[DLA 3795-1] knot-resolver security update
ELA-1078-1 util-linux security update
ELA-1077-1 tomcat8 security update
ELA-1076-1 tomcat7 security update
[DSA 5675-1] chromium security update
[DLA 3795-1] knot-resolver security update
-------------------------------------------------------------------------
Debian LTS Advisory DLA-3795-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Markus Koschany
April 26, 2024 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : knot-resolver
Version : 3.2.1-3+deb10u2
CVE ID : CVE-2019-10190 CVE-2019-10191 CVE-2019-19331 CVE-2020-12667
Debian Bug : 932048 946181 961076
Several security vulnerabilities have been discovered in knot-resolver, a
caching, DNSSEC-validating DNS resolver which may allow remote attackers to
bypass DNSSEC validation or cause a denial-of-service.
For Debian 10 buster, these problems have been fixed in version
3.2.1-3+deb10u2.
We recommend that you upgrade your knot-resolver packages.
For the detailed security status of knot-resolver please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/knot-resolver
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
ELA-1078-1 util-linux security update
Package : util-linux
Version : 2.26.2-6+deb8u1 (jessie), 2.29.2-1+deb9u2 (stretch)
Related CVEs :
CVE-2021-37600
An integer overflow attack was discovered in util-linux which could
have caused a buffer overflow if an attacker were able to use system resources
in a way that leads to a large number in the /proc/sysvipc/sem file.
ELA-1077-1 tomcat8 security update
Package : tomcat8
Version : 8.0.14-1+deb8u28 (jessie)
Related CVEs :
CVE-2023-46589
Norihito Aimoto of OSSTech Corporation discovered a security vulnerability in
the Tomcat servlet and JSP engine.
A trailer header that exceeded the header size limit could cause Tomcat to
treat a single request as multiple requests leading to the possibility of
request smuggling when behind a reverse proxy.
ELA-1076-1 tomcat7 security update
Package : tomcat7
Version : 7.0.56-3+really7.0.109-1+deb8u6 (jessie)
Related CVEs :
CVE-2023-46589
Norihito Aimoto of OSSTech Corporation discovered a security vulnerability in
the Tomcat servlet and JSP engine.
A trailer header that exceeded the header size limit could cause Tomcat to
treat a single request as multiple requests leading to the possibility of
request smuggling when behind a reverse proxy.
[DSA 5675-1] chromium security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5675-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
April 26, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium
CVE ID : CVE-2024-4058 CVE-2024-4059 CVE-2024-4060
Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
For the stable distribution (bookworm), these problems have been fixed in
version 124.0.6367.78-1~deb12u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
