Debian 10225 Published by

Updated xorg-server, chromium, and rabbitmq-server security updates are available for Debian GNU/Linux:

[DLA 3686-1] xorg-server security update
ELA-1019-1 xorg-server security update
[DSA 5577-1] chromium security update
[DLA 3687-1] rabbitmq-server security update




[DLA 3686-1] xorg-server security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3686-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
December 13, 2023 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : xorg-server
Version : 2:1.20.4-1+deb10u11
CVE ID : CVE-2023-6377 CVE-2023-6478

Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server,
which may result in privilege escalation if the X server is running
privileged.

For Debian 10 buster, these problems have been fixed in version
2:1.20.4-1+deb10u11.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



ELA-1019-1 xorg-server security update

Package : xorg-server


Version : 2:1.16.4-1+deb8u13 (jessie), 2:1.19.2-1+deb9u16 (stretch)


Related CVEs :

CVE-2023-6377

CVE-2023-6478



Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server,
which may result in privilege escalation if the X server is running
privileged.

ELA-1019-1 xorg-server security update


[DSA 5577-1] chromium security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5577-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
December 13, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2023-6702 CVE-2023-6703 CVE-2023-6704 CVE-2023-6705
CVE-2023-6706 CVE-2023-6707

Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

For the oldstable distribution (bullseye), these problems have been fixed
in version 120.0.6099.109-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 120.0.6099.109-1~deb12u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[DLA 3687-1] rabbitmq-server security update


-------------------------------------------------------------------------
Debian LTS Advisory DLA-3687-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Markus Koschany
December 13, 2023 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : rabbitmq-server
Version : 3.8.2-1+deb10u2
CVE ID : CVE-2023-46118
Debian Bug : 1056723

RabbitMQ is a multi-protocol messaging and streaming broker. The HTTP API
did not enforce an HTTP request body limit, making it vulnerable for denial
of service (DoS) attacks with very large messages by an authenticated user
with sufficient credentials.

For Debian 10 buster, this problem has been fixed in version
3.8.2-1+deb10u2.

We recommend that you upgrade your rabbitmq-server packages.

For the detailed security status of rabbitmq-server please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/rabbitmq-server

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS