Debian 10261 Published by

The following security updates have been released for Debian GNU/Linux:

Debian GNU/Linux 8 (Jessie):
ELA-1106-1 apache2 security update

Debian GNU/Linux 10 (Buster):
[DLA 3827-1] plasma-workspace security update
[DLA 3828-1] atril security update

Debian GNU/Linux 12 (Bookworm):
[DSA 5710-1] chromium security update



[DSA 5710-1] chromium security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5710-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
June 14, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2024-5830 CVE-2024-5831 CVE-2024-5832 CVE-2024-5833
CVE-2024-5834 CVE-2024-5835 CVE-2024-5836 CVE-2024-5837
CVE-2024-5838 CVE-2024-5839 CVE-2024-5840 CVE-2024-5841
CVE-2024-5842 CVE-2024-5843 CVE-2024-5844 CVE-2024-5845
CVE-2024-5846 CVE-2024-5847

Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

For the stable distribution (bookworm), these problems have been fixed in
version 126.0.6478.56-1~deb12u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[DLA 3827-1] plasma-workspace security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3827-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
June 14, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : plasma-workspace
Version : 4:5.14.5.1-1+deb10u1
CVE ID : CVE-2024-36041

Unauthorized local user access to the session manager has been fixed in
the Plasma Workspace component of the KDE Plasma desktop environment.

For Debian 10 buster, this problem has been fixed in version
4:5.14.5.1-1+deb10u1.

We recommend that you upgrade your plasma-workspace packages.

For the detailed security status of plasma-workspace please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/plasma-workspace

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



ELA-1106-1 apache2 security update

Package : apache2
Version : 2.4.10-10+deb8u27 (jessie)

Related CVEs :

CVE-2023-38709

Faulty input validation in the core of Apache allowed malicious or exploitable backend/content generators to split HTTP responses

ELA-1106-1 apache2 security update


[DLA 3828-1] atril security update


-------------------------------------------------------------------------
Debian LTS Advisory DLA-3828-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Santiago Ruano Rincón
June 14, 2024 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : atril
Version : 1.20.3-1+deb10u2
CVE ID : CVE-2023-52076
Debian Bug : 1061522

A vulnerability was discovered in Atril, a simple document viewer designed for
the MATE desktop environment.

CVE-2023-52076

A missing input sanitising could result in writing arbitrary files if a
malformed epub document is opened, that could result in arbitrary code
execution.

For Debian 10 buster, these problems have been fixed in version
1.20.3-1+deb10u2. This update also disables support for comic book archives,
mitigating CVE-2023-51698.

We recommend that you upgrade your atril packages.

For the detailed security status of atril please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/atril

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS