Debian 10225 Published by

The following security updates are available for Debian GNU/Linux:

ELA-1028-1 tomcat8 security update
[DSA 5597-1] exim4 security update
[DSA 5596-1] asterisk security update
[DLA 3706-1] netatalk security update
[DSA 5595-1] chromium security update




ELA-1028-1 tomcat8 security update

Package : tomcat8
Version : 8.5.54-0+deb9u14 (stretch)

Related CVEs :
CVE-2023-46589

An improper input validation vulnerability was discovered in Apache Tomcat.
Tomcat did not correctly parse HTTP trailer headers. A trailer header that
exceeded the header size limit could cause Tomcat to treat a single request as
multiple requests, leading to the possibility of request smuggling when behind
a reverse proxy.
The update for Debian 8 “jessie” is pending.

ELA-1028-1 tomcat8 security update


[DSA 5597-1] exim4 security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5597-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 04, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : exim4
CVE ID : CVE-2023-51766
Debian Bug : 1059387

It was discovered that Exim, a mail transport agent, can be induced to
accept a second message embedded as part of the body of a first message
in certain configurations where PIPELINING or CHUNKING on incoming
connections is offered.

For the oldstable distribution (bullseye), this problem has been fixed
in version 4.94.2-7+deb11u2.

For the stable distribution (bookworm), this problem has been fixed in
version 4.96-15+deb12u4.

We recommend that you upgrade your exim4 packages.

For the detailed security status of exim4 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/exim4

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[DSA 5596-1] asterisk security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5596-1 security@debian.org
https://www.debian.org/security/ Markus Koschany
January 04, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : asterisk
CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786
Debian Bug : 1059303 1059032 1059033

Multiple security vulnerabilities have been discovered in Asterisk, an Open
Source Private Branch Exchange.

CVE-2023-37457

The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
the available buffer space for storing the new value of a header. By doing
so this can overwrite memory or cause a crash. This is not externally
exploitable, unless dialplan is explicitly written to update a header based
on data from an outside source. If the 'update' functionality is not used
the vulnerability does not occur.

CVE-2023-38703

PJSIP is a free and open source multimedia communication library written in
C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
higher level media transport which is stacked upon a lower level media
transport such as UDP and ICE. Currently a higher level transport is not
synchronized with its lower level transport that may introduce a
use-after-free issue. This vulnerability affects applications that have
SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
transport other than UDP. This vulnerability’s impact may range from
unexpected application termination to control flow hijack/memory
corruption.

CVE-2023-49294

It is possible to read any arbitrary file even when the `live_dangerously`
option is not enabled.

CVE-2023-49786

Asterisk is susceptible to a DoS due to a race condition in the hello
handshake phase of the DTLS protocol when handling DTLS-SRTP for media
setup. This attack can be done continuously, thus denying new DTLS-SRTP
encrypted calls during the attack. Abuse of this vulnerability may lead to
a massive Denial of Service on vulnerable Asterisk servers for calls that
rely on DTLS-SRTP.

For the oldstable distribution (bullseye), these problems have been fixed
in version 1:16.28.0~dfsg-0+deb11u4.

We recommend that you upgrade your asterisk packages.

For the detailed security status of asterisk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/asterisk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[DLA 3706-1] netatalk security update


-------------------------------------------------------------------------
Debian LTS Advisory DLA-3706-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Markus Koschany
January 04, 2024 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : netatalk
Version : 3.1.12~ds-3+deb10u5
CVE ID : CVE-2022-22995
Debian Bug : 1053545

Corentin BAYET, Etienne HELLUY-LAFONT and Luca MORO of Synacktiv discovered a
symlink redirection vulnerability in Netatalk, the Apple Filing Protocol
service. The create_appledesktop_folder function of netatalk can be used to
unsafely move files outside the shared volume using the "mv" system utility.
The create_appledesktop_folder function is called when netatalk is configured
to use the legacy AppleDouble v2 format of file system meta data.

By using the features of another file sharing protocol, like SMB, an
attacker could abuse this primitive to create an arbitrary symbolic link
and move it outside the share. The attacker could then reuse the created
symlink to write arbitrary files on the targeted system. On the targeted
device where it was demonstrated, writing arbitrary files on the system
resulted in a remote code execution.

For Debian 10 buster, this problem has been fixed in version
3.1.12~ds-3+deb10u5.

We recommend that you upgrade your netatalk packages.

For the detailed security status of netatalk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/netatalk

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



[DSA 5595-1] chromium security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5595-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
January 04, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2024-0222 CVE-2024-0223 CVE-2024-0224 CVE-2024-0225

Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

For the oldstable distribution (bullseye), these problems have been fixed
in version 120.0.6099.199-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 120.0.6099.199-1~deb12u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/