Debian 10261 Published by

The following two security updates are available for Debian GNU/Linux:

ELA-1071-1 tomcat8 security update
[DSA 5656-1] chromium security update




ELA-1071-1 tomcat8 security update

Package : tomcat8
Version : 8.5.54-0+deb9u15 (stretch)

Related CVEs :
CVE-2024-23672
CVE-2024-24549

Two security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine.

CVE-2024-24549
Denial of Service due to improper input validation vulnerability for
HTTP/2. When processing an HTTP/2 request, if the request exceeded any of
the configured limits for headers, the associated HTTP/2 stream was not
reset until after all of the headers had been processed.

CVE-2024-23672
Denial of Service via incomplete cleanup vulnerability. It was possible
for WebSocket clients to keep WebSocket connections open leading to
increased resource consumption.

ELA-1071-1 tomcat8 security update


[DSA 5656-1] chromium security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5656-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
April 11, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2024-3157 CVE-2024-3515 CVE-2024-3516

Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

For the stable distribution (bookworm), these problems have been fixed in
version 123.0.6312.122-1~deb12u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/