Debian Linux Security Advisory 5534-1 - Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5534-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
October 25, 2023                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : xorg-server  
CVE ID         : CVE-2023-5367 CVE-2023-5380

Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server,  
which may result in privilege escalation if the X server is running  
privileged.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 2:1.20.11-1+deb11u8.

For the stable distribution (bookworm), these problems have been fixed in  
version 2:21.1.7-3+deb12u2.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to its  
security tracker page at:  
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmU5Ka5fFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0QyCQ/+I9BqRAzJ78GD6U4eSHq/BIp8eelKlubxCbrRhLAL6bD5RT3WnqpKTvvN  
wW1BU6Cety4OW9NiWzOwfXPkujHs2JAow5pxmdOld7r616dS5pKNcJKM/mi+KQCb  
QKQw/KNo2bgy/exJaGM1GjzaAO2jhypH/KHM1qcVziNM75NO2puMu26cqlWZf6vi  
ALa6RYVQ8MiQqx0jZVjbr2W8L3vs05aB/+mNwucDBFmGeNjTCjQ4AFmSfjkOyZtk  
nUUOtCwA7dSh8bv62knLrSbh+heV+y+gsK0eQb2akyJLG5iE7CITqn1fU4DrPlFp  
RxeuYeXczJOPj82ET/+rKvQVUN6OmuDk6yKlpSWajYPTCVgNhzDaLRen05CqXiT1  
wprIXezkCzMP6MPg1NAwPMk+VWXHz6fb48612prZBgkUetSF8wvTeZ9+lTG5Avi1  
2rcY0EFtKjUVT6uP2ZJGXYs81OM5PGFqkvttcGFHLWNjQe3Hm8upUpcNgbBeNKwR  
HYLdkMkjrZVbAWKcbaH68ahhd6gvNWEeZFGo/3ZWcdWF73j0zWOYYKkM3bHqBNkb  
YiNdVtwvt4/d/haOXZ26AJOnq8rdOhfNw+nJm/YqEs7C2R4VmTzQrWRUE4qRCkmr  
5RfymT7sAZUB3RcNflxyw9TTO55/LHILIuEQN4IncByzBd5qly8=  
=pBIG  
-----END PGP SIGNATURE-----

Debian Security Advisory 5534-1

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.

**Name**

CVE-2023-46316

**Description**

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.

**Source**

CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

**Vulnerable and fixed packages**

The table below lists information on source packages.

Source Package

Release

Version

Status

traceroute (PTS)

buster

1:2.1.0-2

vulnerable

bullseye

1:2.1.0-2+deb11u1

vulnerable

bookworm

1:2.1.2-1

vulnerable

sid, trixie

1:2.1.3-1

fixed

The information below is based on the following data on fixed versions.

Package

Type

Release

Fixed Version

Urgency

Origin

Debian Bugs

traceroute

source

(unstable)

1:2.1.3-1

**Notes**

\[bookworm\] - traceroute <no-dsa> (Minor issue)  
\[bullseye\] - traceroute <no-dsa> (Minor issue)  
\[buster\] - traceroute <no-dsa> (Minor issue)  
https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/

CVE-2023-46316: CVE-2023-46316

Debian Linux Security Advisory 5533-1 - Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5533-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
October 24, 2023                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : gst-plugins-bad1.0  
CVE ID         : CVE-2023-40474 CVE-2023-40475 CVE-2023-40476  
Debian Bug     : 1053259 1053260 1053261

Multiple vulnerabilities were discovered in plugins for the GStreamer  
media framework and its codecs and demuxers, which may result in denial  
of service or potentially the execution of arbitrary code if a malformed  
media file is opened.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 1.18.4-3+deb11u2.

For the stable distribution (bookworm), these problems have been fixed in  
version 1.22.0-4+deb12u2.

We recommend that you upgrade your gst-plugins-bad1.0 packages.

For the detailed security status of gst-plugins-bad1.0 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/gst-plugins-bad1.0

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmU4L/BfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0TxqQ//eRO99HAGSxBpe+slujteJrf9SkyJBdolvoEvz2ZjbiDVSJlwcGdpeYI+  
61ADafQx5L/klbx9FJoiIgRq9OtfzQMAMH3RBhL637EuzFOeQBwBWAQBqs6/MAbi  
tiYrFusMxPUsxt8EEBCrDZSCOgyW+HOP2nKnmxsx1LnVvYbdHF15m7hRoj6SKvpG  
Kf8oCHzFKG+4iEKzrSPPRjxVe1ao7I1/xzVPvDN6pFibj3wNNBRM+a5KyHpaAcpw  
F0V9yT+qYr9FJQEaaIk3rx5JtzNw1KHn8qds8wTZh71mGRI8WkAls8DeKNAE4xtz  
SGF/SLAUfKukRdYYk2IKe2zLzcrn/KCq9wcdGLOm2ufKJNeiNZUHIr0GxIf/hPOa  
Kh6yauX7CbUPbYlMRvG1ikt5i3uywNoaClyRXv/8viYrZJC8FfW7Q702UrbBzXzc  
fkG2jhYXboaZmaMZeX/jXp1tw/GmOvZoPkxQfaf9QHG57ly3gu132dKezzAmXQS8  
DHrDFvTqL8QKbS9532YvMsS6/JTMqnoZ6ykcSjgXn1pOedxENxA0xw6S0K9aV4PJ  
CR9i3DK7CRe/Sf53IlK6+zhsBgrXce3TU8EOAz9PavICEedVaOSIwnW/uPyxQlNe  
omGF2ka6RC4NvK42/i8SioDWNHtVpUYA/L6hhRrLXP2V9hGHznU=  
=GYlt  
-----END PGP SIGNATURE-----

Debian Security Advisory 5533-1

Debian Linux Security Advisory 5532-1 - Tony Battersby reported that incorrect cipher key and IV length processing in OpenSSL, a Secure Sockets Layer toolkit, may result in loss of confidentiality for some symmetric cipher modes.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5532-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoOctober 24, 2023                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : opensslCVE ID         : CVE-2023-5363Tony Battersby reported that incorrect cipher key and IV lengthprocessing in OpenSSL, a Secure Sockets Layer toolkit, may result inloss of confidentiality for some symmetric cipher modes.Additional details can be found in the upstream advisory:https://www.openssl.org/news/secadv/20231024.txtFor the stable distribution (bookworm), this problem has been fixed inversion 3.0.11-1~deb12u2.We recommend that you upgrade your openssl packages.For the detailed security status of openssl please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/opensslFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmU4GHNfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0TXww//aymYKy2Mo+x2RSQkTt3ojSPDCR0nOfdMPy5yYVUQ0CL4NdngPvtGuTTbH2pdTOBo9RF0YJzCnVA1jCS2UBc//grcsnB3RkW2zzRZbXPTELsLow43/w/jo5lZvm4VYlxiYUiTzXS88LM4vUGPc62cDE+BzZUDOxsygvwqpqa248T+ZdhDFSoIyoCNWaTBjBmyhiqD7OMp4nv4ui6qX+srBbOrLNoiCbzStwbg03pi4WNrfCIKadIy5ibYFjLL73Uyp/mHj+C1OLotPiKV1CLkW1MsHZYhen4zTchTRNEMORsoVKHLvW/X+njEHCMmRfqIvF82EN+9fw33FGpiI70HLjyQIwVQ+NabJNLANOJG/w7NqVMPngQz7BNDddPOnKMXFpaxmlWM+LR7HBkArSOz/cUb3lpyCheL5rs07FZDGmGZZrHKcvuFKvwS4gvNoBSkNSMHMloAPcYI6SQsKk6ps62E55tzzhyAgIZChJYy4RH3azT/Ud2JohWedhN6ScXXYEOQpSePA6egfdY+2ZiH+WJnZu6yoX0WL4gbR2PQTysy/P8HMnd1QvE+OmzyfBeUPlYEBW7Wg/7u9vROGJEQWmbwbIWptV3/BBVh+b79AvegDARNvh6y+5aXVSbE5QHowfYzmwIASYIJoSggb6LQQY1h+SDVj/E6zlglxDE6qQ8==OgKn-----END PGP SIGNATURE-----

Debian Security Advisory 5532-1

Debian Linux Security Advisory 5531-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize HTML messages. This would allow an attacker to load arbitrary JavaScript code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5531-1                   security@debian.orghttps://www.debian.org/security/                       Sebastien DelafondOctober 23, 2023                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : roundcubeCVE ID         : CVE-2023-5631Debian Bug     : 1054079It was discovered that roundcube, a skinnable AJAX based webmailsolution for IMAP servers, did not properly sanitize HTMLmessages. This would allow an attacker to load arbitrary JavaScriptcode.For the oldstable distribution (bullseye), this problem has been fixedin version 1.4.15+dfsg.1-1~deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 1.6.4+dfsg-1~deb12u1.We recommend that you upgrade your roundcube packages.For the detailed security status of roundcube please refer toits security tracker page at:https://security-tracker.debian.org/tracker/roundcubeFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmU2FhEACgkQEL6Jg/PVnWTgbQf/T08r3SQ/NFUpzs1/8k+euPOyysNFnW7JZ1LcI+ug5iF8RrdEVVuURZHK7i/SuRNomgEQbUyVpgSb9rb6z5qkc0k6gbfh2+KMRk0ViHhG1+tuEe1O99abXt+5LUQNtXWVMAniWWdbtdQeCBHWgxMpstarWq4akgCnx1Dj7Tj8PyX05+bYFpR79WMqCKypX4lz1kP8U3U5c0tPDi/zjuzGT1IvVSyWPesaNHzmD4ZMr9A/dcDBtxQ+kTaPN3GVPJoDG9TVOcHQTqcb2MmTQY5FtvQswVCXiEsugbmgOQ4wiUYlV90C8s4ALSxBBiv+mOUCKZH/mNNjNeHKADW+nOkOeg===TSzb-----END PGP SIGNATURE-----

Debian Security Advisory 5531-1

Debian Linux Security Advisory 5530-1 - Several vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface, which may result in denial of service and shell escape sequence injection.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5530-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoOctober 22, 2023                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : ruby-rackCVE ID         : CVE-2022-30122 CVE-2022-30123 CVE-2022-44570 CVE-2022-44571                 CVE-2022-44572 CVE-2023-27530 CVE-2023-27539Debian Bug     : 1029832 1032803 1033264Several vulnerabilities were discovered in ruby-rack, a modular Rubywebserver interface, which may result in denial of service and shellescape sequence injection.For the oldstable distribution (bullseye), these problems have been fixedin version 2.1.4-3+deb11u1.We recommend that you upgrade your ruby-rack packages.For the detailed security status of ruby-rack please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/ruby-rackFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmU1FpxfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0SAig/+MS3miFMErKy2l1DjwlzjchJC0cyfMHdVn1mpWZMd3iRVuKqqhRt/GlLSXYFRaU6loJ69WqZGLdnDJtKiOUkJPip5BIL2EZccYdg7nDkvvXs6ATffnC11B/SnJ0N7YAYubtyE/924H+mLh+rpx5sMkmGWHKGssQzP1e2erpBl3FRIQcWm/E1PkvZY3VmRbSluAxb3nQ6+bm+5RDNZOzPtkFQkEuGFV4BNFYqh0JWO2lKLkdG6r8+SaeBGKq5i+WtuHxYEVLB1Go6mvyymh8vDq6Mfimfas9B9SYDKjdiU3VOLoiaXEkjepdQFzSm1QVyk9aYJ6Qb5yy8hrr8XPfVuqlumF+ACpsAK1wH+WtKdiQkdZsvFpcYKn5g4q3zMa8RSoDAEnnc9AmGGdDOT/5sdosby1XAlrO7EoVGuhzKR7i1CtAdmnvABwf1dVqv3Jrn6pg+1c278vFc/n/fyXaHiPolRhr4xSxaNiT0OQ/f+ZUJg5NAT8WIS355kefSzAWVpOYB4kMM3OcWWwohkYWf6WuUoZZsIKvdE8dnAhV6NYaChrS6wA3fiLoQu0U9m+4jdB0IDLy+uffIzYCfeFepyq/Gg8e6TIx/T8Rf1uX8VFAvqiBXc3oIlGQMfaulmQel8mGBXceLIMU+Ze0kRmMf3j5JLWotnKRFNDHAW11U2OWU==tPF2-----END PGP SIGNATURE-----

Debian Security Advisory 5530-1

The threat actor known as DoNot Team has been linked to the use of a novel .NET-based backdoor called Firebird targeting a handful of victims in Pakistan and Afghanistan.
Cybersecurity company Kaspersky, which disclosed the findings in its APT trends report Q3 2023, said the attack chains are also configured to deliver a downloader named CSVtyrei, so named for its resemblance to Vtyrei.
"Some

Cyber Espionage / Malware

The threat actor known as DoNot Team has been linked to the use of a novel .NET-based backdoor called **Firebird** targeting a handful of victims in Pakistan and Afghanistan.

Cybersecurity company Kaspersky, which disclosed the findings in its APT trends report Q3 2023, said the attack chains are also configured to deliver a downloader named CSVtyrei, so named for its resemblance to Vtyrei.

"Some code within the examples appeared non-functional, hinting at ongoing development efforts," the Russian firm said.

Vtyrei (aka BREEZESUGAR) refers to a first-stage payload and downloader strain previously harnessed by the adversary to deliver a malware framework known as **RTY**.

DoNot Team, also known by the names APT-C-35, Origami Elephant, and SECTOR02, is suspected to be of Indian origin, with its attacks employing spear-phishing emails and rogue Android apps to propagate malware.

The latest assessment from Kaspersky builds on an analysis of the threat actor's twin attack sequences in April 2023 to deploy the Agent K11 and RTY frameworks.

The disclosure also follows Zscaler ThreatLabz's uncovering of new malicious activity carried out by the Pakistan-based Transparent Tribe (aka APT36) actor targeting Indian government sectors using an updated malware arsenal that comprises a previously undocumented Windows trojan dubbed ElizaRAT.

"ElizaRAT is delivered as a .NET binary and establishes a C2 communication channel via Telegram, enabling threat actors to exert complete control over the targeted endpoint," security researcher Sudeep Singh noted last month.

Active since 2013, Transparent Tribe has utilized credential harvesting and malware distribution attacks, often distributing trojanized installers of Indian government applications like Kavach multi-factor authentication and weaponizing open-source command-and-control (C2) frameworks such as Mythic.

In a sign that the hacking crew has also set its eyes on Linux systems, Zscaler said it identified a small set of desktop entry files that pave the way for the execution of Python-based ELF binaries, including GLOBSHELL for file exfiltration and PYSHELLFOX for stealing session data from the Mozilla Firefox browser.

"Linux-based operating systems are widely used in the Indian government sector," Singh said, adding the targeting of the Linux environment is also likely motivated by India's decision to replace Microsoft Windows OS with Maya OS, a Debian Linux-based operating system, across government and defense sectors.

Joining DoNot Team and Transparent Tribe is another nation-state actor from the Asia-Pacific region with a focus on Pakistan.

Codenamed Mysterious Elephant (aka APT-K-47), the hacking group has been attributed to a spear-phishing campaign that drops a novel backdoor called ORPCBackdoor that's capable of executing files and commands on the victim's computer, and receive files or commands from a malicious server.

According to the Knownsec 404 Team, APT-K-47 shares tooling and targeting overlaps with that of other actors such as SideWinder, Patchwork, Confucius, and Bitter, most of which are assessed to be aligned with India.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

DoNot Team's New Firebird Backdoor Hits Pakistan and Afghanistan

Debian Linux Security Advisory 5527-2 - The webkit2gtk update released as 5527-1 introduced a regression that is causing programs such as yelp, liferea or gnucash to stop working in certain cases.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5527-2                   security@debian.orghttps://www.debian.org/security/                           Alberto GarciaOctober 20, 2023                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : webkit2gtkDebian Bug     : 1054101The webkit2gtk update released as 5527-1 introduced a regression thatis causing programs such as yelp, liferea or gnucash to stop workingin certain cases.For the oldstable distribution (bullseye), this problem has been fixedin version 2.42.1-1~deb11u2.We recommend that you upgrade your webkit2gtk packages.For the detailed security status of webkit2gtk please refer toits security tracker page at:https://security-tracker.debian.org/tracker/webkit2gtkFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmUyH/UACgkQAAyEYu0C2AIhCg/7BId/Qgv5kasQ8yZE0iPYI7cBsXq6dYAkwCzdLcE3JI7zKej9QtPrXOAp8dPdu5hMGrC/jOS0P+iVcFNCUeIr6VMAFXjHtmF4ZsjdyWBfhtNsU+IoSgGpFpGys3qlBiAjGnLAzfYs1qeMxwmf6+NLyh0x3Z3T2sRijchsJ8+mxIWH24XV4qmy86TyJ3Ce4KuDSV/W9+ATgEjar0HQXxTRVGAsFbReMzo4LPjVKC9Ml6cBXIXJ63N/5WLXSwgqtyeQoFytrS387rQngktg+5mjT9Ergi5O4BCNpSeZ4oXEmvrhS37R+urCx3Kb0ZrqLrQjp9dE1H1s308UQTtgxEqzZaq0Q6w8mHdJnkm7kW1Q9DBIGYs+sNTj/jsyBt3yw4KJsmoKLH7lToKCMlVxaPbLv6k/da1UnQDn/D+hyVeUs7WxCxQDWZcu+isaZABNt/GJ3i9AWtYDqCIRoXKSNOemX6gywhCFN83FERmZpzGekyCFM6t9GNU13QXzsz95xcCwncKAJvHVmu1t82MXjtojkPK148OWdueH5upsLl746JHI+K+oKjJ1XuhmaxGwiP4e65k5TBfcqdz8MVoE4oDlPi8tzr5FCo8TZ40WuN1vF11UqTBE6mRz43Kgc/DTAGBnl2u13WesvYW2WYBilcgUE11V7XFbU7pGw67Htruoi3E=/OcM-----END PGP SIGNATURE-----

Debian Security Advisory 5527-2

Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal.

CVE-2022-47583: "[31m"?! ANSI Terminal security in 2023 and finding 10 CVEs

Debian Linux Security Advisory 5522-3 - A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong value for the overheadcount variable forced HTTP2 connections to close early.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5522-3                   security@debian.org  
https://www.debian.org/security/                          Markus Koschany  
October 16, 2023                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : tomcat9  
CVE ID         : CVE-2023-44487

A regression was discovered in the Http2UpgradeHandler class of Tomcat 9  
introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong  
value for the overheadcount variable forced HTTP2 connections to close early.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 9.0.43-2~deb11u9.

We recommend that you upgrade your tomcat9 packages.

For the detailed security status of tomcat9 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/tomcat9

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUtrGRfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD  
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7  
UeRklBAAg7AmsDgaOQ6E4PR41JewkEIlV/n/jfqEkhHXRxG9zG4yijcszgTcF3Ii  
rf3lBgytAMlSD7dRyy9HG6tRpgMTaajEgeAZdeL01mQf0JnJMg3WPZbkDV9kgyzy  
TMhKjMwaSi65nuBETud5OTZIVsnpaonWsQsTxjaIrbdGnQFJrr13cRVKrY8aT5Ur  
AxtxTFL8FGQxU+RgTehV5KMbtCY9kZhemwyQ6LRk1UstWhype8/ydK7UCaQEJ777  
zyl7ioGvv15GmZMMJCZ1zH0Z6FXlhbVDLCcVshJN3/ddlVTC9Xx10lCEx/hZY29x  
b6Stq/YMayZMoKQY2V3JeQbM3OMCPalpcPU+/WbhuX9eZuWHapnlyTwgsjQOVLNc  
prPfuUAAGCmNFuPMqN//EtmSQV5SP+dqJrwcGMxWDmuagB4qD9nbwtr1zNb5QJpK  
rK24yHlY3Pmu1yegPIeZIJxuFMc5N5cIDj7BfKY51nnV5kbHRshSacBmbm4Sxvfv  
lqEPeqZKogGIAXvmPSeC1gCoL0l98rKVOq3bc8+9z2TgB7W/vB60/IyM1pR8svPu  
+ShPWFh+tkWvt4PjgZ+qThM+xGkcMX12lhRDmFhs4rE8IQIDChiZWBMReggtw6Ii  
ETuYDmr5EAd5u5ymMyQmououeNKwRDi4AbGRPV7JddIVkcbUxgk=  
=ENCN  
-----END PGP SIGNATURE-----

Tag

#debian