


    For the detailed security status of python-reportlab please refer to its security tracker page at:

    Information on source package python-reportlab


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : node-dompurify

    CVE ID : CVE-2024-47875


    It was discovered that DOMPurify, a sanitizer for HTML, MathML and SVG was susceptible to nesting-based mXSS.


    For the stable distribution (bookworm), this problem has been fixed in version 2.4.1+dfsg+~2.4.0-2.


    We recommend that you upgrade your node-dompurify packages.


    For the detailed security status of node-dompurify please refer to its security tracker page at:

    Information on source package node-dompurify


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : thunderbird

    CVE ID : CVE-2024-9392 CVE-2024-9393 CVE-2024-9394 CVE-2024-9401

    CVE-2024-9680


    Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.


    For the stable distribution (bookworm), these problems have been fixed in version 1:115.16.0esr-1~deb12u1.


    We recommend that you upgrade your thunderbird packages.


    For the detailed security status of thunderbird please refer to its security tracker page at:

    Information on source package thunderbird


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : firefox-esr

    CVE ID : CVE-2024-9680


    Damien Schaeffer discovered a use-after-free in the Mozilla Firefox web browser, which could result in the execution of arbitrary code.


    For the stable distribution (bookworm), this problem has been fixed in version 128.3.1esr-1~deb12u1.


    We recommend that you upgrade your firefox-esr packages.


    For the detailed security status of firefox-esr please refer to its security tracker page at:

    Information on source package firefox-esr


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : chromium

    CVE ID : CVE-2024-9602 CVE-2024-9603


    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.


    For the stable distribution (bookworm), these problems have been fixed in version 129.0.6668.100-1~deb12u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : apache2

    Debian Bug : 1079172 1079206


    The fixes for CVE-2024-38474 and CVE-2024-39884 introduced two regressions in mod_rewrite and mod_proxy.


    For the stable distribution (bookworm), these problems have been fixed in version 2.4.62-1~deb12u2.


    We recommend that you upgrade your apache2 packages.


    For the detailed security status of apache2 please refer to its security tracker page at:

    Information on source package apache2


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : libgsf

    CVE ID : CVE-2024-36474 CVE-2024-42415

    Debian Bug : 1084056


    Integer overflows flaws were discovered in the Compound Document Binary File format parser of libgsf, the GNOME Project G Structured File Library, which could result in the execution of arbitrary code if a specially crafted file is processed.


    For the stable distribution (bookworm), these problems have been fixed in version 1.14.50-1+deb12u1.


    We recommend that you upgrade your libgsf packages.


    For the detailed security status of libgsf please refer to its security tracker page at:

    Information on source package libgsf


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : mediawiki

    CVE ID : CVE-2024-47913


    Dom Walden discovered that the AbuseFilter extension in MediaWiki, a website engine for collaborative work, performed incomplete authorisation checks.


    For the stable distribution (bookworm), this problem has been fixed in version 1:1.39.10-1~deb12u1.


    We recommend that you upgrade your mediawiki packages.


    For the detailed security status of mediawiki please refer to its security tracker page at:

    Information on source package mediawiki


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/