Debian 10225 Published by

The following updates are available for Debian GNU/Linux:

Debian GNU/Linux 8 (Jessie) and 9 (Stretch) Extended LTS:
ELA-1089-1 less security update

Debian GNU/Linux 10 (Buster) LTS:
[DLA 3811-1] python-idna security update

Debian GNU/Linux 11 (Bullseye) and 12 (Bookworm):
[DSA 5685-1] wordpress security update
[DSA 5682-2] glib2.0 regression update

Debian GNU/Linux 12 (Bookworm):
[DSA 5683-1] chromium security update



[DSA 5685-1] wordpress security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5685-1 security@debian.org
https://www.debian.org/security/ Markus Koschany
May 08, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : wordpress
CVE ID : CVE-2023-2745 CVE-2023-5561 CVE-2023-38000 CVE-2023-39999
CVE-2024-31210
Debian Bug : 1036296

Several security vulnerabilities have been discovered in Wordpress, a popular
content management framework, which may lead to exposure of sensitive
information to an unauthorized actor in WordPress or allowing unauthenticated
attackers to discern the email addresses of users who have published public
posts on an affected website via an Oracle style attack.

Furthermore this update resolves a possible cross-site-scripting vulnerability,
a PHP File Upload bypass via the plugin installer and a possible remote code
execution vulnerability which requires an attacker to control all the
properties of a deserialized object though.

For the oldstable distribution (bullseye), these problems have been fixed
in version 5.7.11+dfsg1-0+deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 6.1.6+dfsg1-0+deb12u1.

We recommend that you upgrade your wordpress packages.

For the detailed security status of wordpress please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wordpress

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[DSA 5683-1] chromium security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5683-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
May 08, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2024-4558 CVE-2024-4559

Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

For the stable distribution (bookworm), these problems have been fixed in
version 124.0.6367.155-1~deb12u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[DLA 3811-1] python-idna security update


-------------------------------------------------------------------------
Debian LTS Advisory DLA-3811-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
May 08, 2024 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : python-idna
Version : 2.6-1+deb10u1
CVE ID : CVE-2024-3651
Debian Bug : 1069127

Guido Vranken discovered an issue in python3-idna, a library to support
the Internationalized Domain Names in Applications (IDNA) protocol. A
specially crafted argument to the idna.encode() function could consume
significant resources, which may lead to Denial of Service.

For Debian 10 buster, this problem has been fixed in version
2.6-1+deb10u1.

We recommend that you upgrade your python-idna packages.

For the detailed security status of python-idna please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-idna

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



ELA-1089-1 less security update

Package : less
Version : 458-3+deb8u1 (jessie), 481-2.1+deb9u1 (stretch)

Related CVEs :
CVE-2022-48624
CVE-2024-32487

Several vulnerabilities were discovered in less, a file pager, which may result
in the execution of arbitrary commands if a file with a specially crafted file
name is processed.

ELA-1089-1 less security update


[DSA 5682-2] glib2.0 regression update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5682-2 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 09, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : glib2.0
Debian Bug : 1070730 1070736 1070743 1070745 1070749 1070752

The update for glib2.0 released as DSA 5682-1 caused a regression in
ibus affecting text entry with non-trivial input methods. Updated
glib2.0 packages are available to correct this issue.

For the oldstable distribution (bullseye), this problem has been fixed
in version 2.66.8-1+deb11u3.

For the stable distribution (bookworm), this problem has been fixed in
version 2.74.6-2+deb12u2.

We recommend that you upgrade your glib2.0 packages.

For the detailed security status of glib2.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/glib2.0

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/