Advisories: Debian

Here are the latest security advisories for the Debian Linux distribution:

  • DSA-5675-1 chromium - security update
    Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. https://security-tracker.debian.org/tracker/DSA-5675-1
  • DSA-5674-1 pdns-recursor - security update
    It was discovered that PDNS Recursor, a resolving name server, was susceptible to denial of service if recursive forwarding is configured. https://security-tracker.debian.org/tracker/DSA-5674-1
  • DSA-5673-1 glibc - security update
    Charles Fol discovered that the iconv() function in the GNU C library is prone to a buffer overflow vulnerability when converting strings to the ISO-2022-CN-EXT character set, which may lead to denial of service (application crash) or the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-5673-1
  • DSA-5672-1 openjdk-17 - security update
    Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure. https://security-tracker.debian.org/tracker/DSA-5672-1
  • DSA-5671-1 openjdk-11 - security update
    Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure. https://security-tracker.debian.org/tracker/DSA-5671-1
  • DSA-5670-1 thunderbird - security update
    Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-5670-1
  • DSA-5669-1 guix - security update
    It was discovered that insufficient restriction of unix daemon sockets in the GNU Guix functional package manager could result in sandbox bypass. https://security-tracker.debian.org/tracker/DSA-5669-1
  • DSA-5668-1 chromium - security update
    Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. https://security-tracker.debian.org/tracker/DSA-5668-1
  • DSA-5667-1 tomcat9 - security update
    Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-46589 Tomcat 9 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. CVE-2024-24549 Denial of Service due to improper input validation vulnerability for HTTP/2. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed. CVE-2024-23672 Denial of Service via incomplete cleanup vulnerability. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption. https://security-tracker.debian.org/tracker/DSA-5667-1
  • DSA-5666-1 flatpak - security update
    Gergo Koteles discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could by bypassed in combination with xdg-desktop-portal. https://security-tracker.debian.org/tracker/DSA-5666-1
  • DSA-5665-1 tomcat10 - security update
    Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-46589 Tomcat 10 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. CVE-2024-24549 Denial of Service due to improper input validation vulnerability for HTTP/2. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed. CVE-2024-23672 Denial of Service via incomplete cleanup vulnerability. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption. https://security-tracker.debian.org/tracker/DSA-5665-1
  • DSA-5664-1 jetty9 - security update
    Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service. https://security-tracker.debian.org/tracker/DSA-5664-1
  • DSA-5663-1 firefox-esr - security update
    Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or clickjacking. https://security-tracker.debian.org/tracker/DSA-5663-1
  • DSA-5655-2 cockpit - regression update
    The update of cockpit released in DSA 5655-1 did not correctly built binary packages due to unit test failures when building against libssh 0.10.6. This update corrects that problem. https://security-tracker.debian.org/tracker/DSA-5655-2
  • DSA-5662-1 apache2 - security update
    Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service. https://security-tracker.debian.org/tracker/DSA-5662-1
  • DSA-5661-1 php8.2 - security update
    Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes. https://security-tracker.debian.org/tracker/DSA-5661-1
  • DSA-5660-1 php7.4 - security update
    Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes. https://security-tracker.debian.org/tracker/DSA-5660-1
  • DSA-5659-1 trafficserver - security update
    Bartek Nowotarski discovered that Apache Traffic Server, a reverse and forward proxy server, was susceptible to denial of service via HTTP2 continuation frames. https://security-tracker.debian.org/tracker/DSA-5659-1
  • DSA-5658-1 linux - security update
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. https://security-tracker.debian.org/tracker/DSA-5658-1
  • DSA-5657-1 xorg-server - security update
    Several vulnerabilities were discovered in the Xorg X server, which may result in privilege escalation if the X server is running privileged or denial of service. https://security-tracker.debian.org/tracker/DSA-5657-1
  • More...

Tell me what you are thinking?