Debian 10382 Published by

Debian GNU/Linux Extended LTS has been updated with several security enhancements, including LibRabbitMQ, Intel-Microcode, FFMpeg, and Ruby:

Debian GNU/Linux 8 (Jessie) ELTS:
ELA-1363-1 librabbitmq security update

Debian GNU/Linux 8 (Jessie), 9 (Stretch), and 10 (Buster) ELTS:
ELA-1364-1 intel-microcode security update

Debian GNU/Linux 9 (Stretch) ELTS:
ELA-1360-1 ffmpeg security update
ELA-1330-1 ruby2.3 security update

Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS:
ELA-1362-1 librabbitmq security update

Debian GNU/Linux 10 (Buster) ELTS:
ELA-1361-1 ffmpeg security update



ELA-1363-1 librabbitmq security update


Package : librabbitmq
Version : 0.5.2-2+deb8u2 (jessie)

Related CVEs :
CVE-2023-35789

An issue has been found in librabbitmq, a AMQP client library and tools written in C.
The issue is related to credential visibility when using the tools on the command line.


ELA-1363-1 librabbitmq security update



ELA-1362-1 librabbitmq security update


Package : librabbitmq
Version : 0.8.0-1+deb9u1 (stretch), 0.9.0-0.2+deb10u1 (buster)

Related CVEs :
CVE-2019-18609
CVE-2023-35789

Several issues have been found in librabbitmq, a AMQP client library and tools written in C.
The issue are related to heap memory corruption due to integer overflow and credential
visibility when using the tools on the command line.


ELA-1362-1 librabbitmq security update



ELA-1361-1 ffmpeg security update


Package : ffmpeg
Version : 7:4.1.11-0+deb10u4 (buster)

Related CVEs :
CVE-2024-36613
CVE-2025-0518
CVE-2025-22919
CVE-2025-22921

Several issues have been found in ffmpeg, a library and tools for transcoding, streaming
and playing of multimedia files.
The issues are related to out-of-bounds read, assert errors and NULL pointer dereferences.


ELA-1361-1 ffmpeg security update



ELA-1360-1 ffmpeg security update


Package : ffmpeg
Version : 7:3.2.19-0+deb9u7 (stretch)

Related CVEs :
CVE-2024-36613
CVE-2025-0518
CVE-2025-22919

Several issues have been found in ffmpeg, a library and tools for transcoding, streaming
and playing of multimedia files.
The issues are related to out-of-bounds read, assert errors and NULL pointer dereferences.


ELA-1360-1 ffmpeg security update



ELA-1364-1 intel-microcode security update


Package : intel-microcode
Version : 3.20250211.1~deb8u1 (jessie), 3.20250211.1~deb9u1 (stretch), 3.20250211.1~deb10u1 (buster)

Related CVEs :
CVE-2023-34440
CVE-2023-43758
CVE-2024-24582
CVE-2024-28047
CVE-2024-28127
CVE-2024-29214
CVE-2024-31068
CVE-2024-31157
CVE-2024-36293
CVE-2024-37020
CVE-2024-39279
CVE-2024-39355

Microcode updates has been released for Intel(R) processors, addressing
multiple potential vulnerabilties that may allow local privilege escalation,
denial of service or information disclosure.

CVE-2023-34440 (INTEL-SA-01139)
Improper input validation in UEFI firmware for some Intel(R) Processors
may allow a privileged user to potentially enable escalation of
privilege via local access.

CVE-2023-43758 (INTEL-SA-01139)
Improper input validation in UEFI firmware for some Intel(R) processors
may allow a privileged user to potentially enable escalation of
privilege via local access.

CVE-2024-24582 (INTEL-SA-01139)
Improper input validation in XmlCli feature for UEFI firmware for some
Intel(R) processors may allow privileged user to potentially enable
escalation of privilege via local access.

CVE-2024-28047 (INTEL-SA-01139)
Improper input validation in UEFI firmware for some Intel(R) Processors
may allow a privileged user to potentially enable information disclosure
via local access.

CVE-2024-28127 (INTEL-SA-01139)
Improper input validation in UEFI firmware for some Intel(R) Processors
may allow a privileged user to potentially enable escalation of
privilege via local access.

CVE-2024-29214 (INTEL-SA-01139)
Improper input validation in UEFI firmware CseVariableStorageSmm for
some Intel(R) Processors may allow a privileged user to potentially
enable escalation of privilege via local access.

CVE-2024-31068 (INTEL-SA-01166)
Improper Finite State Machines (FSMs) in Hardware Logic for some
Intel(R) Processors may allow privileged user to potentially enable
denial of service via local access.

CVE-2024-31157 (INTEL-SA-01139)
Improper initialization in UEFI firmware OutOfBandXML module in some
Intel(R) Processors may allow a privileged user to potentially enable
information disclosure via local access.

CVE-2024-36293 (INTEL-SA-01213)
Improper access control in the EDECCSSA user leaf function for some
Intel(R) Processors with Intel(R) SGX may allow an authenticated user to
potentially enable denial of service via local access.

CVE-2024-37020 (INTEL-SA-01194)
Sequence of processor instructions leads to unexpected behavior in the
Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an
authenticated user to potentially enable denial of service via local
access.

CVE-2024-39279 (INTEL-SA-01139)
Insufficient granularity of access control in UEFI firmware in some
Intel(R) processors may allow a authenticated user to potentially enable
denial of service via local access.

CVE-2024-39355 (INTEL-SA-01228)
Improper handling of physical or environmental conditions in some
Intel(R) Processors may allow an authenticated user to enable denial of
service via local access.


ELA-1364-1 intel-microcode security update



ELA-1330-1 ruby2.3 security update


Package : ruby2.3
Version : 2.3.3-1+deb9u13 (stretch)

Related CVEs :
CVE-2021-28965
CVE-2024-35176
CVE-2024-39908
CVE-2024-41123
CVE-2024-41946
CVE-2024-43398
CVE-2024-49761

Multiple vulnerabilities were found in ruby a popular programming
language.

CVE-2024-35176
The REXML gem has a Denial of Service (DoS) vulnerability
when it parses an XML that has many ] and ]>.
If you need to parse untrusted XMLs, you may be impacted
to these vulnerabilities.

CVE-2024-41123
The REXML gem has some DoS vulnerabilities when it parses an XML
that has many specific characters such as whitespace character,
>] and ]>.

CVE-2024-41946
The REXML gem had a Denial of Service (DoS) vulnerability
when it parses an XML that has many entity expansions
with SAX2 or pull parser API.

CVE-2024-43398
REXML is an XML toolkit for Ruby.
The REXML gem before 3.3.6 has a Denial of Service (DoS)
vulnerability when it parses an XML that has many deep
elements that have same local name attributes.
If you need to parse untrusted XMLs with tree parser
API like REXML::Document.new, you may be impacted
to this vulnerability. If you use other parser APIs
such as stream parser API and SAX2 parser API,
you are not impacted.

CVE-2024-49761
REXML is an XML toolkit for Ruby.
The REXML gem before 3.3.9 has a ReDoS vulnerability
when it parses an XML that has many digits between
&# and x...; in a hex numeric character reference (&#x...;)


ELA-1330-1 ruby2.3 security update