Debian Linux Security Advisory 5702-1 - An integer overflow in the EXIF metadata parsing was discovered in the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5702-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoJune 01, 2024                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : gst-plugins-base1.0CVE ID         : CVE-2024-4453An integer overflow in the EXIF metadata parsing was discovered in theGStreamer media framework, which may result in denial of service orpotentially the execution of arbitrary code if a malformed file isprocessed.For the oldstable distribution (bullseye), this problem has been fixedin version 1.18.4-2+deb11u2.For the stable distribution (bookworm), this problem has been fixed inversion 1.22.0-3+deb12u2.We recommend that you upgrade your gst-plugins-base1.0 packages.For the detailed security status of gst-plugins-base1.0 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/gst-plugins-base1.0Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZay4pfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0RlARAAmIfIncL6OtrDoqmsIdVoAhc3ouI+X6X+GdkTellF4MUxo5e5t7L4AwNCSxLAHqbqEgYRicB4pn6gv8AMBzN1Sn/8i3l8V74Eh93IVaId11hbXPEY4YUM3/MdbHQNf8HYkBxfB0PbkuuIWiZpxRTbI9eyo0TwzzF4r74J2032k3hH5hHA+dbO8RiUl//tv3WYpimyL6xrtxM7duws9r3iloEgUNHC2igJVZ0VRnYfmhIF23euzbcCbOalpufHn7DR5CSbp0y2DMDIjwOu14ZJSvvgKzr1knH2t/zW2TuHnVwbDoSP1KBvpcqe8kaSKcIJZoetxsIv/5wNoVj2IikDUomFO02QPGXIEuMrzYc7ZkX8JC4/+6dgRzKXgFzPXuAU7gHtcmLLfIRnMkg5FVsbJfSUXDaL5tTW5YZ8aSoBUMHn/dNzfJXGn2oE0nVce4cf0JpeTwMFYs9xT7xn0XCU8CggUjODGY11jGowPpgOXnLO3y08tx6iJ34MQPcFSbhFkrRCgWXEhLTF9N0xpnmiYM0VanA3m2zJlBacotOfEG3ipeRrHylMTUun9ATrxXWvVNY5hSSB7eK9X6RBSvRdtDPzJ5gzbk3zlH7MKIIyx6CiI+Zx51I292K36kmi9zmyFBZgnBzPX2Eigp0bNNZlRwOlOFYKwClcdsgO5yvaxX4==f9Uv-----END PGP SIGNATURE-----

Debian Security Advisory 5702-1

Debian Linux Security Advisory 5701-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5701-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonMay 31, 2024                          https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-5493 CVE-2024-5494 CVE-2024-5495 CVE-2024-5496                  CVE-2024-5497 CVE-2024-5498 CVE-2024-5499Security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 125.0.6422.141-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmZaBlEACgkQZF0CR8NudjcgGA//SPgci/IE8IgkqDwqhd/m2goBVMeCCg3D7pkDZmUPfXaC9wZsAdMi5ner8S+UFUcSc1s9thCNIx7DNsyRa37f18Ou/qaEfu9iY1JAiKg8R23yBEuLqwfFtohV4WjMVhqXu5UBizaz+BrUhHlvgBGkBAVvc1G2ornFNf19LNx1qcxmHdWRqPI7aKqoNKZ0V7V9RfnBC1KzIIA2V8dkhLZ2Kxb/i60KbDbqeIJVTIkHnhmVQ7QxRg/pUEjkzR752P2RHgYk8vlyYTHdv/8M0bPkNrXy07gxvUN5MLJmG9P69u3JDcoabnOoJ2r46HqhZZeUZZFcxiDn9Z9jP8S57HoxC9S4Xk2aZaey5B+/23DfWQLxbeHql24tRXRFMKzStFja7M6KjRVO9Y6xIHjiyQeDMULmV+7rEwC0PonoV2Ts0i0DtaOrtZTN3KGgR5p9eEUcIAP2QkIKKBtKTtvyzoFZL+ZQ8gBTpPdovkrJ86ZGBpy9J1c4oE6yN7Hh9Aw8HWpYC4bM5QPSHBZLZVuM4mgNUB14PVVR8mQAwmy1VXGXkzSWGgsSKl+XlDyqZl4AAgm3PORqw8vJ0xHbPJ5ez/fP2uXprToo4yMBgSEFt64e5n/YWROopfQK3TKTfclIK+96y/oK2GYtn6E0V+L+aloTIF4yA0oWATtTAO5dn7rhD60==UO0f-----END PGP SIGNATURE-----

Debian Security Advisory 5701-1

Ubuntu Security Notice 6802-1 - Lukas Fittl discovered that PostgreSQL incorrectly performed authorization in the built-in pg_stats_ext and pg_stats_ext_exprs views. An unprivileged database user can use this issue to read most common values and other statistics from CREATE STATISTICS commands of other users.

==========================================================================  
Ubuntu Security Notice USN-6802-1  
May 30, 2024

postgresql-14, postgresql-15, postgresql-16 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 23.10  
- Ubuntu 22.04 LTS

Summary:

PostgreSQL could be made to expose sensitive information.

Software Description:  
- postgresql-16: Object-relational SQL database  
- postgresql-15: Object-relational SQL database  
- postgresql-14: Object-relational SQL database

Details:

Lukas Fittl discovered that PostgreSQL incorrectly performed authorization  
in the built-in pg_stats_ext and pg_stats_ext_exprs views. An unprivileged  
database user can use this issue to read most common values and other  
statistics from CREATE STATISTICS commands of other users.

NOTE: This update will only fix fresh PostgreSQL installations. Current  
PostgreSQL installations will remain vulnerable to this issue until manual  
steps are performed. Please see the instructions in the changelog located  
at /usr/share/doc/postgresql-*/changelog.Debian.gz after the updated  
packages have been installed, or in the PostgreSQL release notes located  
here:

https://www.postgresql.org/docs/16/release-16-3.html  
https://www.postgresql.org/docs/15/release-15-7.html  
https://www.postgresql.org/docs/14/release-14-12.html

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   postgresql-16                   16.3-0ubuntu0.24.04.1  
   postgresql-client-16            16.3-0ubuntu0.24.04.1

Ubuntu 23.10  
   postgresql-15                   15.7-0ubuntu0.23.10.1  
   postgresql-client-15            15.7-0ubuntu0.23.10.1

Ubuntu 22.04 LTS  
   postgresql-14                   14.12-0ubuntu0.22.04.1  
   postgresql-client-14            14.12-0ubuntu0.22.04.1

This update uses a new upstream release, which includes additional bug  
fixes. After a standard system update you need to restart PostgreSQL to  
make all the necessary changes, and possibly perform manual steps as  
described above.

References:  
   https://ubuntu.com/security/notices/USN-6802-1  
   CVE-2024-4317

Package Information:  
   https://launchpad.net/ubuntu/+source/postgresql-16/16.3-0ubuntu0.24.04.1  
   https://launchpad.net/ubuntu/+source/postgresql-15/15.7-0ubuntu0.23.10.1  
   https://launchpad.net/ubuntu/+source/postgresql-14/14.12-0ubuntu0.22.04.1

Ubuntu Security Notice USN-6802-1

Due to missing file extensions in $GLOBALS['TYPO3_CONF_VARS']['BE'][‘fileDenyPattern’], backend users are allowed to upload *.phar, *.shtml, *.pl or *.cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability.

Derivatives of Debian GNU Linux are handling *.phar files as PHP applications since PHP 7.1 (for unofficial packages) and PHP 7.2 (for official packages).

The file extension *.shtml is bound to server side includes which are not enabled per default in most common Linux based distributions. File extension *.pl and *.cgi require additional handlers to be configured which is also not the case in most common distributions (except for /cgi-bin/ location).



Skip to content

**Navigation Menu**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  GHSA-f9hr-7cfq-mjg2

**TYPO3 Arbitrary Code Execution via File List Module**

High severity GitHub Reviewed Published May 30, 2024 to the GitHub Advisory Database • Updated May 30, 2024

**Package**

composer typo3/cms-core (Composer)

**Affected versions**

\>= 8.0.0, < 8.7.23

\>= 9.0.0, < 9.5.4

**Patched versions**

8.7.23

9.5.4

**Description**

Published to the GitHub Advisory Database

May 30, 2024

Last updated

May 30, 2024

GHSA-f9hr-7cfq-mjg2: TYPO3 Arbitrary Code Execution via File List Module

Debian Linux Security Advisory 5700-1 - An SQL injection was discovered in pymysql, a pure Python MySQL driver.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5700-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffMay 29, 2024                          https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : python-pymysqlCVE ID         : CVE-2024-36039An SQL injection was discovered in pymysql, a pure Python MySQL driver.For the oldstable distribution (bullseye), this problem has been fixedin version 0.9.3-2+deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 1.0.2-2+deb12u1.We recommend that you upgrade your python-pymysql packages.For the detailed security status of python-pymysql please refer toits security tracker page at:https://security-tracker.debian.org/tracker/python-pymysqlFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZXZeAACgkQEMKTtsN8TjY9cRAAkMErPcbiz3MnN7NmUuqkG/NmbuUM9smN4WZp8sF6kCsCm9G8M/dSioS+IpZMFUv1DDELh2HtxWjvA+fqMTddY3CxINKmJEiMKPd8I02CjJsq1gArH8VVAaxNFQRyU69RA1hecMcQvR1lEssciddFfkzpe6E1SXK/Mp2JMNWmtpRJNUZ9khhIf4PrthpForQN8EzQs8gJRQ/2rN48TgcAA/bGyS+W5PGJbb+1RjW5H4eaNo1HHgZNwJNcTjkylG9MV7nzC5ThCPb7ycrIadYPV/IAYqnh5qUHQnDDROFvWE1MDdn9cPxGYoDmFk+/Sgxe9HXRE+Dr8/h0vb0tBBSqN6nBG/OBHKT3eKsDJVPt8TWkBuagsCvNFY3a7Unu9NQC6NavUanspOacnY1W65BYHUq/5e/U0cLyZgJcPzaJSKeZHVsHLHLStqbKUCWVBpDxX+5eVd8v3hxGq32H3e71MKqoLV5FzWUzf77qe8SxhWJ+7YSUdYVpVjZXtronaUvPKTub8p2d32dAZOSQYTbeehQpb1pIoVBWNxAOi12xTz8y7qta/DspjF4Tj3ks+9EiKtS7Bzf+jEQmYEI04RxRn/wdHRFhYjwaGsvhlaH221Y/w53fczJ5bj2zQODBJShGhuNmwpz9Jr7fvI+gZE3smVkMLWaJPl2BhtF2kAFB62s==sLat-----END PGP SIGNATURE-----

Debian Security Advisory 5700-1

Debian Linux Security Advisory 5699-1 - Multiple cross-site scripting vulnerabilities were found in Redmine, a project management web application.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5699-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffMay 24, 2024                          https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : redmineCVE ID         : CVE-2023-47258 CVE-2023-47259 CVE-2023-47260Multiple cross-site scripting vulnerabilities were found in Redmine,a project management web application.For the stable distribution (bookworm), these problems have been fixed inversion 5.0.4-5+deb12u1.We recommend that you upgrade your redmine packages.For the detailed security status of redmine please refer toits security tracker page at:https://security-tracker.debian.org/tracker/redmineFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZQw0gACgkQEMKTtsN8TjbXDhAAlwLX55/MEXwBGXK2/diyo0jALkcur3+674tfQQGzTDeOzN9LVxJLLSS6FkgJEv/9bW/EjRpltBR64eqPjJC8JSmiqcEC7YU0paZi4gKyurBBy1F5hI2kHHFNM9KzjIh44Wak6W/3PtJHw8nClZMG2uJZFiXhqzrR1Gv+NWlFILhNyB1RGzB5hQYr2/arb7tEj4heXGWtahrbzi7YZS5a0aREK0nQ7y09DCYpvlJTlpt3almGxPJhpbyzRTwhRMrOTOZJHfwAwxjND2xmblfvkeQxLrNbBBEO9NO18cN69lOMA/sG3haMMkVKRpZFIaEl+F8t0WIqlAog4JjiivrhkFL3Px4uthuD0HzAzxveHvC9rgqPWUOre2eLBONo74Wsx5kY+gY7RZyNJRQ7VRk71lRlqAlGSofJ9ckfOincXV8lT7DEEcki42Qhrx8Fw682z5m+ozyaI0FBK4yiKiZ44bgjIb166paoxhA+H9WiubhR70Z2SMUG2x7IqktbTa+oboSXOc2zYDFpIa5XWXWJz6OspHBxGE7JF+Zs/eRhxXsAJb/diJB6msgDGTFAmynvAifcfDHczRqG56AG8jVku4nIGT0Q7INAeukhdWUU5jyqYrcF0UoPa+c+NW4g5CZNACKjpFAIwo+WJceUMsgVy8ZvIV/IRH12XtslD50K1yM==Fejb-----END PGP SIGNATURE-----

Debian Security Advisory 5699-1

Debian Linux Security Advisory 5698-1 - Multiple security issues were found in Rack, an interface for developing web applications in Ruby, which could result in denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5698-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffMay 24, 2024                          https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : ruby-rackCVE ID         : CVE-2024-25126 CVE-2024-26141 CVE-2024-26146Multiple security issues were found in Rack, an interface for developingweb applications in Ruby, which could result in denial of service.For the oldstable distribution (bullseye), these problems have been fixedin version 2.1.4-3+deb11u2.For the stable distribution (bookworm), these problems have been fixed inversion 2.2.6.4-1+deb12u1.We recommend that you upgrade your ruby-rack packages.For the detailed security status of ruby-rack please refer toits security tracker page at:https://security-tracker.debian.org/tracker/ruby-rackFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZQw0YACgkQEMKTtsN8TjaEDQ/+In6arFD5sCgR6IZW2RiwAgBlLY9SAPlcuSI4qYkoN3JDMsm3dWV38UEOIwhvEiNpOXRiHCi4V15Eo92I1ayKJIZYM9n5B1pjGQrci5tl1cnFIfhfkIEjRET7OFRgL6TYgzsc5PKmlBNmff/yQOPXdw2q8dfgJkBb9Nc7GUxrhnsAdy/5mrW9NgSPerd65rYZ3NcGpSCiKcUcweatBalf2GycXFXSNzUlYw4nGuEOM5P4uyB8TI0lhaxy+hQA24fVGfKIldSHvQu4gs2jN2CaCNp4KyV5SkAtK7lBTxWMihmXwhzvpGeKF/ABokicqj4AC/T1BhjqS7S5/CjScmJwwkOcpaNhcqoI9wmFkx/bVYbQGmFuYPibziBHfBeucZhCFW2zhxSGYX/oWx/V4J3kBwMMUll4pI3AM0SEs/loeU3k+eLR7mq1ElcLt+IOmQpwNIIuvy/r8wvSySBLXu07b1lS29LMtqk3qXdb3HO6e2QznIdW6CatcewEc6uWOAzUBSFwvA1kgXWFqT9gj17RQ6VdMAdOw+5dkWIbJrWeJfiDdlT6R0KWpAfExQFzLbywtKJAtOnS7v+jyBkPlTg5Rz6z7o6PCf5fYA42FnI6p5AAryPvEupbiE6N72K1+8x+mDeiPFLlmrlP3tUsdhVwSfD5AEO+Qiyi04rYY7w55RM==9BYJ-----END PGP SIGNATURE-----

Debian Security Advisory 5698-1

Debian Linux Security Advisory 5697-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. Google is aware that an exploit for CVE-2024-5274 exists in the wild.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5697-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonMay 24, 2024                          https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-5274A security issue was discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure. Google is aware that an exploit for CVE-2024-5274 existsin the wild.For the stable distribution (bookworm), this problem has been fixed inversion 125.0.6422.112-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmZQvDgACgkQZF0CR8NudjemlQ//Q1bTXczbYNw/gT4PCqkr956Xe0sR9tQ660X/281kR132ri1mfMfU7WT8HCmvM3aL7r9gy5ia9RCtvThRjde7CNrI4fDux6YIsv5xnfyalcxDDjXN9uz2Iy1JMq3fRjH2MhR0zK6vNiovc8DI0BcC2sWiBy3OiXIewkzO0sq54Z8g3Q/VZq9waNAAhbW7GhznVCqC1KQOzYT6/bLi9WshF9x8tOmfbNVzqBVQ2vQIJsr02gQ+kygohuNBqJjHvkt7IgkawsdQCcxLrlM/Wwa+YYTSKtjEmFG4uoL3jvFS3uRiXoSmFBrawaS/KVQ267IiXu9qt5gn/SfXLgH2/ERau9csmLW0hlX3QeHodLD/msFNRHpMKgIplkvehP0qYqcDLGhgvP2ZmaBJMq0eU/SVB+2BKYN9SrWGSG+AHalkCGqmFzlEgbhui2zsoH9hf41uaFiRSs9sr8eMVCP2q8JXXlZAEoCi1HfP0/nbwyfsKGQ2+vn4/kzQd/HaML9JeY57rfOS7E2F2hO2xpadYJtzA6+FY8nlv9Jh6UmgpvOMTYDdITuIS5nUy2AAhIBMgHVBnIrkcxFhbkfBCyDkDKIvQeIVxy6zFpRwvBaGpJCWsMgaTs2ibWX67G6tVZmu0iDpaS86cHK4OnQmgXY6HX02iSM6te88FGl61g7qbk7hbK4==JmnS-----END PGP SIGNATURE-----

Debian Security Advisory 5697-1

Debian Linux Security Advisory 5696-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5696-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonMay 22, 2024                          https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-5157 CVE-2024-5158 CVE-2024-5159 CVE-2024-5160Security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 125.0.6422.76-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmZOH24ACgkQZF0CR8Nudjeemg//Y1GqBjx++55D6XDRa23a2g0T4Y7TxemSEojcb8jR7JaVfFroql0d8fFymFyHjS9tk2dV2naoKjaOWmm87IHjGv1bQxr8b9/2qjPp5+cf7lu02jTEwSo6SroqserY1NuuJUyQfCs6K48wOjAoRDsrYHMXt2Db7Pu+nev0KB3mFWBfWrTErRQf5yoh0PxSik3hutUn8pGuLiiZZxrWsHopi+qyPSWPQU0O9o+u5jvtsmuVH1lmbu8B/QC66UWcEAWPlzstnJWf5i+4OoJA+go8jo/Z2UvRn7gEmMeUb0ykrVLJB3DY22iNrb+/801KxD2qrwZHOGR0Xm7ImnZrYG4VlWPJZjZ1AcMSZYb/cvMLaQ8Y+5k0wBipep1ICCD4/WvTN00a0D3OHIwpS2T5+gxRfQ3TWhQ6pfH90lzZZdxELOXeuiFZebW22aBjd+h5a97WPvYKoDpgM+em7a1k3cixfFucakEQA7FL5ovPmwFc9N59l/rjeFtu5QOptgq//rgj0N1EC7REAL7FWtiu8u8KOSB/sF5P9+GfWEEroHpm8ScfzBzV95Z6bYrET8qQnvGnSGz9ESaEb6W83v5oMPU54h03Xwm3gQRJqf89ke6UJYEIVkyeN5x6F2T+DUqTHhqQ5eZP8nl320BG516JXmw6jjsBF4SJeYXn/R/KFAg5Lq0==lRoo-----END PGP SIGNATURE-----

Debian Security Advisory 5696-1

Debian Linux Security Advisory 5695-1 - Manfred Paul discovered that an attacker with arbitrary read and write capability may be able to bypass Pointer Authentication in the WebKitGTK web engine.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5695-1                   security@debian.org  
https://www.debian.org/security/                           Alberto Garcia  
May 22, 2024                          https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : webkit2gtk  
CVE ID         : CVE-2024-27834

The following vulnerabilities have been discovered in the WebKitGTK  
web engine:

CVE-2024-27834

   Manfred Paul discovered that an attacker with arbitrary read and  
   write capability may be able to bypass Pointer Authentication.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 2.44.2-1~deb11u1.

For the stable distribution (bookworm), this problem has been fixed in  
version 2.44.2-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmZNsSQACgkQAAyEYu0C  
2AL2wxAAnx+ORCkML2MQZukV0lBt7yHzBHWaZHDWF8C3hbo8DPxqpNPGSRwpLb6M  
xzRbW+7LvdlQUuSEMs0ms00jh1wkmQh1cAa09n778+pYhu5oLm09HOU51ybWaWRM  
gojJiHC6svqhov5vxtqbSTUrpXzGQhp9ZYUAyCI49eJSzROIdk188CHHY1PxHZH1  
nwlQddTeaL63f+0nyXzHomFtgOhyA6ESmVgunS8/yoIxQUOn3T6MQOvdKlizMJAr  
watZ4fQq69AEqFMC2x8cCIZ6zZAhu4dLwagnundEdwZxeKRa6vAv6N5BLFx9lC8q  
HARmaMttDl1+3AMHwMiZDqdNt++L4Ldgy26PJQa8hsDlAmXQsR5qtR/xmS7+l6AN  
euXWeyF2DBM3GZgRzsACFJsnqYkQ9snQZdSYzHi2//xyskTpyHxYwMp/wFp4Kirt  
F05d66TocWkWviuYddytl0cRGb3X1I7pB+8vkw90ugIMJKFxh6cXDDPch6kTdMLg  
YPsSxV8/h1jcxr5MgST1LntvvhgGT70YV9HWJleQ33bmWqEQ6xF7vrIsKy3MiFx1  
jKGoI7GvgOrWRDUIZuw4680f9Hv4Cpz4R0uKMOS4wTbrEQkhv96E/sAcER8P9VYm  
9U6AuFAoA5KRU8BysUD3A/PzHo+wKwTSBUuKUGex8HnPIfmUEyw=  
=yLoR  
-----END PGP SIGNATURE-----

Tag

#debian