Gunicorn, Libpgjava, Astropy, Chromium updates for Debian

Debian 10259 Published by

Debian GNU/Linux has been updated with several security enhancements, including updates for gunicorn, a regression fix for libpgjava, a bugfix for astropy, and a security update for chromium:

Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1275-1 libpgjava regression update
ELA-1274-1 astropy bugfix update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 3996-1] gunicorn security update

Debian GNU/Linux 12 (Bookworm):
[DSA 5834-1] chromium security update




[SECURITY] [DLA 3996-1] gunicorn security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3996-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
December 20, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : gunicorn
Version : 20.1.0-1+deb11u1
CVE ID : CVE-2024-1135
Debian Bug : 1069126

HTTP Request Smuggling has been fixed in the Python WSGI HTTP Server Gunicorn.

For Debian 11 bullseye, this problem has been fixed in version
20.1.0-1+deb11u1.

We recommend that you upgrade your gunicorn packages.

For the detailed security status of gunicorn please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gunicorn

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



ELA-1275-1 libpgjava regression update

Package : libpgjava
Version : 42.2.5-2+deb10u5 (buster)

A regression in PgResultSet.refreshRow() introduced by the CVE-2022-31197 fix in 42.2.5-2+deb10u2 has been fixed in the PostgreSQL JDBC Driver.

ELA-1275-1 libpgjava regression update


ELA-1274-1 astropy bugfix update

Package : astropy
Version : 3.1.2-2+deb10u2 (buster)

Due to an issue unrelated to the DLA changes, the DLA-3803-1 update of astropy (an Astronomy package for Python) containing the CVE-2023-41334 fix had bever been successfully built.

ELA-1274-1 astropy bugfix update


[SECURITY] [DSA 5834-1] chromium security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5834-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
December 20, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2024-12692 CVE-2024-12693 CVE-2024-12694 CVE-2024-12695

Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.

For the stable distribution (bookworm), these problems have been fixed in
version 131.0.6778.204-1~deb12u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

DPDK and Linux Kernel updates for Ubuntu

Godot 4.4 Dev 7 released

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...