Debian 10228 Published by

The following security updates have been released for Debian GNU/Linux:

[DLA 3767-1] imagemagick security update
[DSA 5626-2] pdns-recursor regression update
[DSA 5642-1] php-dompdf-svg-lib security update
ELA-1061-1 postgresql-9.4 security update
ELA-1060-1 postgresql-9.6 security update




[DLA 3767-1] imagemagick security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3767-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Bastien Roucaries
March 20, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : imagemagick
Version : 8:6.9.10.23+dfsg-2.1+deb10u7
CVE ID : CVE-2022-48541

A memory leak was found in imagemagick a popular software suite for
displaying, creating, converting, modifying, and editing raster images.

For Debian 10 buster, this problem has been fixed in version
8:6.9.10.23+dfsg-2.1+deb10u7.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



[DSA 5626-2] pdns-recursor regression update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5626-2 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 20, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : pdns-recursor

One of the upstream changes in the update released as DSA 5626 contained
a regression in the zoneToCache function. Updated pdns-recursor packages
are available to correct this issue.

For the stable distribution (bookworm), this problem has been fixed in
version 4.8.7-1.

We recommend that you upgrade your pdns-recursor packages.

For the detailed security status of pdns-recursor please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pdns-recursor

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[DSA 5642-1] php-dompdf-svg-lib security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5642-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 20, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : php-dompdf-svg-lib
CVE ID : CVE-2023-50251 CVE-2023-50252 CVE-2024-25117

Three security issues were discovered in php-svg-lib, a PHP library to
read, parse and export to PDF SVG files, which could result in denial
of service, restriction bypass or the execution of arbitrary code.

For the stable distribution (bookworm), these problems have been fixed in
version 0.5.0-3+deb12u1.

We recommend that you upgrade your php-dompdf-svg-lib packages.

For the detailed security status of php-dompdf-svg-lib please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php-dompdf-svg-lib

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


ELA-1061-1 postgresql-9.4 security update

Package : postgresql-9.4
Version : 9.4.26-0+deb8u9 (jessie)

Related CVEs :
CVE-2024-0985

In the PostgreSQL database server, a late privilege drop in the
REFRESH MATERIALIZED VIEW CONCURRENTLY command could allow an
attacker to trick a user with higher privileges to run SQL commands.

ELA-1061-1 postgresql-9.4 security update


ELA-1060-1 postgresql-9.6 security update

Package : postgresql-9.6
Version : 9.6.24-0+deb9u6 (stretch)

Related CVEs :
CVE-2024-0985

In the PostgreSQL database server, a late privilege drop in the
REFRESH MATERIALIZED VIEW CONCURRENTLY command could allow an
attacker to trick a user with higher privileges to run SQL commands.

ELA-1060-1 postgresql-9.6 security update