Here are the latest security advisories for the Debian Linux distribution:
- DSA-5834-1 chromium - security update
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5834-1 - DSA-5833-1 dpdk - security update
A buffer overflow was discovered in the vhost code of DPDK, a set of libraries for fast packet processing, which could result in denial of service or the execution of arbitrary code by malicious guests/containers. https://security-tracker.debian.org/tracker/DSA-5833-1 - DSA-5832-1 gstreamer1.0 - security update
Antonio Morales reported an integer overflow vulnerability in the memory allocator in the Core GStreamer libraries, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is processed. https://security-tracker.debian.org/tracker/DSA-5832-1 - DSA-5831-1 gst-plugins-base1.0 - security update
Multiple multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. https://security-tracker.debian.org/tracker/DSA-5831-1 - DSA-5830-1 smarty4 - security update
A security vulnerability was discovered in Smarty, a template engine for PHP, which could result in PHP code injection. https://security-tracker.debian.org/tracker/DSA-5830-1 - DSA-5829-1 chromium - security update
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5829-1 - DSA-5828-1 python-aiohttp - security update
Multiple security vulnerabilities were discovered in python-aiohttp, a HTTP client/server for asyncio, which could result in denial of service, directory traversal, CRLF injection or request smuggling. https://security-tracker.debian.org/tracker/DSA-5828-1 - DSA-5827-1 proftpd-dfsg - security update
Brian Ristuccia discovered that in ProFTPD, a powerful modular FTP/SFTP/FTPS server, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql. https://security-tracker.debian.org/tracker/DSA-5827-1 - DSA-5826-1 smarty3 - security update
Two security vulnerabilities were discovered in Smarty, a template engine for PHP, which could result in PHP code injection or cross-site scripting. https://security-tracker.debian.org/tracker/DSA-5826-1 - DSA-5825-1 ceph - security update
Sage McTaggart discovered an authentication bypass in radosgw, the RADOS REST gateway of Ceph, a distributed storage and file system. https://security-tracker.debian.org/tracker/DSA-5825-1 - DSA-5824-1 chromium - security update
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5824-1 - DSA-5815-2 needrestart - regression update
The update for needrestart announced as DSA 5815-1 introduced a regression reporting false positives for processes running in chroot or mountns. Updated packages are now available to correct this issue. https://security-tracker.debian.org/tracker/DSA-5815-2 - DSA-5823-1 webkit2gtk - security update
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2024-44308 Clement Lecigne and Benoit Sevens discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. CVE-2024-44309 Clement Lecigne and Benoit Sevens discovered that processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. https://security-tracker.debian.org/tracker/DSA-5823-1 - DSA-5822-1 simplesamlphp - security update
It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, is prone to a XXE vulnerability when loading an (untrusted) XML document. https://security-tracker.debian.org/tracker/DSA-5822-1 - DSA-5821-1 thunderbird - security update
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-5821-1 - DSA-5820-1 firefox-esr - security update
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, spoofing or cross-site scripting. https://security-tracker.debian.org/tracker/DSA-5820-1 - DSA-5819-1 php8.2 - security update
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service, CLRF injection or information disclosure. https://security-tracker.debian.org/tracker/DSA-5819-1 - DSA-5818-1 linux - security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. https://security-tracker.debian.org/tracker/DSA-5818-1 - DSA-5817-1 chromium - security update
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5817-1 - DSA-5812-2 postgresql-15 - regression update
The postgresql minor release shipped in DSA 5812 introduced an ABI break, which has been reverted so that extensions do not need to be rebuilt. https://security-tracker.debian.org/tracker/DSA-5812-2 - More...