Debian GNU/Linux 8 (Jessie) and 9 (Buster) Extended LTS:
ELA-1227-1 libxml2 security update
Debian GNU/Linux 12 (Bookworm):
[DSA 5802-1] chromium security update
ELA-1227-1 libxml2 security update
Package : libxml2
Version : 2.9.1+dfsg1-5+deb8u17 (jessie), 2.9.4+dfsg1-7+deb10u9 (buster)
Related CVEs :
CVE-2016-9318
CVE-2017-16932
CVE-2023-39615
CVE-2023-45322
CVE-2024-25062
Several vulnerabilities were discovered in libxml2, a library providing
support to read, modify and write XML and HTML files, potentially allowing
an attacker to perform denial of service or trigger an use-after-free situation.
CVE-2016-9318 (Debian 8 update only)
XML External Entity (XXE) attacks via a crafted document.
Note: CVE-2016-9318 has been previously addressed for Debian 10 (buster) in ELA-1195.
CVE-2017-16932
When expanding a parameter entity in a DTD, infinite recursion could lead to
an infinite loop or memory exhaustion.
CVE-2023-39615
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via
the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability
allows attackers to cause a Denial of Service (DoS) via supplying a crafted
XML file.
CVE-2023-45322
libxml2 through 2.11.5 has a use-after-free that can only occur after a
certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c.
CVE-2024-25062
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5.
When using the XML Reader interface with DTD validation and XInclude
expansion enabled, processing crafted XML documents can lead to an
xmlValidatePopElement use-after-free.
[SECURITY] [DSA 5802-1] chromium security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5802-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
November 03, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium
CVE ID : CVE-2024-10487 CVE-2024-10488
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
For the stable distribution (bookworm), these problems have been fixed in
version 130.0.6723.91-1~deb12u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
