Debian 10225 Published by

The following security updates are available for Debian GNU/Linux:

[DSA 5692-1] ghostscript security update
[DSA 5691-1] firefox-esr security update
[DSA 5689-1] chromium security update
[DSA 5690-1] libreoffice security update




[DSA 5692-1] ghostscript security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5692-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 15, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2023-52722 CVE-2024-29510 CVE-2024-33869 CVE-2024-33870
CVE-2024-33871

Multiple security issues were discovered in Ghostscript, the GPL
PostScript/PDF interpreter, which could result in denial of service and
potentially the execution of arbitrary code if malformed document files
are processed.

For the oldstable distribution (bullseye), these problems have been fixed
in version 9.53.3~dfsg-7+deb11u7.

For the stable distribution (bookworm), these problems have been fixed in
version 10.0.0~dfsg-11+deb12u4.

We recommend that you upgrade your ghostscript packages.

For the detailed security status of ghostscript please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/ghostscript

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[DSA 5691-1] firefox-esr security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5691-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 15, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2024-4367 CVE-2024-4767 CVE-2024-4768 CVE-2024-4769
CVE-2024-4770 CVE-2024-4777

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code or clickjacking.

For the oldstable distribution (bullseye), these problems have been fixed
in version 115.11.0esr-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 115.11.0esr-1~deb12u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[DSA 5689-1] chromium security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5689-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
May 15, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2024-4761

A security issue was discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure. Google is aware that an exploit for CVE-2024-4761 exists
in the wild.

For the stable distribution (bookworm), this problem has been fixed in
version 124.0.6367.207-1~deb12u1.

We highly recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[DSA 5690-1] libreoffice security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5690-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 15, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2024-3044

Amel Bouziane-Leblond discovered that LibreOffice's support for binding
scripts to click events on graphics could result in unchecked script
execution.

For the oldstable distribution (bullseye), this problem has been fixed
in version 1:7.0.4-4+deb11u9.

For the stable distribution (bookworm), this problem has been fixed in
version 4:7.4.7-1+deb12u2.

We recommend that you upgrade your libreoffice packages.

For the detailed security status of libreoffice please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libreoffice

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/