Debian 10264 Published by

The following security updates have been released for Debian GNU/Linux:

Debian GNU/Linux 9 (Stretch) Extended LTS:
ELA-1103-1 inetutils security update
ELA-1104-1 nghttp2 security update

Debian GNU/Linux 12 (Bookworm):
[DSA 5701-1] chromium security update



ELA-1103-1 inetutils security update

Package : inetutils
Version : 2:1.9.4-2+deb9u3 (stretch)

Related CVEs :
CVE-2019-0053
CVE-2023-40303

Two vulnerabilities were fixed in inetutils,
the GNU network utilities.

CVE-2019-0053
Insufficient validation of environment variables in telnet

CVE-2023-40303
Possible privilege escalation in ftpd, rcp, rlogin, rsh, rshd, and uucpd when a set*id() family function like setuid() fails

ELA-1103-1 inetutils security update


[DSA 5701-1] chromium security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5701-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
May 31, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2024-5493 CVE-2024-5494 CVE-2024-5495 CVE-2024-5496
CVE-2024-5497 CVE-2024-5498 CVE-2024-5499

Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

For the stable distribution (bookworm), these problems have been fixed in
version 125.0.6422.141-1~deb12u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


ELA-1104-1 nghttp2 security update

Package : nghttp2
Version : 1.18.1-1+deb9u4 (stretch)

Related CVEs :
CVE-2024-28182

An issue has been found in nghttp2, a library, server, proxy and client implementing HTTP/2.
An implementation using the nghttp2 library will continue to receive CONTINUATION frames,
and will not callback to the application to allow visibility into this information before
it resets the stream, resulting in Denial of Service.

ELA-1104-1 nghttp2 security update