Debian 10267 Published by

The following security updates are available for Debian GNU/Linux:

[DLA 3799-1] trafficserver security update
[DLA 3798-1] zabbix security update
[DLA 3797-1] frr security update
ELA-1079-1 pillow security update




[DLA 3799-1] trafficserver security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3799-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
April 28, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : trafficserver
Version : 8.1.7-0+deb10u4
CVE ID : CVE-2024-31309
Debian Bug : 1068417

Potential DoS attacks have been fixed by rate limiting
HTTP/2 CONTINUATION frames in Apache Traffic Server,
an HTTP/1.1 and HTTP/2 compliant caching proxy server.

For Debian 10 buster, this problem has been fixed in version
8.1.7-0+deb10u4.

We recommend that you upgrade your trafficserver packages.

For the detailed security status of trafficserver please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/trafficserver

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



[DLA 3798-1] zabbix security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3798-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
April 28, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : zabbix
Version : 1:4.0.4+dfsg-1+deb10u5
CVE ID : CVE-2024-22119

Improper form input field validation has been fixed in Zabbix,
a network monitoring solution.

For Debian 10 buster, this problem has been fixed in version
1:4.0.4+dfsg-1+deb10u5.

We recommend that you upgrade your zabbix packages.

For the detailed security status of zabbix please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/zabbix

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



[DLA 3797-1] frr security update


-------------------------------------------------------------------------
Debian LTS Advisory DLA-3797-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Tobias Frost
April 28, 2024 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : frr
Version : 7.5.1-1.1+deb10u2
CVE ID : CVE-2022-26125 CVE-2022-26126 CVE-2022-26127 CVE-2022-26128
CVE-2022-26129 CVE-2022-37035 CVE-2023-38406 CVE-2023-38407
CVE-2023-46752 CVE-2023-46753 CVE-2023-47234 CVE-2023-47235
CVE-2024-31948 CVE-2024-31949
Debian Bug : 1008010 1016978 1055852

Several vulnerabilities have been found in frr, the FRRouting suite of
internet protocols. An attacker could craft packages to trigger buffer
overflows with the possibility to gain remote code execution, buffer
overreads, crashes or trick the software to enter an infinite loop.

CVE-2022-26125

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to
wrong checks on the input packet length in isisd/isis_tlvs.c.

CVE-2022-26126

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to
the use of strdup with a non-zero-terminated binary string in
isis_nb_notifications.c.

CVE-2022-26127

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to
missing a check on the input packet length in the babel_packet_examin
function in babeld/message.c.

CVE-2022-26128

A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to
a wrong check on the input packet length in the babel_packet_examin
function in babeld/message.c.

CVE-2022-26129

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to
wrong checks on the subtlv length in the functions, parse_hello_subtlv,
parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c.

CVE-2022-37035

An issue was discovered in bgpd in FRRouting (FRR) 8.3. In
bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c,
there is a possible use-after-free due to a race condition. This could
lead to Remote Code Execution or Information Disclosure by sending
crafted BGP packets. User interaction is not needed for exploitation.

CVE-2023-38406

bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri
length of zero, aka a "flowspec overflow."

CVE-2023-38407

bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond
the end of the stream during labeled unicast parsing.

CVE-2023-46752

An issue was discovered in FRRouting FRR through 9.0.1. It mishandles
malformed MP_REACH_NLRI data, leading to a crash.

CVE-2023-46753

An issue was discovered in FRRouting FRR through 9.0.1. A crash can
occur for a crafted BGP UPDATE message without mandatory attributes,
e.g., one with only an unknown transit attribute.

CVE-2023-47234

An issue was discovered in bgpd in FRRouting (FRR) 8.3. In
bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c,
there is a possible use-after-free due to a race condition. This could
lead to Remote Code Execution or Information Disclosure by sending
crafted BGP packets. User interaction is not needed for exploitation.

CVE-2023-47235

An issue was discovered in FRRouting FRR through 9.0.1. A crash can
occur when a malformed BGP UPDATE message with an EOR is processed,
because the presence of EOR does not lead to a treat-as-withdraw
outcome.

CVE-2024-31948

In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID
attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.

CVE-2024-31949

In FRRouting (FRR) through 9.1, an infinite loop can occur when
receiving a MP/GR capability as a dynamic capability because malformed
data results in a pointer not advancing.

For Debian 10 buster, these problems have been fixed in version
7.5.1-1.1+deb10u2.

We recommend that you upgrade your frr packages.

For the detailed security status of frr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/frr

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



ELA-1079-1 pillow security update

Package : pillow
Version : 2.6.1-2+deb8u10 (jessie), 4.0.0-4+deb9u6 (stretch)

Related CVEs :
CVE-2024-28219

A buffer overflow in _imagingcms.c was fixed in Pillow, an image processing library for Python.

ELA-1079-1 pillow security update