Debian 10225 Published by

The following security updates have been released for Debian GNU/Linux:

Debian GNU/Linux 9 Extended LTS (Stretch):
ELA-1115-1 glib2.0 security update

Debian GNU/Linux 10 LTS (Buster):
[DLA 3843-1] linux-5.10 security update
[DLA 3840-1] linux security update
[DLA 3845-1] dlt-daemon security update

Debian GNU/Linux 11 (Bullseye) and 12 (Bookworm):
[DSA 5723-1] plasma-workspace security update



[DLA 3843-1] linux-5.10 security update


-------------------------------------------------------------------------
Debian LTS Advisory DLA-3843-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Ben Hutchings
June 27, 2024 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : linux-5.10
Version : 5.10.218-1~deb10u1
CVE ID : CVE-2022-48655 CVE-2023-52585 CVE-2023-52882 CVE-2024-26900
CVE-2024-27398 CVE-2024-27399 CVE-2024-27401 CVE-2024-35848
CVE-2024-35947 CVE-2024-36017 CVE-2024-36031 CVE-2024-36883
CVE-2024-36886 CVE-2024-36889 CVE-2024-36902 CVE-2024-36904
CVE-2024-36905 CVE-2024-36916 CVE-2024-36919 CVE-2024-36929
CVE-2024-36933 CVE-2024-36934 CVE-2024-36939 CVE-2024-36940
CVE-2024-36941 CVE-2024-36946 CVE-2024-36950 CVE-2024-36953
CVE-2024-36954 CVE-2024-36957 CVE-2024-36959 CVE-2024-36960

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

For Debian 10 buster, these problems have been fixed in version
5.10.218-1~deb10u1. This additionally includes many more bug fixes
from stable updates 5.10.217-5.10.218 inclusive.

We recommend that you upgrade your linux-5.10 packages.

For the detailed security status of linux-5.10 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux-5.10

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



ELA-1115-1 glib2.0 security update

Package : glib2.0
Version : 2.50.3-2+deb9u6 (stretch)

Related CVEs :
CVE-2024-34397

Alicia Boya Garcia reported that the GDBus signal subscriptions in the
GLib library are prone to a spoofing vulnerability. A local attacker can
take advantage of this flaw to cause a GDBus-based client to behave
incorrectly, with an application-dependent impact.

ELA-1115-1 glib2.0 security update


[DLA 3840-1] linux security update


-------------------------------------------------------------------------
Debian LTS Advisory DLA-3840-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Ben Hutchings
June 25, 2024 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : linux
Version : 4.19.316-1
CVE ID : CVE-2021-33630 CVE-2022-48627 CVE-2023-0386 CVE-2023-6040
CVE-2023-6270 CVE-2023-7042 CVE-2023-46838 CVE-2023-47233
CVE-2023-52340 CVE-2023-52429 CVE-2023-52436 CVE-2023-52439
CVE-2023-52443 CVE-2023-52444 CVE-2023-52445 CVE-2023-52449
CVE-2023-52464 CVE-2023-52469 CVE-2023-52470 CVE-2023-52486
CVE-2023-52583 CVE-2023-52587 CVE-2023-52594 CVE-2023-52599
CVE-2023-52600 CVE-2023-52601 CVE-2023-52602 CVE-2023-52603
CVE-2023-52604 CVE-2023-52609 CVE-2023-52612 CVE-2023-52615
CVE-2023-52619 CVE-2023-52620 CVE-2023-52622 CVE-2023-52623
CVE-2023-52628 CVE-2023-52644 CVE-2023-52650 CVE-2023-52670
CVE-2023-52679 CVE-2023-52683 CVE-2023-52691 CVE-2023-52693
CVE-2023-52698 CVE-2023-52699 CVE-2023-52880 CVE-2024-0340
CVE-2024-0607 CVE-2024-1086 CVE-2024-22099 CVE-2024-23849
CVE-2024-23851 CVE-2024-24857 CVE-2024-24858 CVE-2024-24861
CVE-2024-25739 CVE-2024-26597 CVE-2024-26600 CVE-2024-26602
CVE-2024-26606 CVE-2024-26615 CVE-2024-26625 CVE-2024-26633
CVE-2024-26635 CVE-2024-26636 CVE-2024-26642 CVE-2024-26645
CVE-2024-26651 CVE-2024-26663 CVE-2024-26664 CVE-2024-26671
CVE-2024-26675 CVE-2024-26679 CVE-2024-26685 CVE-2024-26696
CVE-2024-26697 CVE-2024-26704 CVE-2024-26720 CVE-2024-26722
CVE-2024-26735 CVE-2024-26744 CVE-2024-26752 CVE-2024-26754
CVE-2024-26763 CVE-2024-26764 CVE-2024-26766 CVE-2024-26772
CVE-2024-26773 CVE-2024-26777 CVE-2024-26778 CVE-2024-26779
CVE-2024-26791 CVE-2024-26793 CVE-2024-26801 CVE-2024-26805
CVE-2024-26816 CVE-2024-26817 CVE-2024-26820 CVE-2024-26825
CVE-2024-26839 CVE-2024-26840 CVE-2024-26845 CVE-2024-26851
CVE-2024-26852 CVE-2024-26857 CVE-2024-26859 CVE-2024-26863
CVE-2024-26874 CVE-2024-26875 CVE-2024-26878 CVE-2024-26880
CVE-2024-26883 CVE-2024-26884 CVE-2024-26889 CVE-2024-26894
CVE-2024-26898 CVE-2024-26901 CVE-2024-26903 CVE-2024-26917
CVE-2024-26922 CVE-2024-26923 CVE-2024-26931 CVE-2024-26934
CVE-2024-26955 CVE-2024-26956 CVE-2024-26965 CVE-2024-26966
CVE-2024-26969 CVE-2024-26973 CVE-2024-26974 CVE-2024-26976
CVE-2024-26981 CVE-2024-26984 CVE-2024-26993 CVE-2024-26994
CVE-2024-26997 CVE-2024-27001 CVE-2024-27008 CVE-2024-27013
CVE-2024-27020 CVE-2024-27024 CVE-2024-27028 CVE-2024-27043
CVE-2024-27046 CVE-2024-27059 CVE-2024-27074 CVE-2024-27075
CVE-2024-27077 CVE-2024-27078 CVE-2024-27388 CVE-2024-27395
CVE-2024-27396 CVE-2024-27398 CVE-2024-27399 CVE-2024-27401
CVE-2024-27405 CVE-2024-27410 CVE-2024-27412 CVE-2024-27413
CVE-2024-27416 CVE-2024-27419 CVE-2024-27436 CVE-2024-31076
CVE-2024-33621 CVE-2024-35789 CVE-2024-35806 CVE-2024-35807
CVE-2024-35809 CVE-2024-35811 CVE-2024-35815 CVE-2024-35819
CVE-2024-35821 CVE-2024-35822 CVE-2024-35823 CVE-2024-35825
CVE-2024-35828 CVE-2024-35830 CVE-2024-35835 CVE-2024-35847
CVE-2024-35849 CVE-2024-35877 CVE-2024-35886 CVE-2024-35888
CVE-2024-35893 CVE-2024-35898 CVE-2024-35902 CVE-2024-35910
CVE-2024-35915 CVE-2024-35922 CVE-2024-35925 CVE-2024-35930
CVE-2024-35933 CVE-2024-35935 CVE-2024-35936 CVE-2024-35944
CVE-2024-35947 CVE-2024-35955 CVE-2024-35960 CVE-2024-35969
CVE-2024-35973 CVE-2024-35978 CVE-2024-35982 CVE-2024-35984
CVE-2024-35997 CVE-2024-36004 CVE-2024-36014 CVE-2024-36015
CVE-2024-36016 CVE-2024-36017 CVE-2024-36020 CVE-2024-36286
CVE-2024-36288 CVE-2024-36883 CVE-2024-36886 CVE-2024-36902
CVE-2024-36904 CVE-2024-36905 CVE-2024-36919 CVE-2024-36933
CVE-2024-36934 CVE-2024-36940 CVE-2024-36941 CVE-2024-36946
CVE-2024-36950 CVE-2024-36954 CVE-2024-36959 CVE-2024-36960
CVE-2024-36964 CVE-2024-36971 CVE-2024-37353 CVE-2024-37356
CVE-2024-38381 CVE-2024-38549 CVE-2024-38552 CVE-2024-38558
CVE-2024-38559 CVE-2024-38560 CVE-2024-38565 CVE-2024-38567
CVE-2024-38578 CVE-2024-38579 CVE-2024-38582 CVE-2024-38583
CVE-2024-38587 CVE-2024-38589 CVE-2024-38596 CVE-2024-38598
CVE-2024-38599 CVE-2024-38601 CVE-2024-38612 CVE-2024-38618
CVE-2024-38621 CVE-2024-38627 CVE-2024-38633 CVE-2024-38634
CVE-2024-38637 CVE-2024-38659 CVE-2024-38780 CVE-2024-39292

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

For Debian 10 buster, these problems have been fixed in version
4.19.316-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



[DLA 3845-1] dlt-daemon security update


-------------------------------------------------------------------------
Debian LTS Advisory DLA-3845-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Markus Koschany
June 27, 2024 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : dlt-daemon
Version : 2.18.0-1+deb10u2
CVE ID : CVE-2022-39836 CVE-2022-39837 CVE-2023-26257 CVE-2023-36321

Several flaws were discovered in dlt-daemon, a Diagnostic Log and Trace logging
daemon. Buffer overflows and memory leaks may lead to a denial of service or
other unspecified impact.

For Debian 10 buster, these problems have been fixed in version
2.18.0-1+deb10u2.

We recommend that you upgrade your dlt-daemon packages.

For the detailed security status of dlt-daemon please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dlt-daemon

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



[DSA 5723-1] plasma-workspace security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5723-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 27, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : plasma-workspace
CVE ID : CVE-2024-36041

Fabian Vogt discovered that the KDE session management server
insufficiently restricted ICE connections from localhost, which could
allow a local attacker to execute arbitrary code as another user on
next boot.

For the oldstable distribution (bullseye), this problem has been fixed
in version 4:5.20.5-6+deb11u1.

For the stable distribution (bookworm), this problem has been fixed in
version 4:5.27.5-2+deb12u2.

We recommend that you upgrade your plasma-workspace packages.

For the detailed security status of plasma-workspace please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/plasma-workspace

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/