Debian Linux Security Advisory 5554-1 - Several vulnerabilities have been discovered in the PostgreSQL database system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5554-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
November 13, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : postgresql-13  
CVE ID         : CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 CVE-2023-39417

Several vulnerabilities have been discovered in the PostgreSQL  
database system.

CVE-2023-5868

    Jingzhou Fu discovered a memory disclosure flaw in aggregate  
    function calls.

CVE-2023-5869

    Pedro Gallegos reported integer overflow flaws resulting in buffer  
    overflows in the array modification functions.

CVE-2023-5870

    Hemanth Sandrana and Mahendrakar Srinivasarao reported that the  
    pg_cancel_backend role can signal certain superuser processes,  
    potentially resulting in denial of service.

CVE-2023-39417

    Micah Gate, Valerie Woolard, Tim Carey-Smith, and Christoph Berg  
    reported that an extension script using @substitutions@ within  
    quoting may allow to perform an SQL injection for an attacker having  
    database-level CREATE privileges.

For the oldstable distribution (bullseye), these problems have been  
fixed in version 13.13-0+deb11u1.

We recommend that you upgrade your postgresql-13 packages.

For the detailed security status of postgresql-13 please refer to its  
security tracker page at:  
https://security-tracker.debian.org/tracker/postgresql-13

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVSk+VfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0Q9rQ/8Co/OgM7q3kXV9szTFTh0K0s2+7W04CRaNA+BGESpsnKUAG22FApRbGMG  
txECE/zyhih7Bq6knDkjwU1TS3mzd5ra0aQEvuErPcDf1oVAm5rzEf8C2bDBZxqo  
ZuuV03fuh468TQWdUaICoKWueLbSOr0wkh8YLdTOiwSldQg4JkJ2rmWLVx9mxsuT  
5XQRESxgMekCkM3s1H+dIo3Bncf6hW78RYn3oi2i2txwwrEmxsYadaBbvqEkdd/G  
0/mrkaxF/H9g0CCxrVlcHCfGNfcd9aM2mcYjQEUeypb3CV6ybQpWKgwc0hxXFKUS  
ndc9iP/DuOnAJTMOQAzxZ5R4wincO5Godb1x5jdCcSCMOVt/5vj/QF5tAvI/85Rq  
lwgSY/orrB0GeRtNrbi82UZsvLuiOUbgkad3+qEthD+9FQJgTGvMqQqgC6Mr9Ga1  
VVlUwMsZsVjkjbeMm75i7dKi5ya+uqlCdVp3zDw9jGUcfo2+BG2uVepVdoNqWu4b  
X72TdKbZ2sSkSHh4dt6Qyg5GNazix2DvmE+vB2J8jpbodICgAQ43Jq3Hruda4BjD  
V0C8a+u/u3Mh7Kax4niHGTYK666JyTMUqdEkJGtLx59POAdqCpIVi3+lGUSu51x/  
E5pXXHzEuEYCckpxZ0sJctDG1zOCa0BbTNBVYyJEzaAvAhCzpsI=  
=frzV  
-----END PGP SIGNATURE-----

Debian Security Advisory 5554-1

Debian Linux Security Advisory 5553-1 - Several vulnerabilities have been discovered in the PostgreSQL database system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5553-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
November 13, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : postgresql-15  
CVE ID         : CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 CVE-2023-39417  
                 CVE-2023-39418

Several vulnerabilities have been discovered in the PostgreSQL  
database system.

CVE-2023-5868

    Jingzhou Fu discovered a memory disclosure flaw in aggregate  
    function calls.

CVE-2023-5869

    Pedro Gallegos reported integer overflow flaws resulting in buffer  
    overflows in the array modification functions.

CVE-2023-5870

    Hemanth Sandrana and Mahendrakar Srinivasarao reported that the  
    pg_cancel_backend role can signal certain superuser processes,  
    potentially resulting in denial of service.

CVE-2023-39417

    Micah Gate, Valerie Woolard, Tim Carey-Smith, and Christoph Berg  
    reported that an extension script using @substitutions@ within  
    quoting may allow to perform an SQL injection for an attacker having  
    database-level CREATE privileges.

CVE-2023-39418

    Dean Rasheed reported that the MERGE command to enforce UPDATE or  
    SELECT row security policies.

For the stable distribution (bookworm), these problems have been fixed  
in version 15.5-0+deb12u1.

We recommend that you upgrade your postgresql-15 packages.

For the detailed security status of postgresql-15 please refer to its  
security tracker page at:  
https://security-tracker.debian.org/tracker/postgresql-15

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVSkZ9fFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0TEeA//aemORcM7eOsmMwuyYGoAjpV3o2f6Ji58KN/JunoHAU7TytATJbH1ImSt  
llsXmd4gOnBCrI2HbpFwHTlgP38Ie3XGYh9Ubtb2sfbOWDgOc+OGF9GdgJ2zc50k  
c/iLHIH4MmhPqC8r2aDSHM74iM0W4iXGp6d4APRIUWcTVP9GXCpVucF1WA0Oy+Pw  
wLbqP4yp+w+eyjkZZ7sZ8vx5Q5Yk8YBjaXkoOwlR8+3yp7rzLzM8VHYn8hSQ6JLz  
RJ6/gKizEHNLU1N6fq6UTHNINRq/C5fbwobW5Of8hPr/N+DpzpXI70PXj5DBFC9k  
MNpAsc9DlQN0RFKVIKYWBiotOV6LHKnUZlHNRzNTS+nyUmdQmc7BO0tkSm8ChNF2  
+YPj3LIlZwhgqSn/iI7BA62U5kp3UeF1EoRA1Mfxn7JK2xKo7cq2opluu3dndLIK  
XsLjUcTOGMq6pNosz9lsJNAvqU7a5cSKCEBGHFdxZct1RHkbPNFcZUmsFhAcxpwx  
klHYq1Pl54g1sNZS4KWmTW1TlGKj9d0teC9W8kQ+sGbF3HB5O+RsC+1zAvySMLJ/  
u7U793pwaIc/B8KKSsDTqUe9wLLkNsRT/BDxCfhs7qj/cRP0++dwLDYGHtSzqThg  
B/X8uUrJHsHWJ2IhK+jCpIufOaRSqoozsIqo7FNGbDZlt0ml/h0=  
=CPWu  
-----END PGP SIGNATURE-----

Debian Security Advisory 5553-1

Debian Linux Security Advisory 5552-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5552-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffNovember 12, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : ffmpegCVE ID         : CVE-2022-4907Several vulnerabilities have been discovered in the FFmpeg multimediaframework, which could result in denial of service or potentially theexecution of arbitrary code if malformed files/streams are processed.For the stable distribution (bookworm), this problem has been fixed inversion 7:5.1.4-0+deb12u1.We recommend that you upgrade your ffmpeg packages.For the detailed security status of ffmpeg please refer toits security tracker page at:https://security-tracker.debian.org/tracker/ffmpegFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVRHAcACgkQEMKTtsN8TjarbhAArIXbV7G++JFpuwnvfFkrmTxT9W9k7puRlFLmnErCKQ4S2GHAd4FmOuTyUDdqIMYtqpRDV30VIQu+TXSmt95Fbms7WStzbcN37s2nELdKWObMYMg60LhscujiJZOJvZGtd4m+btn0Oj71ajcumwOBiqGu8mNI8HBa2gMWQ8z1aol9TzfmcuKE0am4OmheqN3I76wXncSWj8lFqJujD7YESx8liLCBNJ3Lt7lsG9B7Dv9iDcyhADMjX8V5A84OP1eKVEfiTxfHGN+ibFQp3gnopCqTIWf4VXmi+UMBJqvaNyOuKG50pl2qh1dlXq1CIc7mHqrZbMWi7phvunozyOj+o5uzBCtdqZ/jEr5htqGNyXONqzSZUmm+n39mZ5IxZG1DVJ9eZiJNwCBqJ1xOvWYGnT2YOVOIWUhCi3jUIlq809mgZ2bVslN6XqMh8TAEKZ03fuDIlutCHX39fs7hKg0f6GEFQAoN1Kp8G82WSa/qEhJC/3yQcAn3x3dPIPzickWnizYyDXgbO15DnfbG2hPioxI8taXPRBibSkGssXYDyiuHQ4T0x+L39svl5cXdISCpjO/D3U5EsO1M3/4j02lOfEaOlgNCySF/oWWXhXFqybtAcArYVPN8fxfOaWPx96f+VwN4aFl+WlOLP+u2rY9VxLUVWh1lElr8h7cC2wgwClU==V1mm-----END PGP SIGNATURE-----

Debian Security Advisory 5552-1

Debian Linux Security Advisory 5551-1 - Debian appears to have forgotten to put the actual details of the advisory in this advisory, but they recommend that you upgrade your chromium packages.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5551-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonNovember 09, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-5996Debian Bug     : 1033136DSA text goes hereFor the oldstable distribution (bullseye), this problem has been fixedin version 119.0.6045.123-1~deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 119.0.6045.123-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmVMkqYACgkQZF0CR8Nudjf2GhAAvVpxu8qF2iC1AgZXcHMqj4gpOE0x3S+Ee/JbJAKLbsnwsejzhFPKCRPzcAyI6xPR7D12vPEEOvvfS5DTGuYfCoJ4LM02zLUMWZrA5jFc6tUFWQ1VZRYFhL7s7sfuiZTbBWNVDdhjzD6GTmaYgfgPTGbH78cJ3iCS6FWf8sxGF/Pm+2xDC8cZeKuDfQZfP3MboLvKpRzrUlFFxytSAJQoT4PPs1QKrc/ksEyTwaA+KCMiSn5nMbq03SNTx84DFlUiMZXFNBSBd6SvxI5WLivOP+Gs+60DTJ8rCmgsx5Mn5OI/k/iFVLo7RBb691LO5TNxOe58+M9iuktC/SPwSEDesIpKoPww9SNSm7X4q3Q06uuAWzqMmV34tqsaPstJuD6Pi0xY55QAZps+/XFAUrw5Utsq24dj08N0let8+ikOuAkd4eIniJlgvMBXs/0mcNj9lOcBBZ2ANplXtHMlv626YOm4JfDuCPmhOB4OZHhxgj9Sj2clPsNeF04vkYyT5t6le0Snc0JhojzayfGQeegonr64UZdNIydHGP0mKvjNyswaS6k6qUnTtW0khShzagF9GQYADK63jaUOhsrOWrFK0QRF/YrSGS9jgMimEWdav/YtNX/mz2y1r72d5R18c+020srE+R0VPIDGfnhLktC8J4SpK16V6U3/KuaeuZv9oK4==s8+l-----END PGP SIGNATURE-----

Debian Security Advisory 5551-1

Debian Linux Security Advisory 5550-1 - Multiple security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in cross-site scripting, SQL injection, an open redirect or command injection.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5550-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffNovember 08, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : cactiCVE ID         : CVE-2023-39357 CVE-2023-39359 CVE-2023-39361 CVE-2023-39362                  CVE-2023-39364 CVE-2023-39365 CVE-2023-39513 CVE-2023-39515                  CVE-2023-39516 CVE-2023-39514 CVE-2023-39512 CVE-2023-39510     CVE-2023-39366 Multiple security vulnerabilities have been discovered in Cacti, a webinterface for graphing of monitoring systems, which could result incross-site scripting, SQL injection, an open redirect or command injection. For the oldstable distribution (bullseye), these problems have been fixedin version 1.2.16+ds1-2+deb11u2.For the stable distribution (bookworm), these problems have been fixed inversion 1.2.24+ds1-1+deb12u1.We recommend that you upgrade your cacti packages.For the detailed security status of cacti please refer toits security tracker page at:https://security-tracker.debian.org/tracker/cactiFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVMDYgACgkQEMKTtsN8TjYzmhAAny8lZgRdlKAadeOGxULyDwZMzGhq9zoHUX2otN3nwIuQEotG6m9/Lc3+IQNpase5cNYZZMlF7lA5u34cbHNmnVnraEARUnU1PwsFOjAamv8JWxEfyGEV/V0fSaj7TNBYarHBGGHXhX1uFYQXMyVSTGNWmof7AmvhHol+CqgxSfzhq5i/ue+dtnNAfx1pZ+SzznBJsndUeltEi8CdsIqcdGlldO0UWIj9G0pF2Fs6bvfi9heVKF1D1WaxUzjUZUdmSgzNZ3d6RAjhfA7ButjKdViaKjE93ARfOcl1I5kvR2whqe6RILkx+7NqoQ/JdR1uYbg7wmKPb5+zivmJWk+PBXXlncSTkzuUC9JTx/ypO5x4/op0SD/hz2YHhFonL4Y2tSgQGiAuBqYwWTBjy6NyX+59lKSrbNF2Dt1GdTtR1Dwvzxe8NneEV+kDMwgTEli9D0QDYu8pF6b8OegkK0UJk/gu6w/88xF+E4zTvoFjeXI/Wp9c0sN0zqgyUIWnLyhv5PVYa5TJt1W0RK9QmZyNJ6uLv0xS4LKf28TYU4rI8ilw4/w8lDFE3ox7pUuSa52b2cK5R5I9UXCwIuT+RQZD9QMu8/MFgbmBlI0fXol7Qr7BblK7vEy+HADgXcJQXJxhDcsIfy5YXNj1N1ps3My/FUD/Ui1gCM/4zt9sg9OMiJ4==Exbi-----END PGP SIGNATURE-----

Debian Security Advisory 5550-1

Debian Linux Security Advisory 5548-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5548-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
November 05, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : openjdk-17  
CVE ID         : CVE-2023-22025 CVE-2023-22081

Several vulnerabilities have been discovered in the OpenJDK Java runtime,  
which may result in denial of service.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 17.0.9+9-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 17.0.9+9-1~deb12u1.

We recommend that you upgrade your openjdk-17 packages.

For the detailed security status of openjdk-17 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/openjdk-17

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVH8rMACgkQEMKTtsN8  
Tjahiw/+KV2CipWhe7kpI5GXnMkCH9lOIYYv6S/zSu3RpB/zEH72QoAfJVRPazNy  
6ubJtk1kbrkc/mo6RFRw+0yVuo8czZ2NiVYc7E+pmVdCu1QT+M1BlV6xhN9KntpY  
pw2V+/+toyi0lmMRl13FgMC9loUdBHJO7zHbfNCKZAQHoBt1JK1UChwKDUC+UeGr  
0A/4wk5gMaKLMizr5nSEXsJS1D0cnAeqogIU42G6MdHTQnF1dTtXOtA3VbS+AnAl  
cPea29ALDnpruizp/7pBCu4q9hGvCrKYHxZ5ZIwfS7shfYSN0qqAtqmsw8ZSnAp6  
MlPwbdKfYWFhujvT3prQEtgPqowK+sMjSRHvjZyXIYrYK6/ORduckVpSHN3Ue3V7  
UcFKiZvVrub6YB9nFB0fbHs7FL4N/Eb75n8B5OzaHM1RrH12NNKWw9aghHEMofQB  
Isai5wglPnERZqDOYuUnrwxBfsRKGbRsYl86wYCnDBYSDtO5o6Fdp5daZBtm40dl  
fo4GoM2FVlkIFKR/xLviQ/l+q8bc3jOcT4ZtgiVlYHD5YuunT9pMxOYHHMF4NeP7  
ve+hB46m3GxVgeu50L3e7bOLEDbsMwXbhzN+IvR1IBNuwEvXUWy0jg4GZJQ30u7b  
l10rG4HjAvcL0U/axHmQcaKZWwd9cc9EfbQMUTJ5UzuSN9YcutA=  
=vysv  
-----END PGP SIGNATURE-----

Debian Security Advisory 5548-1

Debian Linux Security Advisory 5546-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5546-1                   security@debian.org  
https://www.debian.org/security/                           Andres Salomon  
November 02, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : chromium  
CVE ID         : CVE-2023-5480 CVE-2023-5482 CVE-2023-5849 CVE-2023-5850   
                 CVE-2023-5851 CVE-2023-5852 CVE-2023-5853 CVE-2023-5854   
                 CVE-2023-5855 CVE-2023-5856 CVE-2023-5857 CVE-2023-5858   
                 CVE-2023-5859

Multiple security issues were discovered in Chromium, which could result  
in the execution of arbitrary code, denial of service or information  
disclosure.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 119.0.6045.105-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 119.0.6045.105-1~deb12u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmVFF04ACgkQZF0CR8Nu  
djdzWhAAwLgUKUHw7DKsOlj52comEvShKoVSVrMM34ZDpcIizK/MtkQm/d7GsOU2  
D6AV6pI4vjR7mlbFiN9l99VIGF919iFsQdXdrq+49m/YafFVV3Q2EMagvhDRFRoF  
DJLtNml9gaWgvLoN77Uh0HShpoSWpVc9cXq8w+Xq8mpu+c9dkzquigY0Q0VWZqOs  
munuVIouMH7RhhCAiL+uJ67f1rDW49OEFvcFTyGWrdzpAgWP61u9Zq3iC4S9ovZP  
UprMUQt6+1wDH3/Mp020/Ln1XhCXfnlsvjXAmpygegbRttJAHwWPTyfvX0+ZdZ2h  
uLqDcF7EEtox+mZfLdVJZZVJyYugsGO5tqRk8psc77o1eW3BTaOgdSUYoereOm6O  
/47UJvpqQYRSjN52/FTGHAkXJhjOQHi0/BzSwXsi1szeNbAAUUThhSa6tXev0eTN  
xgW5xwP40gHScHEzla4rXnM/uyE/cRwBzyiocMQJi3eOREAyMGxUktruRehCSUS1  
GtUzWmFOlwtMIDPuzfK2ZJE1iv4stkfzcZtwfpHKiCkqY5fmkeSNrhVP8PmsK0bk  
kGW9AHnsLpYJj1MGNuIaGF1AxcWT6n3DrkUU7X/0ETxpA+2EVIrzgkikuq8mFfHe  
iEoBHpVeY3/iF1coGhHLFhSRD1OHECJ7ydU46Ji9fPH9tqcmTb0=  
=/Wn5  
-----END PGP SIGNATURE-----

Debian Security Advisory 5546-1

Debian Linux Security Advisory 5545-1 - An out-of-bounds write was discovered in the MMS demuxer of the VLC media player.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5545-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffNovember 02, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : vlcCVE ID         : not yet availableAn out-of-bounds write was discovered in the MMS demuxer of the VLC mediaplayer.For the oldstable distribution (bullseye), this problem has been fixedin version 3.0.20-0+deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 3.0.20-0+deb12u1.We recommend that you upgrade your vlc packages.For the detailed security status of vlc please refer toits security tracker page at:https://security-tracker.debian.org/tracker/vlcFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVEH5kACgkQEMKTtsN8TjYMow/+KOrk/MxdRYRFak834AI5p0eEiDJIJm9mdZmoW50O2w6ojYzhXMaMor91FYcE7EqhwbxIUnXayeMkRYktH0ihPVQA6J/Gzn3IVGVRR9Qk/er1YjHmTgaGRz642138+QB3YoZuYYcbTOMDfKLihDRIjW9qt1SSJibOS5qXOlYQ/YTYdNSSUu4xt7attLUDL/fYyuCiRGk9dkh0joc6UHzymufLHjN0YE63izBIx6LrygGLpueRqgGsphJGkf8KtZa7mE7aLidn/6RCEKf+egBvVukF7oFU9YrlNo2pChdpacB1f6Yj6p1kmHiMQifST6ZCVc+n4FkwpVfPMVxs/XWzuJDtqV6nOKQE0omNfbHDjYRykGkzWqIJVPl5ysHSYGf00I0YO6eiA7oXkfv6QKItHw3XS1PtXczlJVJE7GkrO9h9n+tgaq50Qq9L3dfHxHgifCLk6wkSls42GRpvpmChsI1rLNQBYE2+BqHeygeshmntJAjhZpKBSTIjdEJq2QdKW2S2YngN0FAdWvH1UhgtaZmiKCmflNbMij+4tuE09OGZyTyMcqZh0dt31S4jNLlzk5BqAjeEgkn/SJYFI5bhItHLnDsglJAsQHdFpRX2DObMZmmfRRVjFGSxa8aTO/mMpPzyg2IxQwt08XZlj5diO25Gtvdt8W17MCQ3W+Y7bEQ==5Fzr-----END PGP SIGNATURE-----

Debian Security Advisory 5545-1

Debian Linux Security Advisory 5544-1 - Damien Diederen discovered that SASL quorum peer authentication within Zookeeper, a service for maintaining configuration information, was insufficiently enforced in some configurations.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5544-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffOctober 31, 2023                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : zookeeperCVE ID         : CVE-2023-44981Damien Diederen discovered that SASL quorum peer authentication withinZookeeper, a service for maintaining configuration information, wasinsufficiently enforced in some configurations.For the oldstable distribution (bullseye), this problem has been fixedin version 3.4.13-6+deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 3.8.0-11+deb12u1.We recommend that you upgrade your zookeeper packages.For the detailed security status of zookeeper please refer toits security tracker page at:https://security-tracker.debian.org/tracker/zookeeperFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVBUggACgkQEMKTtsN8TjaJAQ//RJ2xwJfLXiLajonTRcY6uhLmMT65GCkzbaVs+WExii/Ip1RWLTh4LScQG/OkOQGEs4OhlxSEBzkQJTSuEvY42AU4aBBSjollcA7HmlXZIJCabuZ69CWWOBJW4Ad57iIi1orRhVjt7Yyd2puZlDeKisnwmPB4kJeYUPGxIWFe8FXnHfrUEUs3xexugjJoMNXQ1xLEjtg8pRCbgDtxZEeuV0Bycbcd/TZj5m8j9UcwXRcA+IX7usHQXYH8fCFTfl+GtWE2/5sOnsVpSK5/u6l2FabvkdswzcehShNAAdamj1i4SCF/p3yGSgw1FoW7Lsz7rPXRBzlo8x4iAa9X4ykqHByowt3H4GwJcOS66E2+7AUhrZFRzTDq0npC9/xQ0orwWwMd1jRBKTWob2H/FMyjcZnRB+eeT1fERTHPQWXAuFkqDzh5YOMevWgx/YP8nfEAAiVWtLiJ45VhUJcjyM9lqoGL9d3YoUVHVmsFu8UI3W0WsM7eQaz18Ql2FQ315O7eFhK2VY7NTwlKgsFdA3pMtR3oYPXgsUHJVhZJHT7wT/ZJsd5CEVSo/wwks14xoVC/vOmhOaUBoPI2wvqzF85tJ1DNhnN3qSq79cLO2e3I4/XJwApAUarELzcOe5J/T7PxF2YyCzmUvdGoOZimzaYMtt+xRIoplqXcrSOJW2X5BGA==f4nP-----END PGP SIGNATURE-----

Debian Security Advisory 5544-1

Debian Linux Security Advisory 5543-1 - Two security issues have been discovered in the Open VMware Tools, which could result in privilege escalation.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5543-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
October 31, 2023                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : open-vm-tools  
CVE ID         : CVE-2023-34058 CVE-2023-34059

Two security issues have been discovered in the Open VMware Tools, which  
could result in privilege escalation.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 2:11.2.5-2+deb11u3.

For the stable distribution (bookworm), these problems have been fixed in  
version 2:12.2.0-1+deb12u2.

We recommend that you upgrade your open-vm-tools packages.

For the detailed security status of open-vm-tools please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/open-vm-tools

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVBVQYACgkQEMKTtsN8  
TjYsrg/9F9eIADdIEeqnR+hc0Dc9YE6yK49aTbADMw3CBAARSRKHtcDsWjqcnRON  
hvzZapmYQ64g7Cxp5/8eD+NnL/69zf+hYV171QJVJ62gfnY0jISZ2hsvqDFWkZK2  
D3CxX+8OVrwAJClFgE7BztjkWE8xl7KkpdD4EsbODZeFbGRvq5/fMrfltfZ+iik6  
5RcHLXWtWVPQ5B/HPkL02D6iMleB3USl9r92EhM94dGVpziW37a/mPlsm/MjWFVp  
XXXEXSGX23t33A8iihBLJxroPNLcTG5KKl725zocg4VSmxuzUOX1DbtSNWP+jKfb  
SrB+a3F6Y2VWN1R2F1sv0zEjpsJmkFysIMa7NN1ngPM+L8F/A7aD8HPgjmYObAmj  
UQdSTm/C4Zl7XqyHR13i3uJI9XPa4lys7B8RwY6MOJIDOy3UMiFhRlw/G9m0WNLF  
JLlsbQPr5so/WqKln7bDaMBJLdRyMv1o8yR+5hSBqwu1rnsIBv8EDWwiIAmBYmzw  
MOkNdi+N3gaK+5q5pwQM5rJmN4/pWNzb0kWOH8Is/ZuYIAie1mjYFUngG0Ef49b/  
Hsq5Se4cShDvl/WZDYWuyyy4azbjI00ukWXbj81/c7jw0lwzosthtV0piEJO2oQh  
3ymplyXXtPQedQ1nwgOHBx4eb3dSsYRAj71Blbf9BLD8UdndywA=  
=VMwp  
-----END PGP SIGNATURE-----

Tag

#debian