Debian GNU/Linux 8 (Stretch) and 9 (Buster) Extended LTS:
ELA-1181-1 libreoffice security update
Debian GNU/Linux 11 (Bullseye) LTS:
[SECURITY] [DLA 3890-1] galera-4 new upstream version
Debian GNU/Linux 12 (Bookworm):
[SECURITY] [DSA 5772-1] libreoffice security update
[SECURITY] [DSA 5771-1] php-twig security update
[SECURITY] [DSA 5770-1] expat security update
ELA-1181-1 libreoffice security update
Package : libreoffice
Version : 1:6.1.5-3+deb9u4 (stretch), 1:6.1.5-3+deb10u13 (buster)
Related CVEs :
CVE-2024-6472
libreoffice a popular office productivity software suite, was vulnerable.
Certificate Validation user interface in LibreOffice allowed a potential vulnerability.
Signed macros are scripts that have been digitally signed by the developer
using a cryptographic signature.
When a document with a signed macro is opened a warning is displayed by LibreOffice
before the macro is executed.
Previously, if verification failed the user could fail to understand the failure
and may choose to enable the macros anyway.
[SECURITY] [DLA 3890-1] galera-4 new upstream version
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3890-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Otto Kekäläinen
September 17, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : galera-4
Version : 26.4.20-0+deb11u1
A new stable version was released for galera-4, a synchronous
multimaster replication engine for MySQL and MariaDB.
This fixes several issues detailed at:
https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.19.txt
https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.20.txt
For Debian 11 bullseye, the new release is available in version
26.4.20-0+deb11u1.
We recommend that you upgrade your galera-4 packages.
For the detailed security status of galera-4 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/galera-4
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DSA 5772-1] libreoffice security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5772-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 17, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libreoffice
CVE ID : CVE-2024-7788
Yufan You discovered that Libreoffice's handling of documents based on
ZIP archives was suspectible to spoofing attacks when the repair mode
attempts to address a malformed archive structure.
For additional information please refer to
https://www.libreoffice.org/about-us/security/advisories/cve-2024-7788/
For the stable distribution (bookworm), this problem has been fixed in
version 4:7.4.7-1+deb12u5.
We recommend that you upgrade your libreoffice packages.
For the detailed security status of libreoffice please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libreoffice
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[SECURITY] [DSA 5771-1] php-twig security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5771-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 17, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : php-twig
CVE ID : CVE-2024-45411
Fabien Potencier discovered that under some conditions the sandbox
mechanism of Twig, a template engine for PHP, could by bypassed.
For the stable distribution (bookworm), this problem has been fixed in
version 3.5.1-1+deb12u1.
We recommend that you upgrade your php-twig packages.
For the detailed security status of php-twig please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php-twig
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[SECURITY] [DSA 5770-1] expat security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5770-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 17, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : expat
CVE ID : CVE-2024-45490 CVE-2024-45491 CVE-2024-45492
Shang-Hung Wan discovered multiple vulnerabilities in the Expat
XML parsing C library, which could result in denial of service or
potentially the execution of arbitrary code.
For the stable distribution (bookworm), these problems have been fixed in
version 2.5.0-1+deb12u1.
We recommend that you upgrade your expat packages.
For the detailed security status of expat please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/expat
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
