Debian 10260 Published by

The following security updates have been released for Debian GNU/Linux:

Debian GNU/Linux 8 (Jessie) Extended LTS:
ELA-1135-1 python3.7 security update

Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1133-1 imagemagick security update




ELA-1135-1 python3.7 security update

Package : python3.7
Version : 3.7.3-2+deb10u8 (buster)

Related CVEs :
CVE-2024-0397
CVE-2024-4032

Multiple vulnerabilities have been fixed in the Python3 interpreter.

CVE-2024-0397
Race condition in ssl.SSLContext

CVE-2024-4032i
Incorrect information about private addresses in the ipaddress module

ELA-1135-1 python3.7 security update


ELA-1133-1 imagemagick security update

Package : imagemagick
Version : 8:6.9.10.23+dfsg-2.1+deb10u8 (buster)

Related CVEs :
CVE-2023-1289
CVE-2023-34151

The security fixes for two security vulnerabilities in Imagemagick, an image
processing toolking, were found to be incomplete.

CVE-2023-1289
Loading a specially created SVG file may cause a segmentation fault.
When ImageMagick crashes, it generates a lot of trash files. These trash
files can be large if the SVG file contains many render actions, and could
result in a denial of service.

CVE-2023-34151
Undefined behaviors of casting double to size_t in svg, mvg and other
coders.

These vulnerabilities were previously addressed in Debian 10 buster during
its Debian Long Term Support period, as announced via the [DLA 3737-1]:
[DLA 3737-1] https://lists.debian.org/debian-lts-announce/2024/02/msg00007.html

ELA-1133-1 imagemagick security update