Debian 10260 Published by

The following security updates are available for Debian GNU/Linux 11 (Bullseye) and 12 (Bookworm):

[DSA 5728-1] exim4 security update
[DSA 5727-1] firefox-esr security update




[DSA 5728-1] exim4 security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5728-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 10, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : exim4
CVE ID : CVE-2024-39929
Debian Bug : 1075785

Phillip Szelat discovered that Exim, a mail transport agent, does not
properly parse a multiline RFC 2231 header filename, allowing a remote
attacker to bypass a $mime_filename based extension-blocking protection
mechanism.

For the oldstable distribution (bullseye), this problem has been fixed
in version 4.94.2-7+deb11u3.

For the stable distribution (bookworm), this problem has been fixed in
version 4.96-15+deb12u5.

We recommend that you upgrade your exim4 packages.

For the detailed security status of exim4 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/exim4

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[DSA 5727-1] firefox-esr security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5727-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 10, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2024-6601 CVE-2024-6602 CVE-2024-6603 CVE-2024-6604

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code or privilege escalation.

For the oldstable distribution (bullseye), these problems have been fixed
in version 115.13.0esr-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 115.13.0esr-1~deb12u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/