Debian 10225 Published by

The following security updates have been released for Debian GNU/Linux 12 (Bookworm):

[SECURITY] [DSA 5753-1] aom security update
[SECURITY] [DSA 5752-1] dovecot security update
[SECURITY] [DSA 5756-1] nova security update
[SECURITY] [DSA 5755-1] glance security update
[SECURITY] [DSA 5754-1] cinder security update




[SECURITY] [DSA 5753-1] aom security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5753-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 21, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : aom
CVE ID : CVE-2024-5171

An integer overflow was discovered in aom, the AV1 Video Codec Library,
which could potentially result in the execution of arbitrary code if a
malformed media file is processed.

For the stable distribution (bookworm), this problem has been fixed in
version 3.6.0-1+deb12u1.

We recommend that you upgrade your aom packages.

For the detailed security status of aom please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/aom

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[SECURITY] [DSA 5752-1] dovecot security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5752-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 21, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : dovecot
CVE ID : CVE-2024-23184 CVE-2024-23185

Two vulnerabilities have been discovered in the IMAP implementation of
the Dovecot mail server: Excessive numbers of address headers or very
large headers can result in high CPU usage, leading to denial of
service.

For the stable distribution (bookworm), these problems have been fixed in
version 1:2.3.19.1+dfsg1-2.1+deb12u1.

We recommend that you upgrade your dovecot packages.

For the detailed security status of dovecot please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dovecot

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[SECURITY] [DSA 5756-1] nova security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5756-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 21, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : nova
CVE ID : CVE-2024-32498

Martin Kaesberger discovered a vulnerability which affects multiple
OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk
images may result in the disclosure of arbitrary files.

For the stable distribution (bookworm), this problem has been fixed in
version 2:26.2.2-1~deb12u3.

We recommend that you upgrade your nova packages.

For the detailed security status of nova please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nova

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[SECURITY] [DSA 5755-1] glance security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5755-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 21, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : glance
CVE ID : CVE-2024-32498

Martin Kaesberger discovered a vulnerability which affects multiple
OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk
images may result in the disclosure of arbitrary files.

For the stable distribution (bookworm), this problem has been fixed in
version 2:25.1.0-2+deb12u1.

We recommend that you upgrade your glance packages.

For the detailed security status of glance please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/glance

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[SECURITY] [DSA 5754-1] cinder security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5754-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 21, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : cinder
CVE ID : CVE-2024-32498

Martin Kaesberger discovered a vulnerability which affects multiple
OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk
images may result in the disclosure of arbitrary files.

For the stable distribution (bookworm), this problem has been fixed in
version 2:21.3.1-1~deb12u1.

We recommend that you upgrade your cinder packages.

For the detailed security status of cinder please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cinder

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/