Debian 10225 Published by

The following two updates are available for Debian GNU/Linux:

ELA-1023-1 bluez security update
[DSA 5581-1] firefox-esr security update




ELA-1023-1 bluez security update

Package : bluez
Version : 5.43-2+deb9u2~deb8u6 (jessie), 5.43-2+deb9u7 (stretch)

Related CVEs :
CVE-2023-45866

It was discovered that there was a keyboard injection attack in Bluez, a set of
services and tools for interacting with wireless Bluetooth devices.
Prior to this change, BlueZ may have permitted unauthenticated peripherals
to establish encrypted connections and thereby accept keyboard reports,
potentially permitting injection of HID (~keyboard) commands, despite no user
authorising such access.

ELA-1023-1 bluez security update


[DSA 5581-1] firefox-esr security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5581-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
December 20, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2023-6856 CVE-2023-6857 CVE-2023-6858 CVE-2023-6859
CVE-2023-6860 CVE-2023-6861 CVE-2023-6862 CVE-2023-6863
CVE-2023-6864 CVE-2023-6865 CVE-2023-6867

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, sandbox escape or clickjacking.

For the oldstable distribution (bullseye), these problems have been fixed
in version 115.6.0esr-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 115.6.0esr-1~deb12u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/