Debian GNU/Linux 11 (Bullseye) LTS:
[SECURITY] [DLA 3896-1] mediawiki security update
[SECURITY] [DLA 3897-1] trafficserver security update
Debian GNU/Linux 12 (Bookworm):
[SECURITY] [DSA 5775-1] chromium security update
[SECURITY] [DLA 3896-1] mediawiki security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3896-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
September 26, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : mediawiki
Version : 1:1.35.13-1+deb11u3
CVE ID : CVE-2023-51704
Privileged XSS in the user rights log has been fixed in the MediaWiki
wiki engine.
For Debian 11 bullseye, this problem has been fixed in version
1:1.35.13-1+deb11u3.
We recommend that you upgrade your mediawiki packages.
For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DLA 3897-1] trafficserver security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3897-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
September 27, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : trafficserver
Version : 8.1.11+ds-0+deb11u1
CVE ID : CVE-2023-38522 CVE-2024-35161 CVE-2024-35296
Debian Bug : 1077141
Multiple vulnerabilities were fixed in trafficserver,
a caching proxy server.
CVE-2023-38522
Incomplete field name check allows request smuggling
CVE-2024-35161
Incomplete check for chunked trailer section allows
request smuggling
CVE-2024-35296
Invalid Accept-Encoding can force forwarding requests
For Debian 11 bullseye, these problems have been fixed in version
8.1.11+ds-0+deb11u1.
We recommend that you upgrade your trafficserver packages.
For the detailed security status of trafficserver please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/trafficserver
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DSA 5775-1] chromium security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5775-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
September 26, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium
CVE ID : CVE-2024-9120 CVE-2024-9121 CVE-2024-9122 CVE-2024-9123
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
For the stable distribution (bookworm), these problems have been fixed in
version 129.0.6668.70-1~deb12u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
