Debian 10261 Published by

The following security updates are available for Debian GNU/Linux:

Debian GNU/Linux 8 Extended LTS 8 (Jessie) and 9 Extended LTS (Stretch):
ELA-1085-1 emacs24 security update
ELA-1087-1 glibc security update

Debian GNU/Linux 9 Extended LTS (Stretch):
ELA-1086-1 emacs25 security update

Debian GNU/Linux 10 LTS (Buster):
[DLA 3807-1] glibc security update

Debian GNU/Linux 11 (Bulleyes) and 12 (Bookworm):
[DSA 5679-1] less security update
[DSA 5678-1] glibc security update

Debian GNU/Linux 12 (Bookworm):
[DSA 5677-1] ruby3.1 security update



ELA-1086-1 emacs25 security update

Package : emacs25
Version : 25.1+1-4+deb9u3 (stretch)

Related CVEs :
CVE-2024-30203
CVE-2024-30204
CVE-2024-30205

Multiple problems were discovered in GNU Emacs, the extensible,
customisable, self-documenting display editor.

CVE-2024-30203 & CVE-2024-30204
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail
attachments in some Emacs MUAs. This can lead to denial of service.
(A request has been submitted to MITRE to merge these CVE numbers.)
CVE-2024-30205
In Emacs before 29.3, Org mode considers the contents of remote files to be
trusted. This affects Org Mode before 9.6.23.

ELA-1086-1 emacs25 security update


ELA-1085-1 emacs24 security update

Package : emacs24
Version : 24.4+1-5+deb8u3 (jessie), 24.5+1-11+deb9u3 (stretch)

Related CVEs :
CVE-2024-30203
CVE-2024-30204
CVE-2024-30205

Multiple problems were discovered in GNU Emacs, the extensible,
customisable, self-documenting display editor.

CVE-2024-30203 & CVE-2024-30204
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail
attachments in some Emacs MUAs. This can lead to denial of service.
(A request has been submitted to MITRE to merge these CVE numbers.)

CVE-2024-30205
In Emacs before 29.3, Org mode considers the contents of remote files to be
trusted. This affects Org Mode before 9.6.23.

ELA-1085-1 emacs24 security update


[DLA 3807-1] glibc security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3807-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
May 04, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : glibc
Version : 2.28-10+deb10u3
CVE ID : CVE-2024-2961
Debian Bug : 1069191

Out-of-bounds write in the iconv ISO-2022-CN-EXT module has been fixed
in the GNU C library.

For Debian 10 buster, this problem has been fixed in version
2.28-10+deb10u3.

We recommend that you upgrade your glibc packages.

For the detailed security status of glibc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/glibc

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



[DSA 5679-1] less security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5679-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 03, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : less
CVE ID : CVE-2022-48624 CVE-2024-32487
Debian Bug : 1064293 1068938 1069681

Several vulnerabilities were discovered in less, a file pager, which may
result in the execution of arbitrary commands if a file with a specially
crafted file name is processed.

For the oldstable distribution (bullseye), these problems have been fixed
in version 551-2+deb11u2.

For the stable distribution (bookworm), these problems have been fixed in
version 590-2.1~deb12u2.

We recommend that you upgrade your less packages.

For the detailed security status of less please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/less

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[DSA 5678-1] glibc security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5678-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 03, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : glibc
CVE ID : CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602

Several vulnerabilities were discovered in nscd, the Name Service Cache
Daemon in the GNU C library which may lead to denial of service or the
execution of arbitrary code.

For the oldstable distribution (bullseye), these problems have been fixed
in version 2.31-13+deb11u10.

For the stable distribution (bookworm), these problems have been fixed in
version 2.36-9+deb12u7.

We recommend that you upgrade your glibc packages.

For the detailed security status of glibc please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/glibc

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[DSA 5677-1] ruby3.1 security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5677-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 03, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ruby3.1
CVE ID : CVE-2024-27280 CVE-2024-27281 CVE-2024-27282

Several vulnerabilities have been discovered in the interpreter for
the Ruby language, which may result in information disclosure, denial
of service or the execution of arbitrary code.

For the stable distribution (bookworm), these problems have been fixed in
version 3.1.2-7+deb12u1.

We recommend that you upgrade your ruby3.1 packages.

For the detailed security status of ruby3.1 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby3.1

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


ELA-1087-1 glibc security update

Package : glibc
Version : 2.19-18+deb8u13 (jessie), 2.24-11+deb9u6 (stretch)

Related CVEs :
CVE-2024-2961

Out-of-bounds write in the iconv ISO-2022-CN-EXT module has been fixed
in the GNU C library.

ELA-1087-1 glibc security update