Debian GNU/Linux 8 (Jessie), 9 (Stretch), 10 (Buster) Extended LTS:
ELA-1269-1 avahi security update
Debian GNU/Linux 12 (Bookworm):
[DSA 5833-1] dpdk security update
ELA-1269-1 avahi security update
Package : avahi
Version : 0.6.31-5+deb8u3 (jessie), 0.6.32-2+deb9u3 (stretch), 0.7-4+deb10u4 (buster)
Related CVEs :
CVE-2023-38469
CVE-2023-38470
CVE-2023-38471
CVE-2023-38472
CVE-2023-38473
Multiple vulnerabilities have been fixed in the service discovery system Avahi.
Additionally, a GetAlternativeServiceName regression introduced by the CVE-2023-1981 fix in DLA-3414-1 (buster) and ELA-844-1 (jessie, stretch) has been fixed.
CVE-2023-38469
Reachable assertion in avahi_dns_packet_append_record
CVE-2023-38470
Reachable assertion in avahi_escape_label
CVE-2023-38471
Reachable assertion in dbus_set_host_name
CVE-2023-38472
Reachable assertion in avahi_rdata_parse
CVE-2023-38473
Reachable assertion in avahi_alternative_host_name
[SECURITY] [DSA 5833-1] dpdk security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5833-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
December 17, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : dpdk
CVE ID : CVE-2024-11614
A buffer overflow was discovered in the vhost code of DPDK, a set of
libraries for fast packet processing, which could result in denial of
service or the execution of arbitrary code by malicious
guests/containers.
For the stable distribution (bookworm), this problem has been fixed in
version 22.11.7-1~deb12u1.
We recommend that you upgrade your dpdk packages.
For the detailed security status of dpdk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dpdk
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
