Debian 10270 Published by

The following security updates have been released for Debian GNU/Linux:

[DLA 3795-1] knot-resolver security update
ELA-1078-1 util-linux security update
ELA-1077-1 tomcat8 security update
ELA-1076-1 tomcat7 security update
[DSA 5675-1] chromium security update




[DLA 3795-1] knot-resolver security update


-------------------------------------------------------------------------
Debian LTS Advisory DLA-3795-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Markus Koschany
April 26, 2024 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : knot-resolver
Version : 3.2.1-3+deb10u2
CVE ID : CVE-2019-10190 CVE-2019-10191 CVE-2019-19331 CVE-2020-12667
Debian Bug : 932048 946181 961076

Several security vulnerabilities have been discovered in knot-resolver, a
caching, DNSSEC-validating DNS resolver which may allow remote attackers to
bypass DNSSEC validation or cause a denial-of-service.

For Debian 10 buster, these problems have been fixed in version
3.2.1-3+deb10u2.

We recommend that you upgrade your knot-resolver packages.

For the detailed security status of knot-resolver please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/knot-resolver

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



ELA-1078-1 util-linux security update

Package : util-linux


Version : 2.26.2-6+deb8u1 (jessie), 2.29.2-1+deb9u2 (stretch)


Related CVEs :

CVE-2021-37600



An integer overflow attack was discovered in util-linux which could
have caused a buffer overflow if an attacker were able to use system resources
in a way that leads to a large number in the /proc/sysvipc/sem file.

ELA-1078-1 util-linux security update


ELA-1077-1 tomcat8 security update

Package : tomcat8


Version : 8.0.14-1+deb8u28 (jessie)


Related CVEs :

CVE-2023-46589



Norihito Aimoto of OSSTech Corporation discovered a security vulnerability in
the Tomcat servlet and JSP engine.
A trailer header that exceeded the header size limit could cause Tomcat to
treat a single request as multiple requests leading to the possibility of
request smuggling when behind a reverse proxy.

ELA-1077-1 tomcat8 security update


ELA-1076-1 tomcat7 security update

Package : tomcat7


Version : 7.0.56-3+really7.0.109-1+deb8u6 (jessie)


Related CVEs :

CVE-2023-46589



Norihito Aimoto of OSSTech Corporation discovered a security vulnerability in
the Tomcat servlet and JSP engine.
A trailer header that exceeded the header size limit could cause Tomcat to
treat a single request as multiple requests leading to the possibility of
request smuggling when behind a reverse proxy.

ELA-1076-1 tomcat7 security update


[DSA 5675-1] chromium security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5675-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
April 26, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2024-4058 CVE-2024-4059 CVE-2024-4060

Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

For the stable distribution (bookworm), these problems have been fixed in
version 124.0.6367.78-1~deb12u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/