Debian Security

Debian Security Advisories

Zuletzt aktualisiert: 2024-02-05T11:33:01Z

DSA-5615-1 runc - security update

2024-02-04

It was discovered that runc, a command line client for running

applications packaged according to the Open Container Format (OCF), was

suspectible to multiple container breakouts due to an internal file

descriptor leak.

https://security-tracker.debian.org/tracker/DSA-5615-1

Mehr

DSA-5614-1 zbar - security update

2024-02-03

Two vulnerabilities were discovered in zbar, a library for scanning and

decoding QR and bar codes, which may result in denial of service,

information disclosure or potentially the execution of arbitrary code if

a specially crafted code is processed.

https://security-tracker.debian.org/tracker/DSA-5614-1

Mehr

DSA-5613-1 openjdk-17 - security update

2024-02-01

Several vulnerabilities have been discovered in the OpenJDK Java runtime,

which may result in side channel attacks, leaking sensitive data to log

files, denial of service or bypass of sandbox restrictions.

https://security-tracker.debian.org/tracker/DSA-5613-1

Mehr

DSA-5612-1 chromium - security update

2024-02-01

Multiple security issues were discovered in Chromium, which could result

in the execution of arbitrary code, denial of service or information

disclosure.

https://security-tracker.debian.org/tracker/DSA-5612-1

Mehr

DSA-5611-1 glibc - security update

2024-01-30

The Qualys Research Labs discovered several vulnerabilities in the GNU C

Library's __vsyslog_internal() function (called by syslog() and

vsyslog()). A heap-based buffer overflow (CVE-2023-6246), an off-by-one

heap overflow (CVE-2023-6779) and an integer overflow (CVE-2023-6780)

can be exploited for privilege escalation or denial of service.

Details can be found in the Qualys advisory at

https://www.qualys.com/2024/01/30/syslog

Additionally a memory corruption was discovered in the glibc's qsort()

function, due to missing bounds check and when called by a program

with a non-transitive comparison function and a large number of

attacker-controlled elements. As the use of qsort() with a

non-transitive comparison function is undefined according to POSIX and

ISO C standards, this is not considered a vulnerability in the glibc

itself. However the qsort() implementation was hardened against

misbehaving callers.

Details can be found in the Qualys advisory at

https://www.qualys.com/2024/01/30/qsort

https://security-tracker.debian.org/tracker/DSA-5611-1

Mehr

DSA-5610-1 redis - security update

2024-01-29

Multiple security issues were discovered in Redis, a persistent

key-value database, which could result in the execution of arbitrary

code or ACL bypass.

https://security-tracker.debian.org/tracker/DSA-5610-1

Mehr

DSA-5609-1 slurm-wlm - security update

2024-01-28

Several vulnerabilities were discovered in the Slurm Workload Manager, a

cluster resource management and job scheduling system, which may result

in privilege escalation, denial of service, bypass of message hash

checks or opening files with an incorrect set of extended groups.

https://security-tracker.debian.org/tracker/DSA-5609-1

Mehr

DSA-5608-1 gst-plugins-bad1.0 - security update

2024-01-27

A heap-based buffer overflow during tile list parsing was discovered in

the AV1 video codec parser for the GStreamer media framework, which may

result in denial of service or potentially the execution of arbitrary

code if a malformed media file is opened.

https://security-tracker.debian.org/tracker/DSA-5608-1

Mehr

DSA-5607-1 chromium - security update

2024-01-24

Multiple security issues were discovered in Chromium, which could result

in the execution of arbitrary code, denial of service or information

disclosure.

https://security-tracker.debian.org/tracker/DSA-5607-1

Mehr

DSA-5606-1 firefox-esr - security update

2024-01-24

Multiple security issues have been found in the Mozilla Firefox web

browser, which could potentially result in the execution of arbitrary

code, phishing, clickjacking, privilege escalation, HSTS bypass or

bypass of content security policies.

https://security-tracker.debian.org/tracker/DSA-5606-1

Mehr

DSA-5605-1 thunderbird - security update

2024-01-24

Multiple security issues were discovered in Thunderbird, which could

result in denial of service or the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5605-1

Mehr

DSA-5604-1 openjdk-11 - security update

2024-01-23

Several vulnerabilities have been discovered in the OpenJDK Java runtime,

which may result in side channel attacks, leaking sensitive data to log

files, denial of service or bypass of sandbox restrictions.

https://security-tracker.debian.org/tracker/DSA-5604-1

Mehr

DSA-5603-1 xorg-server - security update

2024-01-23

Several vulnerabilities were discovered in the Xorg X server, which may

result in privilege escalation if the X server is running privileged

or denial of service.

https://security-tracker.debian.org/tracker/DSA-5603-1

Mehr

DSA-5602-1 chromium - security update

2024-01-17

Multiple security issues were discovered in Chromium, which could result

in the execution of arbitrary code, denial of service or information

disclosure. An exploit for CVE-2024-0519 exists in the wild.

https://security-tracker.debian.org/tracker/DSA-5602-1

Mehr

DSA-5601-1 php-phpseclib3 - security update

2024-01-12

Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the

SSH protocol is prone to a prefix truncation attack, known as the

"Terrapin attack". This attack allows a MITM attacker to effect a

limited break of the integrity of the early encrypted SSH transport

protocol by sending extra messages prior to the commencement of

encryption, and deleting an equal number of consecutive messages

immediately after encryption starts.

Details can be found at https://terrapin-attack.com/

https://security-tracker.debian.org/tracker/DSA-5601-1

Mehr

DSA-5600-1 php-phpseclib - security update

2024-01-12

Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the

SSH protocol is prone to a prefix truncation attack, known as the

"Terrapin attack". This attack allows a MITM attacker to effect a

limited break of the integrity of the early encrypted SSH transport

protocol by sending extra messages prior to the commencement of

encryption, and deleting an equal number of consecutive messages

immediately after encryption starts.

Details can be found at https://terrapin-attack.com/

https://security-tracker.debian.org/tracker/DSA-5600-1

Mehr

DSA-5599-1 phpseclib - security update

2024-01-12

Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the

SSH protocol is prone to a prefix truncation attack, known as the

"Terrapin attack". This attack allows a MITM attacker to effect a

limited break of the integrity of the early encrypted SSH transport

protocol by sending extra messages prior to the commencement of

encryption, and deleting an equal number of consecutive messages

immediately after encryption starts.

Details can be found at https://terrapin-attack.com/

https://security-tracker.debian.org/tracker/DSA-5599-1

Mehr

DSA-5598-1 chromium - security update

2024-01-10

A security issue was discovered in Chromium, which could result

in the execution of arbitrary code, denial of service, or information

disclosure.

https://security-tracker.debian.org/tracker/DSA-5598-1

Mehr

DSA-5597-1 exim4 - security update

2024-01-04

It was discovered that Exim, a mail transport agent, can be induced to

accept a second message embedded as part of the body of a first message

in certain configurations where PIPELINING or CHUNKING on incoming

connections is offered.

https://security-tracker.debian.org/tracker/DSA-5597-1

Mehr

DSA-5596-1 asterisk - security update

2024-01-04

Multiple security vulnerabilities have been discovered in Asterisk, an Open

Source Private Branch Exchange.

CVE-2023-37457

The 'update' functionality of the PJSIP_HEADER dialplan function can exceed

the available buffer space for storing the new value of a header. By doing

so this can overwrite memory or cause a crash. This is not externally

exploitable, unless dialplan is explicitly written to update a header based

on data from an outside source. If the 'update' functionality is not used

the vulnerability does not occur.

CVE-2023-38703

PJSIP is a free and open source multimedia communication library written in

C with high level API in C, C++, Java, C#, and Python languages. SRTP is a

higher level media transport which is stacked upon a lower level media

transport such as UDP and ICE. Currently a higher level transport is not

synchronized with its lower level transport that may introduce a

use-after-free issue. This vulnerability affects applications that have

SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media

transport other than UDP. This vulnerability’s impact may range from

unexpected application termination to control flow hijack/memory

corruption.

CVE-2023-49294

It is possible to read any arbitrary file even when the `live_dangerously`

option is not enabled.

CVE-2023-49786

Asterisk is susceptible to a DoS due to a race condition in the hello

handshake phase of the DTLS protocol when handling DTLS-SRTP for media

setup. This attack can be done continuously, thus denying new DTLS-SRTP

encrypted calls during the attack. Abuse of this vulnerability may lead to

a massive Denial of Service on vulnerable Asterisk servers for calls that

rely on DTLS-SRTP.

https://security-tracker.debian.org/tracker/DSA-5596-1

Mehr

DSA-5595-1 chromium - security update

2024-01-04

Multiple security issues were discovered in Chromium, which could result

in the execution of arbitrary code, denial of service or information

disclosure.

https://security-tracker.debian.org/tracker/DSA-5595-1

Mehr

DSA-5594-1 linux - security update

2024-01-02

Several vulnerabilities have been discovered in the Linux kernel that

may lead to a privilege escalation, denial of service or information

leaks.

CVE-2021-44879

Wenqing Liu reported a NULL pointer dereference in the f2fs

implementation. An attacker able to mount a specially crafted image

can take advantage of this flaw for denial of service.

CVE-2023-5178

Alon Zahavi reported a use-after-free flaw in the NVMe-oF/TCP

subsystem in the queue initialization setup, which may result in

denial of service or privilege escalation.

CVE-2023-5197

Kevin Rich discovered a use-after-free flaw in the netfilter

subsystem which may result in denial of service or privilege

escalation for a user with the CAP_NET_ADMIN capability in any user

or network namespace.

CVE-2023-5717

Budimir Markovic reported a heap out-of-bounds write vulnerability

in the Linux kernel's Performance Events system caused by improper

handling of event groups, which may result in denial of service or

privilege escalation. The default settings in Debian prevent

exploitation unless more permissive settings have been applied in

the kernel.perf_event_paranoid sysctl.

CVE-2023-6121

Alon Zahavi reported an out-of-bounds read vulnerability in the

NVMe-oF/TCP which may result in an information leak.

CVE-2023-6531

Jann Horn discovered a use-after-free flaw due to a race condition

when the unix garbage collector's deletion of a SKB races

with unix_stream_read_generic() on the socket that the SKB is

queued on.

CVE-2023-6817

Xingyuan Mo discovered that a use-after-free in Netfilter's

implementation of PIPAPO (PIle PAcket POlicies) may result in denial

of service or potential local privilege escalation for a user with

the CAP_NET_ADMIN capability in any user or network namespace.

CVE-2023-6931

Budimir Markovic reported a heap out-of-bounds write vulnerability

in the Linux kernel's Performance Events system which may result in

denial of service or privilege escalation. The default settings in

Debian prevent exploitation unless more permissive settings have

been applied in the kernel.perf_event_paranoid sysctl.

CVE-2023-6932

A use-after-free vulnerability in the IPv4 IGMP implementation may

result in denial of service or privilege escalation.

CVE-2023-25775

Ivan D Barrera, Christopher Bednarz, Mustafa Ismail and Shiraz

Saleem discovered that improper access control in the Intel Ethernet

Controller RDMA driver may result in privilege escalation.

CVE-2023-34324

Marek Marczykowski-Gorecki reported a possible deadlock in the Xen

guests event channel code which may allow a malicious guest

administrator to cause a denial of service.

CVE-2023-35827

Zheng Wang reported a use-after-free flaw in the Renesas Ethernet

AVB support driver.

CVE-2023-45863

A race condition in library routines for handling generic kernel

objects may result in an out-of-bounds write in the

fill_kobj_path() function.

CVE-2023-46813

Tom Dohrmann reported that a race condition in the Secure Encrypted

Virtualization (SEV) implementation when accessing MMIO registers

may allow a local attacker in a SEV guest VM to cause a denial of

service or potentially execute arbitrary code.

CVE-2023-46862

It was discovered that a race condition in the io_uring

subsystem may result in a NULL pointer dereference, causing a

denial of service.

CVE-2023-51780

It was discovered that a race condition in the ATM (Asynchronous

Transfer Mode) subsystem may lead to a use-after-free.

CVE-2023-51781

It was discovered that a race condition in the Appletalk subsystem

may lead to a use-after-free.

CVE-2023-51782

It was discovered that a race condition in the Amateur Radio X.25

PLP (Rose) support may lead to a use-after-free. This module is not

auto-loaded on Debian systems, so this issue only affects systems

where it is explicitly loaded.

https://security-tracker.debian.org/tracker/DSA-5594-1

Mehr

DSA-5593-1 linux - security update

2024-01-01

Several vulnerabilities have been discovered in the Linux kernel that

may lead to a privilege escalation, denial of service or information

leaks.

CVE-2023-6531

Jann Horn discovered a use-after-free flaw due to a race condition

problem when the unix garbage collector's deletion of a SKB races

with unix_stream_read_generic() on the socket that the SKB is

queued on.

CVE-2023-6622

Xingyuan Mo discovered a flaw in the netfilter subsystem which may

result in denial of service or privilege escalation for a user with

the CAP_NET_ADMIN capability in any user or network namespace.

CVE-2023-6817

Xingyuan Mo discovered that a use-after-free in Netfilter's

implementation of PIPAPO (PIle PAcket POlicies) may result in denial

of service or potential local privilege escalation for a user with

the CAP_NET_ADMIN capability in any user or network namespace.

CVE-2023-6931

Budimir Markovic reported a heap out-of-bounds write vulnerability

in the Linux kernel's Performance Events system which may result in

denial of service or privilege escalation.

CVE-2023-51779

It was discovered that a race condition in the Bluetooth subsystem

in the bt_sock_ioctl handling may lead to a use-after-free.

CVE-2023-51780

It was discovered that a race condition in the ATM (Asynchronous

Transfer Mode) subsystem may lead to a use-after-free.

CVE-2023-51781

It was discovered that a race condition in the Appletalk subsystem

may lead to a use-after-free.

CVE-2023-51782

It was discovered that a race condition in the Amateur Radio X.25

PLP (Rose) support may lead to a use-after-free.

https://security-tracker.debian.org/tracker/DSA-5593-1

Mehr

DSA-5592-1 libspreadsheet-parseexcel-perl - security update

2023-12-30

It was discovered that missing input sanitising in

libspreadsheet-parseexcel-perl, a Perl module to access information from

Excel Spreadsheets, may result in the execution of arbitrary commands if

a specially crafted document file is processed.

https://security-tracker.debian.org/tracker/DSA-5592-1

Mehr

DSA-5591-1 libssh - security update

2023-12-28

Several vulnerabilities were discovered in libssh, a tiny C SSH library.

CVE-2023-6004

It was reported that using the ProxyCommand or the ProxyJump feature

may allow an attacker to inject malicious code through specially

crafted hostnames.

CVE-2023-6918

Jack Weinstein reported that missing checks for return values for

digests may result in denial of service (application crashes) or

usage of uninitialized memory.

CVE-2023-48795

Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that

the SSH protocol is prone to a prefix truncation attack, known as

the "Terrapin attack". This attack allows a MITM attacker to effect

a limited break of the integrity of the early encrypted SSH

transport protocol by sending extra messages prior to the

commencement of encryption, and deleting an equal number of

consecutive messages immediately after encryption starts.

Details can be found at https://terrapin-attack.com/

https://security-tracker.debian.org/tracker/DSA-5591-1

Mehr

DSA-5590-1 haproxy - security update

2023-12-28

Several vulnerabilities were discovered in HAProxy, a fast and reliable

load balancing reverse proxy, which can result in HTTP request smuggling

or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5590-1

Mehr

DSA-5589-1 nodejs - security update

2023-12-27

Multiple vulnerabilities were discovered in Node.js, which could result in

HTTP request smuggling, bypass of policy feature checks, denial of service

or loading of incorrect ICU data.

https://security-tracker.debian.org/tracker/DSA-5589-1

Mehr

DSA-5588-1 putty - security update

2023-12-24

Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the

SSH protocol is prone to a prefix truncation attack, known as the

"Terrapin attack". This attack allows a MITM attacker to effect a

limited break of the integrity of the early encrypted SSH transport

protocol by sending extra messages prior to the commencement of

encryption, and deleting an equal number of consecutive messages

immediately after encryption starts.

Details can be found at https://terrapin-attack.com/

https://security-tracker.debian.org/tracker/DSA-5588-1

Mehr

DSA-5587-1 curl - security update

2023-12-23

Two security issues were discovered in Curl: Cookies were incorrectly

validated against the public suffix list of domains and in same cases

HSTS data could fail to save to disk.

https://security-tracker.debian.org/tracker/DSA-5587-1

Mehr

DSA-5586-1 openssh - security update

2023-12-22

Several vulnerabilities have been discovered in OpenSSH, an

implementation of the SSH protocol suite.

CVE-2021-41617

It was discovered that sshd failed to correctly initialise

supplemental groups when executing an AuthorizedKeysCommand or

AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or

AuthorizedPrincipalsCommandUser directive has been set to run the

command as a different user. Instead these commands would inherit

the groups that sshd was started with.

CVE-2023-28531

Luci Stanescu reported that a error prevented constraints being

communicated to the ssh-agent when adding smartcard keys to the

agent with per-hop destination constraints, resulting in keys being

added without constraints.

CVE-2023-48795

Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that

the SSH protocol is prone to a prefix truncation attack, known as

the "Terrapin attack". This attack allows a MITM attacker to effect

a limited break of the integrity of the early encrypted SSH

transport protocol by sending extra messages prior to the

commencement of encryption, and deleting an equal number of

consecutive messages immediately after encryption starts.

Details can be found at https://terrapin-attack.com/

CVE-2023-51384

It was discovered that when PKCS#11-hosted private keys were

added while specifying destination constraints, if the PKCS#11

token returned multiple keys then only the first key had the

constraints applied.

CVE-2023-51385

It was discovered that if an invalid user or hostname that contained

shell metacharacters was passed to ssh, and a ProxyCommand,

LocalCommand directive or "match exec" predicate referenced the user

or hostname via expansion tokens, then an attacker who could supply

arbitrary user/hostnames to ssh could potentially perform command

injection. The situation could arise in case of git repositories

with submodules, where the repository could contain a submodule with

shell characters in its user or hostname.

https://security-tracker.debian.org/tracker/DSA-5586-1

Mehr

════════════════════════

Skriptlauf: 2024-02-05T15:32:02

🏡