Advisories: Debian

Here are the latest security advisories for the Debian Linux distribution:

  • DSA-5925-1 linux - security update
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For CPUs affected to ITS (Indirect Target Selection), to fully mitigate the vulnerability it is also necessary to update the intel-microcode packages released in DSA 5924-1. For details on the Indirect Target Selection (ITS) vulnerability please refer to https://www.vusec.net/projects/training-solo/ and https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/indirect-target-selection.html . https://security-tracker.debian.org/tracker/DSA-5925-1
  • DSA-5924-1 intel-microcode - security update
    This update ships updated CPU microcode for some types of Intel CPUs. In particular it provides mitigations for the Indirect Target Selection (ITS) vulnerability (CVE-2024-28956) and the Branch Privilege Injection vulnerability (CVE-2024-45332). For CPUs affected to ITS (Indirect Target Selection), to fully mitigate the vulnerability it is also necessary to update the Linux kernel packages released in a separate, forthcoming DSA. For details on the Indirect Target Selection (ITS) vulnerability please refer to https://www.vusec.net/projects/training-solo/ and https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/indirect-target-selection.html . For details on the Branch Privilege Injection vulnerability please refer to https://comsec.ethz.ch/research/microarch/branch-privilege-injection/ https://security-tracker.debian.org/tracker/DSA-5924-1
  • DSA-5923-1 net-tools - security update
    Mohamed Maatallah discovered a stack-based buffer overflow in the get_name() function in net-tools, a collection of programs for controlling the network subsystem of the Linux kernel, which may result in denial of service (application crash) or potentially the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-5923-1
  • DSA-5922-1 firefox-esr - security update
    Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-5922-1
  • DSA-5921-1 thunderbird - security update
    Multiple security issues were discovered in Thunderbird, which could result in spoofing of From: mail headers, execution of JavaScript or information disclosure. https://security-tracker.debian.org/tracker/DSA-5921-1
  • DSA-5920-1 chromium - security update
    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5920-1
  • DSA-5919-1 open-vm-tools - security update
    It was discovered that insecure file handling in open-vm-tools, an open source implementation of VMware Tools, may allow an unprivileged local guest user to tamper local files to trigger insecure file operations within that VM. https://security-tracker.debian.org/tracker/DSA-5919-1
  • DSA-5918-1 varnish - security update
    Ben Kallus discovered that incorrect parsing of chunked transfer encodings in the Varnish web accelerator may result in HTTP request smuggling or cache poisoning. https://security-tracker.debian.org/tracker/DSA-5918-1
  • DSA-5917-1 libapache2-mod-auth-openidc - security update
    A vulnerability has been discovered in mod_auth_openidc, an OpenID Certified authentication and authorization module for the Apache HTTP server that implements the OpenID Connect Relying Party functionality: An unauthenticated attacker could crash the Apache httpd process by sending a POST request without a Content-Type header if the 'OIDCPreservePost' directive is enabled, resulting in denial of service. https://security-tracker.debian.org/tracker/DSA-5917-1
  • DSA-5916-1 chromium - security update
    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5916-1
  • DSA-5915-1 vips - security update
    A heap-based buffer overflow vulnerability was discovered in vips, an fast image processing library designed with efficiency in mind, which may result in denial of service (application crash) if a specially crafted TIFF image file is processed. https://security-tracker.debian.org/tracker/DSA-5915-1
  • DSA-5914-1 chromium - security update
    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5914-1
  • DSA-5913-1 openjdk-17 - security update
    Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of sandbox restrictions. https://security-tracker.debian.org/tracker/DSA-5913-1
  • DSA-5912-1 thunderbird - security update
    Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure https://security-tracker.debian.org/tracker/DSA-5912-1
  • DSA-5911-1 request-tracker4 - security update
    Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system, which could result in information disclosure, cross-site scripting and use of weak encryption for S/MIME emails. https://security-tracker.debian.org/tracker/DSA-5911-1
  • DSA-5910-1 firefox-esr - security update
    Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or a bypass of sandbox restrictions. https://security-tracker.debian.org/tracker/DSA-5910-1
  • DSA-5909-1 request-tracker5 - security update
    Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system, which could result in information disclosure, cross-site scripting and use of weak encryption for S/MIME emails. https://security-tracker.debian.org/tracker/DSA-5909-1
  • DSA-5908-1 libreoffice - security update
    Juray Sarinay discovered that PDF documents signed with the adbe.pkcs7.sha1 standard were incompletely validated by LibreOffice, which could cause invalid signatures to be accepted as legitimate. https://security-tracker.debian.org/tracker/DSA-5908-1
  • DSA-5907-1 linux - security update
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. https://security-tracker.debian.org/tracker/DSA-5907-1
  • DSA-5906-1 erlang - security update
    Several vulnerabilities were discovered in the Erlang/OTP implementation of the SSH protocol, which may result in denial of service or the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-5906-1
  • More...

Tell me what you are thinking?