Debian 10228 Published by

Updated Chromium and GTKWave packages have been released for Debian GNU/Linux to address security vulnerabilities, potentially leading to arbitrary code execution, denial of service, or information disclosure:

[DSA 5654-1] chromium security update
[DSA 5653-1] gtkwave security update




[DSA 5654-1] chromium security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5654-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
April 03, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2024-3156 CVE-2024-3158 CVE-2024-3159

Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

For the stable distribution (bookworm), these problems have been fixed in
version 123.0.6312.105-1~deb12u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[DSA 5653-1] gtkwave security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5653-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 03, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : gtkwave
CVE ID : CVE-2023-32650 CVE-2023-34087 CVE-2023-34436 CVE-2023-35004
CVE-2023-35057 CVE-2023-35128 CVE-2023-35702 CVE-2023-35703
CVE-2023-35704 CVE-2023-35955 CVE-2023-35956 CVE-2023-35957
CVE-2023-35958 CVE-2023-35959 CVE-2023-35960 CVE-2023-35961
CVE-2023-35962 CVE-2023-35963 CVE-2023-35964 CVE-2023-35969
CVE-2023-35970 CVE-2023-35989 CVE-2023-35992 CVE-2023-35994
CVE-2023-35995 CVE-2023-35996 CVE-2023-35997 CVE-2023-36746
CVE-2023-36747 CVE-2023-36861 CVE-2023-36864 CVE-2023-36915
CVE-2023-36916 CVE-2023-37282 CVE-2023-37416 CVE-2023-37417
CVE-2023-37418 CVE-2023-37419 CVE-2023-37420 CVE-2023-37442
CVE-2023-37443 CVE-2023-37444 CVE-2023-37445 CVE-2023-37446
CVE-2023-37447 CVE-2023-37573 CVE-2023-37574 CVE-2023-37575
CVE-2023-37576 CVE-2023-37577 CVE-2023-37578 CVE-2023-37921
CVE-2023-37922 CVE-2023-37923 CVE-2023-38583 CVE-2023-38618
CVE-2023-38619 CVE-2023-38620 CVE-2023-38621 CVE-2023-38622
CVE-2023-38623 CVE-2023-38648 CVE-2023-38649 CVE-2023-38650
CVE-2023-38651 CVE-2023-38652 CVE-2023-38653 CVE-2023-38657
CVE-2023-39234 CVE-2023-39235 CVE-2023-39270 CVE-2023-39271
CVE-2023-39272 CVE-2023-39273 CVE-2023-39274 CVE-2023-39275
CVE-2023-39316 CVE-2023-39317 CVE-2023-39413 CVE-2023-39414
CVE-2023-39443 CVE-2023-39444

Claudio Bozzato discovered multiple security issues in gtkwave, a file
waveform viewer for VCD (Value Change Dump) files, which may result in the
execution of arbitrary code if malformed files are opened.

For the oldstable distribution (bullseye), these problems have been fixed
in version 3.3.104+really3.3.118-0+deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 3.3.118-0.1~deb12u1.

We recommend that you upgrade your gtkwave packages.

For the detailed security status of gtkwave please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gtkwave

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/