Debian 10260 Published by

The following two security updates have been released for Debian GNU/Linux 9 Extended LTS:

ELA-1046-1 unbound1.9 security update
ELA-1045-1 phpseclib security update




ELA-1046-1 unbound1.9 security update

Package : unbound1.9
Version : 1.9.0-2+deb10u2~deb9u4 (stretch)

Related CVEs :
CVE-2023-50387
CVE-2023-50868

Two vulnerabilities were discovered in unbound, a validating, recursive,
caching DNS resolver. Specially crafted DNSSEC answers could lead unbound
down a very CPU intensive and time costly DNSSEC (CVE-2023-50387) or NSEC3
hash (CVE-2023-50868) validation path, resulting in denial of service.

ELA-1046-1 unbound1.9 security update


ELA-1045-1 phpseclib security update

Package : phpseclib
Version : 1.0.19-1~deb9u2 (stretch)

Related CVEs :
CVE-2023-48795

phpseclib, a library used for secure communication written in PHP language, was
vulnerable to so called Terrapin-Attack. The SSH transport protocol, with
certain OpenSSH extensions, allows remote attackers to bypass
integrity checks such that some packets are omitted
(from the extension negotiation message), and a client and
server may consequently end up with a connection for which some security
features have been downgraded or disabled.

ELA-1045-1 phpseclib security update