Headline
Debian Security Advisory 5742-1
Debian Linux Security Advisory 5742-1 - A vulnerability was discovered in odoo, a suite of web based open source business apps. It could result in the execution of arbitrary code.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5742-1 [email protected]://www.debian.org/security/ Sebastien DelafondAugust 08, 2024 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : odooCVE ID : CVE-2024-4367Debian Bug : 1074228A vulnerability was discovered in odoo, a suite of web based opensource business apps. It could result in the execution of arbitrarycode.For the oldstable distribution (bullseye), this problem has been fixedin version 14.0.0+dfsg.2-7+deb11u2.For the stable distribution (bookworm), this problem has been fixed inversion $bookworm_VERSION.We recommend that you upgrade your odoo packages.For the detailed security status of odoo please refer toits security tracker page at:https://security-tracker.debian.org/tracker/odooFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAma0mLEACgkQEL6Jg/PVnWQKXgf+O9Wy7m7xU3IXmoUyhAvyeKoIEKP1jeTJ5GgFxAyOOJzuWFB9lgtF8o6GiA/TZReuabMq9jFH/Dn5eovF6lI4YpUGwThRTCBZRcGz6KiKdgZ6RiI5MRKsoHoVcn+5N2ecnJ+VFzz2jYzxcfD1Z3/KoiICVZscSbLlxi1ubNTMWQRP5n0YYJ9MxUm1YQY17+3heZdS6IRbxjS/KXJL3MxTQsmCHnoNMXs8+iKtstaFPpYhlc9NrQAIEUwQt4S1UpOZxcXcVtqiv1BkIvxswFytLTE/wTqxeSEzgBan8qelTCu1J+jo+woYzLdHTU3ag03HdiSsem+qdGBMmM9ldRbvGA===eMxY-----END PGP SIGNATURE-----Related news
OX App Suite frontend version 7.10.6-rev44 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2024-3784-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.10. Issues addressed include bypass and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-3783-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.10. Issues addressed include bypass and use-after-free vulnerabilities.
Ubuntu Security Notice 6779-2 - USN-6779-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory when audio input connected with multiple consumers. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Thomas Rinsma discovered that Firefox did not properly handle type check when handling fonts in PDF.js. An attacker could potentially exploit this issue to execute arbitrary javascript code in PDF.js. Irvan Kurniawan discovered that Firefox did not properly handle certain font styles when saving a page to PDF. An attacker could potentially exploi...
Red Hat Security Advisory 2024-3338-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include bypass and use-after-free vulnerabilities.
### Impact If pdf.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. ### Patches The patch removes the use of `eval`: https://github.com/mozilla/pdf.js/pull/18015 ### Workarounds Set the option `isEvalSupported` to `false`. ### References https://bugzilla.mozilla.org/show_bug.cgi?id=1893645