Debian 10261 Published by

Debian GNU/Linux has received security upgrades, including an OpenSSL regression fix and Perl security update:

Debian GNU/Linux 8 (Jessie), 9 (Stretch), and 10 (Buster) Extended LTS:
ELA-1226-1 perl security update

Debian GNU/Linux 11 (Buster) LTS:
[DLA 3942-2] openssl regression update




[SECURITY] [DLA 3942-2] openssl regression update


-------------------------------------------------------------------------
Debian LTS Advisory DLA-3942-2 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Sean Whitton
November 03, 2024 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : openssl
Version : 1.1.1w-0+deb11u2
CVE ID : CVE-2023-5678 CVE-2024-0727 CVE-2024-2511 CVE-2024-4741
CVE-2024-5535 CVE-2024-9143
Debian Bug : 1055473 1061582 1068658 1072113 1074487 1085378

The previous update to openssl for Debian "bullseye" LTS was uploaded
with an incorrect version number. As a result, the apt tool would not
select the updated package for installation on otherwise up-to-date
"bullseye" systems. This has now been corrected.

For Debian 11 bullseye, this problem has been fixed in version
1.1.1w-0+deb11u2.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openssl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



ELA-1226-1 perl security update

Package : perl
Version : 5.20.2-3+deb8u14 (jessie), 5.24.1-3+deb9u8 (stretch), 5.28.1-6+deb10u2 (buster)

Related CVEs :
CVE-2020-16156
CVE-2023-31484

Perl a popular script language was affected by multiple vulnerabilities.

CVE-2020-16156:
An attacker can prepend checksums for modified
packages to the beginning of CHECKSUMS files,
before the cleartext PGP headers. This makes
the Module::Signature::_verify() checks
in both cpan and cpanm pass.
Without the sigtext and plaintext arguments
to _verify(), the _compare() check is bypassed.
This results in _verify() only checking that
valid signed cleartext is present somewhere
in the file.

CVE-2023-31484:
CPAN.pm does not verify TLS certificates
when downloading distributions over HTTPS.

ELA-1226-1 perl security update