[DSA 5879-1] opensaml security update
ELA-1352-1 gnutls28 security update
ELA-1351-1 squid3 security update
[SECURITY] [DSA 5879-1] opensaml security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5879-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 16, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : opensaml
CVE ID : not yet available
Alexander Tan discovered that the OpenSAML C++ library was susceptible
to forging of signed SAML messages. For additional details please refer
to the upstream advisory at
https://shibboleth.net/community/advisories/secadv_20250313.txt
For the stable distribution (bookworm), this problem has been fixed in
version 3.2.1-3+deb12u1.
We recommend that you upgrade your opensaml packages.
For the detailed security status of opensaml please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/opensaml
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
ELA-1352-1 gnutls28 security update
Package : gnutls28
Version : 3.3.30-0+deb8u3 (jessie), 3.5.8-5+deb9u8 (stretch), 3.6.7-4+deb10u13 (buster)
Related CVEs :
CVE-2024-12243
Bing Shi discovered that certificate data with a large number of names
or name constraints were handled inefficiently, which may lead to Denial
of Service upon specially crafted certificates.ELA-1352-1 gnutls28 security update
ELA-1351-1 squid3 security update
Package : squid3
Version : 3.5.23-5+deb8u8 (jessie), 3.5.23-5+deb9u11 (stretch)
Related CVEs :
CVE-2024-25617
CVE-2024-37894
CVE-2024-45802
Several security vulnerabilities have been discovered in Squid, a full featured
web proxy cache.
CVE-2024-25617
A Denial of Service attack against HTTP header parsing. This problem allows
a remote client or a remote server to perform Denial of Service when
sending oversized headers in HTTP messages.
CVE-2024-37894
Due to an Out-of-bounds Write error when assigning ESI variables, Squid is
susceptible to a Memory Corruption error. This error can lead to a Denial
of Service attack.
CVE-2024-45802
Disable ESI feature support. Due to Input Validation, Premature Release of
Resource During Expected Lifetime, and Missing Release of Resource after
Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks
by a trusted server against all clients using the proxy. This problem is
fixed by changing the build configuration to specify the --disable-esi
option.ELA-1351-1 squid3 security update
