Debian 10260 Published by

Debian GNU/Linux has been updated with multiple security updates, including updates for php-horde-turba, apache2, and libreoffice:

Debian GNU/Linux 8 (Jessie) Extended LTS:
ELA-1158-1 apache2 security update

Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1159-1 apache2 security update
ELA-1205-1 libreoffice security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 3923-1] php-horde-turba security update
[DLA 3924-1] php-horde-mime-viewer security update



[SECURITY] [DLA 3923-1] php-horde-turba security update


-------------------------------------------------------------------------
Debian LTS Advisory DLA-3923-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Tobias Frost
October 19, 2024 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : php-horde-turba
Version : 4.2.25-5+deb11u2
CVE ID : CVE-2022-30287
Debian Bug : 1012279

It was discovered that there was an arbitrary object deserialization
vulnerability in php-horde-turba, an address book component for the
Horde groupware suite.

For Debian 11 bullseye, this problem has been fixed in version
4.2.25-5+deb11u2

We recommend that you upgrade your php-horde-turba packages.

For the detailed security status of php-horde-turba please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php-horde-turba

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Note:
4.2.25-5+deb11u1 had been uploaded incorrectly and thus never reached
the archived. 4.2.25-5+deb11u2 is a no-change re-upload to correct
this mistake.



ELA-1159-1 apache2 security update

Package : apache2
Version : 2.4.25-3+deb9u18 (stretch), 2.4.59-1~deb10u2 (buster)

Related CVEs :
CVE-2024-36387
CVE-2024-38476
CVE-2024-38477
CVE-2024-39573
CVE-2024-39884
CVE-2024-40725

Multiple vulnerabilities were found on apache, a popular webserver.

CVE-2024-36387
Serving WebSocket protocol upgrades over a HTTP/2 connection could
result in a NULL Pointer dereference, leading to a crash of the
server process

CVE-2024-38476
Backend application whose reponse headers are malicious
rendered apache2 vulnerable to SSRF
(Server-side Request Forgery) and local script execution.

CVE-2024-38477
A NULL pointer dereference was found in
mod_proxy allowing an attacker to crash the server via
a malicious request.

CVE-2024-39573
A potential SSRF in mod_rewrite allowed an
attacker to cause unsafe RewriteRules to unexpectedly
setup URL's to be handled by mod_proxy.

CVE-2024-39884
A regression of CVE-2024-38476 in the core of Apache
HTTP Server ignores some use of the legacy content-type based
configuration of handlers. "AddType" and similar configuration,
under some circumstances where files are requested indirectly,
result in source code disclosure of local content. For example,
PHP scripts may be served instead of interpreted.

CVE-2024-40725
A partial fix for CVE-2024-38476 in the core of
Apache HTTP Server ignores some use of the legacy content-type based
configuration of handlers. "AddType" and similar configuration,
under some circumstances where files are requested indirectly,
result in source code disclosure of local content. For example,
PHP scripts may be served instead of interpreted.

Moreover a functionality bug was fixed in webdav list of well known
browser by adding dolphin and Konqueror/5 browsers.

ELA-1159-1 apache2 security update


ELA-1158-1 apache2 security update

Package : apache2
Version : 2.4.10-10+deb8u28 (jessie)

Related CVEs :
CVE-2024-38476
CVE-2024-38477
CVE-2024-39573
CVE-2024-39884
CVE-2024-40725

Multiple vulnerabilities were found on apache, a popular webserver.

CVE-2024-38476
Backend application whose reponse headers are malicious
rendered apache2 vulnerable to SSRF
(Server-side Request Forgery) and local script execution.

CVE-2024-38477
A NULL pointer dereference was found in
mod_proxy allowing an attacker to crash the server via
a malicious request.

CVE-2024-39573
A potential SSRF in mod_rewrite allowed an
attacker to cause unsafe RewriteRules to unexpectedly
setup URL's to be handled by mod_proxy.

CVE-2024-39884
A regression of CVE-2024-38476 in the core of Apache
HTTP Server ignores some use of the legacy content-type based
configuration of handlers. "AddType" and similar configuration,
under some circumstances where files are requested indirectly,
result in source code disclosure of local content. For example,
PHP scripts may be served instead of interpreted.

CVE-2024-40725
A partial fix for CVE-2024-38476 in the core of
Apache HTTP Server ignores some use of the legacy content-type based
configuration of handlers. "AddType" and similar configuration,
under some circumstances where files are requested indirectly,
result in source code disclosure of local content. For example,
PHP scripts may be served instead of interpreted.

Moreover a functionality bug was fixed in webdav list of well known
browser by adding dolphin and Konqueror/5 browsers.

ELA-1158-1 apache2 security update


[SECURITY] [DLA 3924-1] php-horde-mime-viewer security update


-------------------------------------------------------------------------
Debian LTS Advisory DLA-3924-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Tobias Frost
October 19, 2024 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : php-horde-mime-viewer
Version : 2.2.4+debian0-2~deb11u1
CVE ID : CVE-2022-26874
Debian Bug :

It was discovered that there was a potential XSS vulnerability in
php-horde-mime-viewer, a MIME viewer library for the Horde groupware
platform.

For Debian 11 bullseye, this problem has been fixed in version
2.2.4+debian0-2~deb11u1.

We recommend that you upgrade your php-horde-mime-viewer packages.

For the detailed security status of php-horde-mime-viewer please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php-horde-mime-viewer

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



ELA-1205-1 libreoffice security update

Package : libreoffice
Version : 1:6.1.5-3+deb9u5 (stretch), 1:6.1.5-3+deb10u14 (buster)

Related CVEs :
CVE-2024-7788

A vulnerability was found in libreoffice a popular office productivity suite.

CVE-2024-7788:
Various file formats are based on the zip file format. In cases of corruption of the underlying zip's central directory, LibreOffice offers a "repair mode" which will attempt to recover the zip file structure by scanning for secondary local file headers in the zip to reconstruct the document.

Prior to this fix, in the case of digitally signed zip files, an attacker could construct a document which, when repaired, reported a signature status not valid for the recovered file.

Previously if verification failed the user could choose to ignore the failure and enable the macros anyway.

Repair document mode has to be inherently tolerant, so now in fixed versions all signatures are implied to be invalid in recovery mode.

ELA-1205-1 libreoffice security update