Beiträge von Micha

    Package : chromium


    CVE ID : CVE-2023-4572


    Debian Bug : 1024981



    A security issue was discovered in Chromium, which could result in the execution of arbitrary code.



    For the oldstable distribution (bullseye), this problem has been fixed in version 116.0.5845.140-1~deb11u1.



    For the stable distribution (bookworm), this problem has been fixed in version 116.0.5845.140-1~deb12u1.



    We recommend that you upgrade your chromium packages.



    For the detailed security status of chromium please refer to its security tracker page at:


    Information on source package chromium



    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : json-c


    CVE ID : CVE-2021-32292



    An invalid memory access was discovered in json-c, a JSON library which could result in denial of service.



    For the oldstable distribution (bullseye), this problem has been fixed in version 0.15-2+deb11u1.



    We recommend that you upgrade your json-c packages.



    For the detailed security status of json-c please refer to its security tracker page at:


    Information on source package json-c



    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : firefox-esr


    CVE ID : CVE-2023-4573 CVE-2023-4574 CVE-2023-4575 CVE-2023-4581


    CVE-2023-4584



    Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.



    For the oldstable distribution (bullseye), these problems have been fixed in version 102.15.0esr-1~deb11u1.



    For the stable distribution (bookworm), these problems have been fixed in version 102.15.0esr-1~deb12u1.



    We recommend that you upgrade your firefox-esr packages.



    For the detailed security status of firefox-esr please refer to its security tracker page at:


    Information on source package firefox-esr



    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : librsvg


    CVE ID : CVE-2023-38633


    Debian Bug : 1041810



    Zac Sims discovered a directory traversal in the URL decoder of librsvg, a SAX-based renderer library for SVG files, which could result in read of arbitrary files when processing a specially crafted SVG file with an include element.



    For the oldstable distribution (bullseye), this problem has been fixed in version 2.50.3+dfsg-1+deb11u1.



    For the stable distribution (bookworm), this problem has been fixed in version 2.54.7+dfsg-1~deb12u1.



    We recommend that you upgrade your librsvg packages.



    For the detailed security status of librsvg please refer to its security tracker page at:


    Information on source package librsvg



    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : chromium


    CVE ID : CVE-2023-4427 CVE-2023-4428 CVE-2023-4429 CVE-2023-4430


    CVE-2023-4431



    Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.



    For the oldstable distribution (bullseye), these problems have been fixed in version 116.0.5845.110-1~deb11u1.



    For the stable distribution (bookworm), these problems have been fixed in version 116.0.5845.110-1~deb12u1.



    We recommend that you upgrade your chromium packages.



    For the detailed security status of chromium please refer to its security tracker page at:


    Information on source package chromium



    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : tryton-server


    CVE ID : not yet available



    "Edbo" and Cedric Krier discovered that the Tryton application server does enforce record rules when only reading fields without an SQL type (like Function fields).



    For the oldstable distribution (bullseye), this problem has been fixed in version 5.0.33-2+deb11u2.



    For the stable distribution (bookworm), this problem has been fixed in version 6.0.29-2+deb12u1.



    We recommend that you upgrade your tryton-server packages.



    For the detailed security status of tryton-server please refer to its security tracker page at:


    Information on source package tryton-server



    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : fastdds


    CVE ID : CVE-2023-39534 CVE-2023-39945 CVE-2023-39946 CVE-2023-39947


    CVE-2023-39948 CVE-2023-39949



    Multipe security issues were discovered in Fast DDS, a C++ implementation of the DDS (Data Distribution Service), which might result in denial of service or potentially the execution of arbitrary code when processing malformed RTPS packets.



    For the oldstable distribution (bullseye), these problems have been fixed in version 2.1.0+ds-9+deb11u1.



    For the stable distribution (bookworm), these problems have been fixed in version 2.9.1+ds-1+deb12u1.



    We recommend that you upgrade your fastdds packages.



    For the detailed security status of fastdds please refer to its security tracker page at:


    Information on source package fastdds



    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : linux


    CVE ID : CVE-2022-4269 CVE-2022-39189 CVE-2023-1206 CVE-2023-1380


    CVE-2023-2002 CVE-2023-2007 CVE-2023-2124 CVE-2023-2269


    CVE-2023-2898 CVE-2023-3090 CVE-2023-3111 CVE-2023-3212


    CVE-2023-3268 CVE-2023-3338 CVE-2023-3389 CVE-2023-3609


    CVE-2023-3611 CVE-2023-3776 CVE-2023-3863 CVE-2023-4004


    CVE-2023-4128 CVE-2023-4132 CVE-2023-4147 CVE-2023-4194


    CVE-2023-4273 CVE-2023-20588 CVE-2023-21255 CVE-2023-21400


    CVE-2023-31084 CVE-2023-34319 CVE-2023-35788 CVE-2023-40283



    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.



    CVE-2022-4269



    William Zhao discovered that a flaw in the Traffic Control (TC)


    subsystem when using a specific networking configuration


    (redirecting egress packets to ingress using TC action "mirred"),


    may allow a local unprivileged user to cause a denial of service


    (triggering a CPU soft lockup).



    CVE-2022-39189



    Jann Horn discovered that TLB flush operations are mishandled in the


    KVM subsystem in certain KVM_VCPU_PREEMPTED situations, which may


    allow an unprivileged guest user to compromise the guest kernel.



    CVE-2023-1206



    It was discovered that the networking stack permits attackers to


    force hash collisions in the IPv6 connection lookup table, which may


    result in denial of service (significant increase in the cost of


    lookups, increased CPU utilization).



    CVE-2023-1380



    Jisoo Jang reported a heap out-of-bounds read in the brcmfmac Wi-Fi


    driver. On systems using this driver, a local user could exploit


    this to read sensitive information or to cause a denial of service.



    CVE-2023-2002



    Ruiahn Li reported an incorrect permissions check in the Bluetooth


    subsystem. A local user could exploit this to reconfigure local


    Bluetooth interfaces, resulting in information leaks, spoofing, or


    denial of service (loss of connection).



    CVE-2023-2007



    Lucas Leong and Reno Robert discovered a time-of-check-to-time-of-


    use flaw in the dpt_i2o SCSI controller driver. A local user with


    access to a SCSI device using this driver could exploit this for


    privilege escalation.



    This flaw has been mitigated by removing support for the I2OUSRCMD


    operation.



    CVE-2023-2124



    Kyle Zeng, Akshay Ajayan and Fish Wang discovered that missing


    metadata validation may result in denial of service or potential


    privilege escalation if a corrupted XFS disk image is mounted.



    CVE-2023-2269



    Zheng Zhang reported that improper handling of locking in the device


    mapper implementation may result in denial of service.



    CVE-2023-2898



    It was discovered that missing sanitising in the f2fs file


    system may result in denial of service if a malformed file


    system is accessed.



    CVE-2023-3090



    It was discovered that missing initialization in ipvlan networking


    may lead to an out-of-bounds write vulnerability, resulting in


    denial of service or potentially the execution of arbitrary code.



    CVE-2023-3111



    The TOTE Robot tool found a flaw in the Btrfs filesystem driver that


    can lead to a use-after-free. It's unclear whether an unprivileged


    user can exploit this.



    CVE-2023-3212



    Yang Lan that missing validation in the GFS2 filesystem could result


    in denial of service via a NULL pointer dereference when mounting a


    malformed GFS2 filesystem.



    CVE-2023-3268



    It was discovered that an out-of-bounds memory access in relayfs


    could result in denial of service or an information leak.



    CVE-2023-3338



    Davide Ornaghi discovered a flaw in the DECnet protocol


    implementation which could lead to a null pointer dereference or


    use-after-free. A local user can exploit this to cause a denial of service


    (crash or memory corruption) and probably for privilege escalation.



    This flaw has been mitigated by removing the DECnet protocol


    implementation.



    CVE-2023-3389



    Querijn Voet discovered a use-after-free in the io_uring subsystem,


    which may result in denial of service or privilege escalation.



    CVE-2023-3611



    It was discovered that an out-of-bounds write in the traffic control


    subsystem for the Quick Fair Queueing scheduler (QFQ) may result in


    denial of service or privilege escalation.



    CVE-2023-3609 / CVE-2023-3776 / CVE-2023-4128



    It was discovered that a use-after-free in the cls_fw, cls_u32,


    cls_route and network classifiers may result in denial of service or


    potential local privilege escalation.



    CVE-2023-3863



    It was discovered that a use-after-free in the NFC implementation


    may result in denial of service, an information leak or potential


    local privilege escalation.



    CVE-2023-4004



    It was discovered that a use-after-free in Netfilter's


    implementation of PIPAPO (PIle PAcket POlicies) may result in denial


    of service or potential local privilege escalation for a user with


    the CAP_NET_ADMIN capability in any user or network namespace.



    CVE-2023-4132



    A use-after-free in the driver for Siano SMS1xxx based MDTV


    receivers may result in local denial of service.



    CVE-2023-4147



    Kevin Rich discovered a use-after-free in Netfilter when adding a


    rule with NFTA_RULE_CHAIN_ID, which may result in local privilege


    escalation for a user with the CAP_NET_ADMIN capability in any user


    or network namespace.



    CVE-2023-4194



    A type confusion in the implementation of TUN/TAP network devices


    may allow a local user to bypass network filters.



    CVE-2023-4273



    Maxim Suhanov discovered a stack overflow in the exFAT driver, which


    may result in local denial of service via a malformed file system.



    CVE-2023-20588



    Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Koepf and


    Oleksii Oleksenko discovered that on some AMD CPUs with the Zen1


    micro architecture an integer division by zero may leave stale


    quotient data from a previous division, resulting in a potential


    leak of sensitive data.



    CVE-2023-21255



    A use-after-free was discovered in the in the Android binder driver,


    which may result in local privilege escalation on systems where the


    binder driver is loaded.



    CVE-2023-21400



    Ye Zhang and Nicolas Wu discovered a double-free in the io_uring


    subsystem, which may result in denial of service or privilege


    escalation.



    CVE-2023-31084



    It was discovered that the DVB Core driver does not properly handle


    locking of certain events, allowing a local user to cause a denial


    of service.



    CVE-2023-34319



    Ross Lagerwall discovered a buffer overrun in Xen's netback driver


    which may allow a Xen guest to cause denial of service to the


    virtualisation host my sending malformed packets.



    CVE-2023-35788



    Hangyu Hua that an off-by-one in the Flower traffic classifier may


    result in local of service or the execution of privilege escalation.



    CVE-2023-40283



    A use-after-free was discovered in Bluetooth L2CAP socket handling.



    For the oldstable distribution (bullseye), these problems have been fixed in version 5.10.191-1.



    We recommend that you upgrade your linux packages.



    For the detailed security status of linux please refer to its security tracker page at:


    Information on source package linux



    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : chromium


    CVE ID : CVE-2023-2312 CVE-2023-4349 CVE-2023-4350 CVE-2023-4351


    CVE-2023-4352 CVE-2023-4353 CVE-2023-4354 CVE-2023-4355


    CVE-2023-4356 CVE-2023-4357 CVE-2023-4358 CVE-2023-4359


    CVE-2023-4360 CVE-2023-4361 CVE-2023-4362 CVE-2023-4363


    CVE-2023-4364 CVE-2023-4365 CVE-2023-4366 CVE-2023-4367


    CVE-2023-4368



    Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.



    For the oldstable distribution (bullseye), these problems have been fixed in version 116.0.5845.96-1~deb11u1.



    For the stable distribution (bookworm), these problems have been fixed in version 116.0.5845.96-1~deb12u1.



    We recommend that you upgrade your chromium packages.



    For the detailed security status of chromium please refer to its security tracker page at:


    Information on source package chromium



    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : openjdk-11


    CVE ID : CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939


    CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 CVE-2023-22006


    CVE-2023-22036 CVE-2023-22041 CVE-2023-22045 CVE-2023-22049



    Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service.




    For the oldstable distribution (bullseye), these problems have been fixed in version 11.0.20+8-1~deb11u1.



    We recommend that you upgrade your openjdk-11 packages.



    For the detailed security status of openjdk-11 please refer to its security tracker page at:


    Information on source package openjdk-11



    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : samba


    CVE ID : CVE-2022-2127 CVE-2023-3347 CVE-2023-34966 CVE-2023-34967


    CVE-2023-34968


    Debian Bug : 1041043



    Several vulnerabilities have been discovered in Samba, which could result in information disclosure, denial of service or insufficient enforcement of security-relevant config directives.



    The version of Samba in the oldstable distribution (bullseye) cannot be fully supported further: If you are using Samba as a domain controller you should either upgrade to the stable distribution or if that's not an immediate option consider to migrate to Samba from bullseye-backports (which will be kept updated to the version in stable). Operating Samba as a file/print server will continue to be supported, a separate DSA will provide an update update along with documentation about the scope of continued support.



    For the stable distribution (bookworm), these problems have been fixed in version 2:4.17.10+dfsg-0+deb12u1.



    We recommend that you upgrade your samba packages.



    For the detailed security status of samba please refer to its security tracker page at:


    Information on source package samba



    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : gst-plugins-ugly1.0


    CVE ID : not yet available



    Multiple vulnerabilities were discovered in the RealMedia demuxers for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.



    For the oldstable distribution (bullseye), this problem has been fixed in version 1.18.4-2+deb11u1.



    For the stable distribution (bookworm), this problem has been fixed in version 1.22.0-2+deb12u1.



    We recommend that you upgrade your gst-plugins-ugly1.0 packages.



    For the detailed security status of gst-plugins-ugly1.0 please refer to its security tracker page at:


    Information on source package gst-plugins-ugly1.0



    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : linux


    CVE ID : CVE-2022-40982 CVE-2023-20569



    CVE-2022-40982



    Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware


    vulnerability for Intel CPUs which allows unprivileged speculative


    access to data which was previously stored in vector registers.



    This mitigation requires updated CPU microcode provided in the


    intel-microcode package.



    For details please refer to


    <https://downfall.page/> and


    <https://www.intel.com/content/…gather-data-sampling.html>.



    CVE-2023-20569



    Daniel Trujillo, Johannes Wikner and Kaveh Razavi discovered


    INCEPTION, also known as Speculative Return Stack Overflow (SRSO),


    a transient execution attack that leaks arbitrary data on all AMD


    Zen CPUs. An attacker can mis-train the CPU BTB to predict non-


    architectural CALL instructions in kernel space and use this to


    control the speculative target of a subsequent kernel RET,


    potentially leading to information disclosure via a speculative


    side-channel.



    For details please refer to


    <https://comsec.ethz.ch/research/microarch/inception/> and


    <https://www.amd.com/en/corpora…rity/bulletin/amd-sb-7005>.



    For the oldstable distribution (bullseye), these problems have been fixed in version 5.10.179-5.



    For the stable distribution (bookworm), these problems have been fixed in version 6.1.38-4.



    We recommend that you upgrade your linux packages.



    For the detailed security status of linux please refer to its security tracker page at:


    Information on source package linux



    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : intel-microcode


    CVE ID : CVE-2022-40982 CVE-2022-41804 CVE-2023-23908


    Debian Bug : 1043305



    This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for security vulnerabilities.



    CVE-2022-40982



    Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware


    vulnerability which allows unprivileged speculative access to data


    which was previously stored in vector registers.



    For details please refer to


    <https://downfall.page/> and


    <https://www.intel.com/content/…gather-data-sampling.html>.



    CVE-2022-41804



    Unauthorized error injection in Intel SGX or Intel TDX for some


    Intel Xeon Processors which may allow a local user to potentially


    escalate privileges.



    CVE-2023-23908



    Improper access control in some 3rd Generation Intel Xeon Scalable


    processors may result in an information leak.



    For the oldstable distribution (bullseye), these problems have been fixed in version 3.20230808.1~deb11u1.



    For the stable distribution (bookworm), these problems have been fixed in version 3.20230808.1~deb12u1.



    We recommend that you upgrade your intel-microcode packages.



    For the detailed security status of intel-microcode please refer to its security tracker page at:


    Information on source package intel-microcode



    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : orthanc


    CVE ID : CVE-2023-33466


    Debian Bug : 1040597



    It was discovered that authenticated API users of Orthanc, a DICOM server for medical imaging, could overwrite arbitrary files and in some setups execute arbitrary code.



    This update backports the option RestApiWriteToFileSystemEnabled, setting it to 'true' in /etc/orthanc/orthanc.json restores the previous behaviour.



    For the oldstable distribution (bullseye), this problem has been fixed in version 1.9.2+really1.9.1+dfsg-1+deb11u1.



    For the stable distribution (bookworm), this problem has been fixed in version 1.10.1+dfsg-2+deb12u1.



    We recommend that you upgrade your orthanc packages.



    For the detailed security status of orthanc please refer to its security tracker page at:


    Information on source package orthanc



    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : cjose


    CVE ID : CVE-2023-37464


    Debian Bug : 1041423



    It was discovered that an incorrect implementation of AES GCM decryption in cjose, a C library implementing the JOSE standard may allow an attacker to provide a truncated Authentication Tag and modify the JWE object.



    For the oldstable distribution (bullseye), this problem has been fixed in version 0.6.1+dfsg1-1+deb11u1.



    For the stable distribution (bookworm), this problem has been fixed in version 0.6.2.1-1+deb12u1.



    We recommend that you upgrade your cjose packages.



    For the detailed security status of cjose please refer to its security tracker page at:


    Information on source package cjose



    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : libhtmlcleaner-java


    CVE ID : CVE-2023-34624



    A security vulnerability has been discovered in libhtmlcleaner-java, a Java HTML parser library. An attacker was able to cause a denial of service


    (StackOverflowError) if the parser runs on user supplied input with deeply nested HTML elements. This update introduces a new nesting depth limit which can be overridden in cleaner properties.



    For the oldstable distribution (bullseye), this problem has been fixed in version 2.24-1+deb11u1.



    For the stable distribution (bookworm), this problem has been fixed in version 2.26-1+deb12u1.



    We recommend that you upgrade your libhtmlcleaner-java packages.



    For the detailed security status of libhtmlcleaner-java please refer to its security tracker page at:


    Information on source package libhtmlcleaner-java



    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : python-werkzeug


    CVE ID : CVE-2023-23934 CVE-2023-25577


    Debian Bug : 1031370



    Several vulnerabilities were discovered in python-werkzeug, a collection of utilities for WSGI applications.



    CVE-2023-23934



    It was discovered that Werkzeug did not properly handle the parsing


    of nameless cookies which may allow shadowing of other cookies.



    CVE-2023-25577



    It was discovered that Werkzeug could parse unlimited number of


    parts, including file parts, which may result in denial of service.



    For the oldstable distribution (bullseye), these problems have been fixed in version 1.0.1+dfsg1-2+deb11u1.



    We recommend that you upgrade your python-werkzeug packages.



    For the detailed security status of python-werkzeug please refer to its security tracker page at:


    Information on source package python-werkzeug



    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : thunderbird


    CVE ID : CVE-2023-4045 CVE-2023-4046 CVE-2023-4047 CVE-2023-4048


    CVE-2023-4049 CVE-2023-4050 CVE-2023-4055 CVE-2023-4056



    Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.



    For the oldstable distribution (bullseye), these problems have been fixed in version 1:102.14.0-1~deb11u1.



    For the stable distribution (bookworm), these problems have been fixed in version 1:102.14.0-1~deb12u1.



    We recommend that you upgrade your thunderbird packages.



    For the detailed security status of thunderbird please refer to its security tracker page at:


    Information on source package thunderbird



    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : webkit2gtk


    CVE ID : CVE-2023-38133 CVE-2023-38572 CVE-2023-38592 CVE-2023-38594


    CVE-2023-38595 CVE-2023-38597 CVE-2023-38599 CVE-2023-38600


    CVE-2023-38611



    The following vulnerabilities have been discovered in the WebKitGTK web engine:



    CVE-2023-38133



    YeongHyeon Choi discovered that processing web content may


    disclose sensitive information.



    CVE-2023-38572



    Narendra Bhati discovered that a website may be able to bypass the


    Same Origin Policy.



    CVE-2023-38592



    Narendra Bhati, Valentino Dalla Valle, Pedro Bernardo, Marco


    Squarcina, and Lorenzo Veronese discovered that processing web


    content may lead to arbitrary code execution.



    CVE-2023-38594



    Yuhao Hu discovered that processing web content may lead to


    arbitrary code execution.



    CVE-2023-38595



    An anonymous researcher, Jiming Wang, and Jikai Ren discovered


    that processing web content may lead to arbitrary code execution.



    CVE-2023-38597



    Junsung Lee discovered that processing web content may lead to


    arbitrary code execution.



    CVE-2023-38599



    Hritvik Taneja, Jason Kim, Jie Jeff Xu, Stephan van Schaik, Daniel


    Genkin, and Yuval Yarom discovered that a website may be able to


    track sensitive user information.



    CVE-2023-38600



    An anonymous researcher discovered that processing web content may


    lead to arbitrary code execution.



    CVE-2023-38611



    Francisco Alonso discovered that processing web content may lead


    to arbitrary code execution.



    For the oldstable distribution (bullseye), these problems have been fixed in version 2.40.5-1~deb11u1.



    For the stable distribution (bookworm), these problems have been fixed in version 2.40.5-1~deb12u1.



    We recommend that you upgrade your webkit2gtk packages.



    For the detailed security status of webkit2gtk please refer to its security tracker page at:


    Information on source package webkit2gtk



    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/