Debian GNU/Linux 8 (Jessie) Extended LTS:
ELA-1178-1 hsqldb1.8.0 security update
Debian GNU/Linux 8 (Jessie), 9 (Stretch), and 10 (Buster) Extended LTS:
ELA-1176-1 libxml2 security update
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1177-1 bluez security update
Debian GNU/Linux 11 (Bullseye) LTS:
[SECURITY] [DLA 3881-1] aom security update
[SECURITY] [DLA 3880-1] amanda security update
[SECURITY] [DLA 3879-1] bluez security update
[SECURITY] [DLA 3881-1] aom security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3881-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
September 07, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : aom
Version : 1.0.0.errata1-3+deb11u2
CVE ID : CVE-2024-5171
Integer overflows have been fixed in aom, an AV1 Codec Library.
For Debian 11 bullseye, this problem has been fixed in version
1.0.0.errata1-3+deb11u2.
We recommend that you upgrade your aom packages.
For the detailed security status of aom please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/aom
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DLA 3880-1] amanda security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3880-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
September 07, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : amanda
Version : 1:3.5.1-7+deb11u1
CVE ID : CVE-2022-37703 CVE-2022-37704 CVE-2022-37705 CVE-2023-30577
Debian Bug : 1021017 1029829 1055253
Multiple vulnerabilities have been fixed in the Amanda backup system.
CVE-2022-37703
Directory existence disclosure
CVE-2022-37704
Privilege escalation in rundump
CVE-2022-37705
Privilege escalation in runtar
CVE-2023-30577
Privilege escalation in runtar
For Debian 11 bullseye, these problems have been fixed in version
1:3.5.1-7+deb11u1.
We recommend that you upgrade your amanda packages.
For the detailed security status of amanda please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/amanda
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DLA 3879-1] bluez security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3879-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
September 07, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : bluez
Version : 5.55-3.1+deb11u2
CVE ID : CVE-2021-3658 CVE-2021-41229 CVE-2021-43400 CVE-2022-0204
CVE-2022-39176 CVE-2022-39177 CVE-2023-27349 CVE-2023-50229
CVE-2023-50230
Debian Bug : 991596 998626 1000262 1003712
Multiple vulnerabilities have been fixed in bluez library, tools and
daemons for using Bluetooth devices.
CVE-2021-3658
adapter: Fix storing discoverable setting
CVE-2021-41229
Memory leak in the SDP protocol
CVE-2021-43400
Use-after-free on client disconnect
CVE-2022-0204
GATT heap overflow
CVE-2022-39176
Proximate attackers could obtain sensitive information
CVE-2022-39177
Proximate attackers could cause denial of service
CVE-2023-27349
AVRCP crash while handling unsupported events
CVE-2023-50229
Phone Book Access profile Heap-based Buffer Overflow
CVE-2023-50230
Phone Book Access profile Heap-based Buffer Overflow
For Debian 11 bullseye, these problems have been fixed in version
5.55-3.1+deb11u2.
We recommend that you upgrade your bluez packages.
For the detailed security status of bluez please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/bluez
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
ELA-1178-1 hsqldb1.8.0 security update
Package : hsqldb1.8.0
Version : 1.8.0.10+dfsg-3+deb8u1 (jessie)
Related CVEs :
CVE-2023-1183
Arbitrary file write with a SCRIPT command was fixed in the Java database engine hsqldb1.8.0.
ELA-1177-1 bluez security update
Package : bluez
Version : 5.43-2+deb9u8 (stretch), 5.50-1.2~deb10u6 (buster)
Related CVEs :
CVE-2023-27349
CVE-2023-50229
CVE-2023-50230
Multiple vulnerabilities have been fixed in bluez, a library, tools and daemons for using Bluetooth devices.
CVE-2023-27349 (stretch)
AVRCP crash while handling unsupported events
CVE-2023-50229
Phone Book Access profile Heap-based Buffer Overflow
CVE-2023-50230
Phone Book Access profile Heap-based Buffer Overflow
ELA-1176-1 libxml2 security update
Package : libxml2
Version : 2.9.1+dfsg1-5+deb8u16 (jessie), 2.9.4+dfsg1-2.2+deb9u11 (stretch), 2.9.4+dfsg1-7+deb10u7 (buster)
Related CVEs :
CVE-2016-3709
CVE-2022-2309
Two vulnerabilities have been fixed in the XML library libxml2.
CVE-2016-3709 (buster)
HTML 4 parser cross-site scripting
CVE-2022-2309
Parser NULL pointer dereference
