Debian 10260 Published by

The following updates have been released for Debian GNU/Linux:

Debian GNU/Linux 8 (Jessie) and 9 (Stretch) Extended LTS:
ELA-1088-1 intel-microcode security update

Debian GNU/Linux 10 (Buster) LTS:
[DLA 3809-1] libkf5ksieve security update



[DLA 3809-1] libkf5ksieve security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3809-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
May 05, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : libkf5ksieve
Version : 4:18.08.3-2+deb10u1
CVE ID : CVE-2023-52723
Debian Bug : 1069163

A bug in libkf5ksieve, an email filtering library for KDE,
exposed the user password in plaintext server logs.

For Debian 10 buster, this problem has been fixed in version
4:18.08.3-2+deb10u1.

We recommend that you upgrade your libkf5ksieve packages.

For the detailed security status of libkf5ksieve please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libkf5ksieve

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



ELA-1088-1 intel-microcode security update

Package : intel-microcode
Version : 3.20240312.1~deb8u1 (jessie), 3.20240312.1~deb9u1 (stretch)

Related CVEs :
CVE-2023-22655
CVE-2023-28746
CVE-2023-38575
CVE-2023-39368
CVE-2023-43490

Intel has released microcode updates, addressing serveral vulnerabilties:

CVE-2023-22655
Protection mechanism failure in some 3rd and 4th Generation Intel(R)
Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow
a privileged user to potentially enable escalation of privilege via
local access.

CVE-2023-28746
Information exposure through microarchitectural state after
transient execution from some register files for some Intel(R)
Atom(R) Processors may allow an authenticated user to potentially
enable information disclosure via local access.

CVE-2023-38575
Non-transparent sharing of return predictor targets between contexts
in some Intel(R) Processors may allow an authorized user to
potentially enable information disclosure via local access.

CVE-2023-39368
Protection mechanism failure of bus lock regulator for some Intel(R)
Processors may allow an unauthenticated user to potentially enable
denial of service via network access.

CVE-2023-43490
Incorrect calculation in microcode keying mechanism for some
Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a
privileged user to potentially enable information disclosure via
local access.

ELA-1088-1 intel-microcode security update