Debian GNU/Linux 9 (Stretch) Extended LTS:
ELA-1103-1 inetutils security update
ELA-1104-1 nghttp2 security update
Debian GNU/Linux 12 (Bookworm):
[DSA 5701-1] chromium security update
ELA-1103-1 inetutils security update
Package : inetutils
Version : 2:1.9.4-2+deb9u3 (stretch)
Related CVEs :
CVE-2019-0053
CVE-2023-40303
Two vulnerabilities were fixed in inetutils,
the GNU network utilities.
CVE-2019-0053
Insufficient validation of environment variables in telnet
CVE-2023-40303
Possible privilege escalation in ftpd, rcp, rlogin, rsh, rshd, and uucpd when a set*id() family function like setuid() fails
[DSA 5701-1] chromium security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5701-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
May 31, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium
CVE ID : CVE-2024-5493 CVE-2024-5494 CVE-2024-5495 CVE-2024-5496
CVE-2024-5497 CVE-2024-5498 CVE-2024-5499
Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
For the stable distribution (bookworm), these problems have been fixed in
version 125.0.6422.141-1~deb12u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
ELA-1104-1 nghttp2 security update
Package : nghttp2
Version : 1.18.1-1+deb9u4 (stretch)
Related CVEs :
CVE-2024-28182
An issue has been found in nghttp2, a library, server, proxy and client implementing HTTP/2.
An implementation using the nghttp2 library will continue to receive CONTINUATION frames,
and will not callback to the application to allow visibility into this information before
it resets the stream, resulting in Denial of Service.
