Ubuntu Security Notice 6714-1 - It was discovered that debmany in Debian Goodies incorrectly handled certain deb files. An attacker could possibly use this issue to execute arbitrary shell commands.

==========================================================================  
Ubuntu Security Notice USN-6714-1  
March 25, 2024

debian-goodies vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

debmany in Debian Goodies could be made to execute arbitrary shell  
commands if it received a specially crafted deb file.

Software Description:  
- debian-goodies: Small toolbox-style utilities for Debian systems

Details:

It was discovered that debmany in Debian Goodies incorrectly handled certain  
deb files. An attacker could possibly use this issue to execute arbitrary shell  
commands.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
  debian-goodies                  0.88.1ubuntu1.2

Ubuntu 22.04 LTS:  
  debian-goodies                  0.87ubuntu1.1

Ubuntu 20.04 LTS:  
  debian-goodies                  0.84ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6714-1  
  CVE-2023-27635

Package Information:  
  https://launchpad.net/ubuntu/+source/debian-goodies/0.88.1ubuntu1.2  
  https://launchpad.net/ubuntu/+source/debian-goodies/0.87ubuntu1.1  
  https://launchpad.net/ubuntu/+source/debian-goodies/0.84ubuntu0.1

Ubuntu Security Notice USN-6714-1

Debian Linux Security Advisory 5644-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or leaks of encrypted email subjects.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5644-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffMarch 21, 2024                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : thunderbirdCVE ID         : CVE-2023-5388 CVE-2024-0743 CVE-2024-1936 CVE-2024-2607                  CVE-2024-2608 CVE-2024-2610 CVE-2024-2611 CVE-2024-2612                  CVE-2024-2614 CVE-2024-2616Multiple security issues were discovered in Thunderbird, which couldresult in denial of service, the execution of arbitrary code or leaksof encrypted email subjects.For the oldstable distribution (bullseye), these problems have been fixedin version 1:115.9.0-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 1:115.9.0-1~deb12u1.We recommend that you upgrade your thunderbird packages.For the detailed security status of thunderbird please refer toits security tracker page at:https://security-tracker.debian.org/tracker/thunderbirdFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmX8hhAACgkQEMKTtsN8TjaPmQ/+MTNu1OKBG0MkU8R2C+yhcuJUjtzb61MQNZR0H/0eDli0iOT0KzNSt5HgkV9EIM/OrLSTaWjSP0ZCP5LwOvXSe+ziyHBmmXDd6UAOkzequdqZqnrWxwJENo0Gvb8tQYRGjKGtKGXwKTNOut+Ap33NzwHoX2ERqLyDT9Ta46N2bJGwwWgiiYH340d0Mlfu/CgOdGSo3oKgsY7zbiFylDt+uTK5vXINbQQjaIkuh4II/ScixXfUw8ipNYb78jAkWoQkNFHTTf1jPiFFUULpfW0MfBFdxE6Fv9VrJzfUP/mCRHel9A8tsVWTnBKT0pcHF8lVLWEvgs/OSsvgybD1Iu6/sLck4hELskhTyKKY2yPcAl5cAfo9z/FmknUwlHaDFJw7cLMoG0oJustQFXltvnptzSuxwzi+dcCk7UBz3ggouGv369Vl+q2BaOJ17tA0LT9rnFvzC9qllX0oFeD1REFBDwQUFszJ3JN3ltr/Z/3n8Alsa63wxbRU+e80bMc6ZADmQIypTa23JihaYA7c3sGxCFo7q9phlb6Lm39BZwIF3x6YxcHvgz4oIrDZkfB3bE/F0eyz6Z0UkPczuwNj+bedjFsdapAtqYWPV13w14euj5GoYBwO+p4y5C+cegxECd6L+avOw0KgO2OpZ5VhnVdncRC/8TPu0y9UIIdFz6vZMGc==zIpz-----END PGP SIGNATURE-----

Debian Security Advisory 5644-1

Debian Linux Security Advisory 5643-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure, bypass of content security policies or spoofing.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5643-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
March 21, 2024                        https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : firefox-esr  
CVE ID         : CVE-2023-5388 CVE-2024-0743 CVE-2024-2607 CVE-2024-2608   
                 CVE-2024-2610 CVE-2024-2611 CVE-2024-2612 CVE-2024-2614   
                 CVE-2024-2616

Multiple security issues have been found in the Mozilla Firefox web  
browser, which could potentially result in the execution of arbitrary  
code or information disclosure, bypass of content security policies or  
spoofing.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 115.9.0esr-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 115.9.0esr-1~deb12u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmX8hg4ACgkQEMKTtsN8  
TjZaQRAAiv9/1XXyf7adkJH/OKTE/0i+V76myrlzPZ0Akg3KmzRl3oELVmIGL8rx  
/jBxqQCz2Ulab/1gY9a4EWWrIhkFstli7cyBFz0kQlKhOLTks5txS6gEyLfEbHke  
tZFw+k/pf7Kxfpmnr9/GM4k9bGhg4dD1/mpAdKYqGlD/ZPpwEJt51Q1mn3SPJNkM  
ukjLGiFE9iht5GEhIXb7Pw/nTYl0RDAGtHv6x3Gkg/4F9jbG2J7vRzmo5JQ4LMHI  
7NRgcQOrVcfNiNLYz0Ayd9Tam4mjokq4+u3VhLb5G9disnYzXSAe5UlonmlHqFDN  
swPkjkh+Pu2g1TJ1CRTUStvemv97I4iC7eHBTQLYYFBcC49s8Igbd4WipdygM9Ke  
Gr6hDbr9GMgzGI52yf3CVbEebqdgnGf21jSUhVCqDu51z2ZX6nQxLclzYrcmzhi8  
r0BOrrDtMP9u1A9M/jjm9zbeEiPCtrQTA0G8WLqlSeH2vMj2ys5c0DRNftu1KOkJ  
LDmPZAyakEnk6omL6YpR3RE2dU5aAUsA6KF00Cm6jRm8meUmUesaqauMjjT+o2z9  
BsvjbFVGiOhCm3o8esrxYKmuV5ybh0zGMky0+c9WRb9SA9YQ8QTOp8CKdicohsVW  
9pdu6kwrsbilcaCfaLk60po7xzl52g9RTYEyknr05yzpJIC06mE=  
=ZJGt  
-----END PGP SIGNATURE-----

Debian Security Advisory 5643-1

Debian Linux Security Advisory 5626-2 - One of the upstream changes in the update released as DSA 5626 contained a regression in the zoneToCache function. Updated pdns-recursor packages are available to correct this issue.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5626-2                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffMarch 20, 2024                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : pdns-recursorOne of the upstream changes in the update released as DSA 5626 containeda regression in the zoneToCache function. Updated pdns-recursor packagesare available to correct this issue.For the stable distribution (bookworm), this problem has been fixed inversion 4.8.7-1.We recommend that you upgrade your pdns-recursor packages.For the detailed security status of pdns-recursor please refer toits security tracker page at:https://security-tracker.debian.org/tracker/pdns-recursorFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmX7NHgACgkQEMKTtsN8TjYmWA/9Giw5BeLyYAgiOstBqROGI0vIGwEIC+0/mQxKLlQ690kcEOcJ6qczMN9lRIspdi5xsLyXJzWNU3TMVNS9v9V+hlg14W3U11Roi9DmkL3haBTCKozFElAqsNTBpYyEVjweac5L72BdFGqVhcpwIz9huj+C+YtHqHzsCpGFaVAZaLjwkBsairmSryFOV4L3wpXtQLWxGEjpY844PSBWQNm5ptRsyJ80jpYSe/0E86QyDafb/keRad8JX1zqi/eF4rGySXXCnnh34dpxoP94RI5+UPF/dcgQBBP60dqUcw3P8QWG7VsEzqL4J6lgRnu5OlanQTVp4JzVtarx+6LAX3VWIR/DD2yTf9W3zcHo+FgphaHnPJbPGDKXpE9HeypWuG/3lc94rIWBh8c6iiE7luOBNOovHJHEZXny91oJQjNqIkb3rc/pGn5IIHnaCankt2CHhVhM3md9S0UsmStu+wtMloR8P1JnbVYjhWEG/LyACIynmf7z6V+eaEcNXVtpuf/lDcP3Muf8Mpfp2HuSzoH4+EdvkrZIW85A2/3hJoFNu50vSAaU2CbkP1K4+WtpqKENkodCl4eyZSSg/CZmjd+PI3DJXLXeRbF9u5+5F3hGyKDFJptA2bUjS3STm6bBp9Yj/sCMdYB2a3NcOQwKu1kSqTpDwzfs6GJHq9nX9CV2YZg==xkb9-----END PGP SIGNATURE-----

Debian Security Advisory 5626-2

Debian Linux Security Advisory 5642-1 - Three security issues were discovered in php-svg-lib, a PHP library to read, parse and export to PDF SVG files, which could result in denial of service, restriction bypass or the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5642-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffMarch 20, 2024                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : php-dompdf-svg-libCVE ID         : CVE-2023-50251 CVE-2023-50252 CVE-2024-25117Three security issues were discovered in php-svg-lib, a PHP library toread, parse and export to PDF SVG files, which could result in denialof service, restriction bypass or the execution of arbitrary code.For the stable distribution (bookworm), these problems have been fixed inversion 0.5.0-3+deb12u1.We recommend that you upgrade your php-dompdf-svg-lib packages.For the detailed security status of php-dompdf-svg-lib please refer toits security tracker page at:https://security-tracker.debian.org/tracker/php-dompdf-svg-libFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmX7NGEACgkQEMKTtsN8TjYo5w/+Pg6R1qOP4p3GoBWg9kiHwZBLx/tkHW2FCGaKd4sDPboHvT73kzX3LEPn5R+hBOGW07jB9VKn5icPte+UH/pTyl+5CKHG/4r8U8wNru83/mHqOmjsyneVBSMy1wX8RLVYQ0vtm2AEF6a97bYydQC206YMnmoiaw90CWNib8k88Uvj3+OL+j8TcL7X1F88/QU/dzHejJ3Qrto9ImOBYryemKIIt/BgRNJ9Dl1yaEgSs8CiYEMDmJ0Wg10mpbH9MUIqmbGlrnJsfILMe0x9x9aut1QXxzFpyY9cEWgnM3khyZsdg2NAuak+VXoL2OIFZKtgqZh8/1SvTMTzr3ayDB3zAACtZGa+ZCXA0FXeEekY9IOmEoIICRX70QOil9/F4RCPv45yaWSRBuG5nJcGogEfdpVEYURWDqs483PzVaQSE/rXCg4+xfaKG3f291h2rp9+tIj4Vrlbu6YDu7hYQARaa1b/SD3aM6iqfxO6c5c0gHgKJmZOjRg6N1ClxsSI+RhDJrw9N9YTZyzyunAV04gpdZVpOdqKH/YWI1NqB/VlpCvsOF0Hd7hh2T7Ri0yUR65f1zZIs3UfdJ3MiNMgnJdi05ZnOIvNWxN9ZzgAOSlyjIl6qRtRDikcUewubpBPzDuaLYPepVr60QIPHap7XNCohdRP0no5ows2pXgMzl3YCQU==OY4q-----END PGP SIGNATURE-----

Debian Security Advisory 5642-1

Debian Linux Security Advisory 5641-1 - It was discovered that fontforge, a font editor, is prone to shell command injection vulnerabilities when processing specially crafted files.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5641-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoMarch 19, 2024                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : fontforgeCVE ID         : CVE-2024-25081 CVE-2024-25082Debian Bug     : 1064967It was discovered that fontforge, a font editor, is prone to shell commandinjection vulnerabilities when processing specially crafted files.For the oldstable distribution (bullseye), these problems have been fixedin version 1:20201107~dfsg-4+deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 1:20230101~dfsg-1.1~deb12u1.We recommend that you upgrade your fontforge packages.For the detailed security status of fontforge please refer toits security tracker page at:https://security-tracker.debian.org/tracker/fontforgeFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmX5+otfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0QM6w/+I599jlPtxJcdadbT6efjRaGYhhj3ICkPG+l3Y+h7hcPAW8VbfdxR3ztPjYbqf1a6R1cb67NAunRLIkouA7uf1o5zix6bGmcLSmuwiqfoqGQOrQXKMZE6fvovYjzWVbQ+W9P+b3fywip7VI+pjC+coliYO/Y+6E0Ylg3GmVq5p/W9SGjefSNI8SKvQmZaUaVnEBVrX+riQ4AncOTKrIrV19mmbwKzZ5FgYLQVvhNrWimNO04RbNi/t+Dcr7rITXc4+e3guBlKjEuOaTdvWtMpwXxxAUU+Tqvgya8OQc10dHHKIIPbvJ1rhi2qk/+vdy6rbde7hwMqgBNUOFoJsIrn5+1bu7BPwU7IDp5C0ibZ/jtisc3JjtxHj5yz61n/d8+/+usRjKcAos/MKZa988KSNXUyqIv0NQ4Xk5l3AxDdBArDtxfMGKLuzYWMsVD7tlFuu7UcuyI7YY1FJcTDygoDb/CunXBq7yjMh9DEPQEMkWu6gFdge1gXWw20s0dko9Ypwtoe3BZ5ucbcyHjcfyAzlk+m2LIVO7TQJ5NvRuNuuE/kr+SDWbx4PIjidr5VslvGp2Nx784163P8fduUTxfSNLktsGdqPZmJI6R4FslQjd9oIgTd+/f1VU6tRTu8OcCqREfkwRVhtYrsTjwVvZ4x1OqAnKoxAGMCCCC7jzdk0JM==0dXN-----END PGP SIGNATURE-----

Debian Security Advisory 5641-1

By Waqas
Another day, another malware threat emerges in a country already at war.
This is a post from HackRead.com Read the original post: New AcidRain Linux Malware Variant “AcidPour” Found Targeting Ukraine

SentinelLabs researchers have discovered “AcidPour,” a variant of the AcidRain Linux malware targeting Linux systems in Ukraine. This new strain expands on its predecessor and poses a risk to users.

Researchers at SentinelLabs have uncovered a new variant of the Acid Rain malware, dubbed “Acid Pour,” which has emerged in Ukraine. The discovery was made over the weekend, with J. A. Guerrero-Saade, AVP of SentinelLabs, sharing insights via X (formally Twitter).

The original AcidRain malware surfaced in March 2022, notably used during the ‘Viasat hack,’ which disrupted KA-SAT Surfbeam2 modems at the onset of the Russian invasion of Ukraine.

> It's been an interesting weekend! Eagle-eyed @TomHegel spotted what appears to be a new variant of AcidRain. Notably this sample was compiled for Linux x86 devices, we are calling it 'AcidPour'. Those of you that analyzed AcidRain will recognize some of the strings. Analysis 🧵 pic.twitter.com/wY3PJKaOwK
> 
> — J. A. Guerrero-Saade (@juanandres\_gs) March 18, 2024

TomHegel, Principal Threat Researcher at SentinelLabs, identified the new variant, compiled specifically for Linux x86 devices. While AcidPour shares similarities with AcidRain in certain strings, it separates significantly in its codebase, compiled for x86 architecture rather than MIPS.

It is worth noting that popular Linux distros for x86 devices include Ubuntu, Mint, Fedora, and Debian. On the other hand, MIPS (Microprocessor without Interlocked Pipelined Stages) is a type of instruction set architecture (ISA), which essentially defines the language a processor understands and uses to execute instructions. Similar to x86, it’s a set of rules and specifications for how a processor operates.

AcidRain operated as a generic wiper, targeting common directories and device paths on embedded Linux distros. AcidPour, however, introduces new elements, referencing Unsorted Block Images (UBI) and virtual block devices associated with Logical Volume Manager (LVM), suggesting a potential expansion of targets beyond previous iterations.

Despite the similarities, there are notable differences, including a distinct wiping logic for devices like LVMs, indicating a potentially evolved strategy by threat actors. The good news is that SentinelLabs has raised awareness of AcidPour among stakeholders in Ukraine, although the specific targets and scope of the operation remain unclear.

The discovery goes on to show how fast malware threats are evolving, with attackers adapting their tactics to exploit vulnerabilities in various systems. From the perspective of an unsuspecting user or an organization in the business, both must keep an eye on cybersecurity threats like AcidRain and AcidPour.

Begin by prioritizing training for yourself and your employees, as phishing attacks act as a primary gateway for malware infection. Consider leveraging AI-powered chatbots such as ChatGPT or Gemini AI to compile a concise yet essential guide outlining preventive measures against phishing, malware, ransomware, and data breaches.

1.  Someone DDoSed Ukraine’s national postal service for 48 hours
2.  DDoS Attack and Data Wiper Malware hit Computers in Ukraine
3.  Hackers Using Old WinRAR Flaw in New Cyberattack on Ukraine
4.  ‘Destructive malware’ fakes ransomware to target Ukrainian orgs
5.  Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails

New AcidRain Linux Malware Variant “AcidPour” Found Targeting Ukraine

Debian Linux Security Advisory 5632-1 - It was discovered that composer, a dependency manager for the PHP language, processed files in the local working directory. This could lead to local privilege escalation or malicious code execution. Due to a technical issue this email was not sent on 2024-02-26 like it should have.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5632-1                   security@debian.orghttps://www.debian.org/security/                       Sebastien DelafondFebruary 26, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : composerCVE ID         : CVE-2024-24821Debian Bug     : 1063603It was discovered that composer, a dependency manager for the PHPlanguage, processed files in the local working directory. This couldlead to local privilege escalation or malicious code execution. Due toa technical issue this email was not sent on 2024-02-26 like it shouldhave.For the oldstable distribution (bullseye), this problem has been fixedin version 2.0.9-2+deb11u2.For the stable distribution (bookworm), this problem has been fixed inversion 2.5.5-1+deb12u1.We recommend that you upgrade your composer packages.For the detailed security status of composer please refer toits security tracker page at:https://security-tracker.debian.org/tracker/composerFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmX0DyUACgkQEL6Jg/PVnWSBoggAmRdaBN8p7agJH0S2fvEJWuF+gFAAY4112EeOzbHwk/Bm6EuTY9VcGTtjHlW8X3t/H1+NW5xejcm1gEaXIE2HHIc1KTaG3ui/kKC2T3ybx0cmnqYWu/TJWmw+nbaneBK74PkXukzFvjuYaOy7a6EgnpNcMhc0b2tc/IqIUOYiePKbg4lio8u6q5rP5uFIJydeqI0IXja6H4N0ub/zOAn6I6C3ToKMa0WnfllmrMaj/JnBbgam3VrT06n63NoW6xZepdMDP3QofOVWWP5HshF/0CH1BGEcKS6AtAaIgARalFMgbP6SU8NDsgNFQ3UCiuR+sTjZc2YA0muIpmBGSPVyAw===y4my-----END PGP SIGNATURE-----

Debian Security Advisory 5632-1

Debian Linux Security Advisory 5640-1 - Two vulnerabilities were discovered in Open vSwitch, a software-based Ethernet virtual switch, which could result in a bypass of OpenFlow rules or denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5640-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffMarch 14, 2024                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : openvswitchCVE ID         : CVE-2023-3966 CVE-2023-5366 Debian Bug     : 1063492Two vulnerabilities were discovered in Open vSwitch, a software-basedEthernet virtual switch, which could result in a bypass of OpenFlowrules or denial of service.For the oldstable distribution (bullseye), these problems have been fixedin version 2.15.0+ds1-2+deb11u5. This update also adresses a memory leaktracked as CVE-2024-22563.For the stable distribution (bookworm), these problems have been fixed inversion 3.1.0-2+deb12u1.We recommend that you upgrade your openvswitch packages.For the detailed security status of openvswitch please refer toits security tracker page at:https://security-tracker.debian.org/tracker/openvswitchFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmXy+NgACgkQEMKTtsN8TjasEQ//V4q2/qeHlZk+Sr/73jLvDOA7u6O+FxGGi+LHBiYIoUlD+E2jEq/pAzaK/hlpHCKO1g5bkf7/TcA9TaMyxo498LmT6/TX6SNB+lxOcJQlS8KyT/JtNQt31nk4LND1IU/WFliMdNQoqwYgZVp6innCmb2hTYcxTKeGeQndnaTRIGo/FShxgCBZHwOJKB39eg0hQCDgx1DzfkA0e9u/I7Vq4MKEitV5u1H+Uf9embZaUsfwJCSaeshuxmp4U20r2V9hxXVYrhAeFWYGiDEY+Di4O9fDOVLw2An19ncQjDquLfRYqdys8AMxzi3+Vm0VasMAmZlEhdjcSjtotMI3tjgLcWGOz8BGdBUTAKK0FMtzPHLMhjfJ/cpC6jxZ19ZJcD3OUDIA6nf4CZjW4BOCImukqm9EUJtcQFZAGONdkelNYiz6V5R6IpbAVtLPVkx5yyWWEPXau6eZKhKO0aMcBiAGUYs2LI0rmrmPBdTtQcZJmTx7U+jZiPO6Dx0YP5DMwY23Z8GWPZeDX/2C8HBPqAMKfsWzIOEcXJ0HlAnVyJnC7XGBb+q4W+RFDWhcXYbi40SyyHrDqYBg/ne7WxEnmzfMk3F9cqRCn+owV2lbYxYRKIDZngyg2JK3sdjMUfnFE+5D8QRvxQQMYM9H8q3iBzR1KVEi6cpUUoTZCz6qI5rcH6E==ZEHS-----END PGP SIGNATURE-----

Debian Security Advisory 5640-1

Debian Linux Security Advisory 5639-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5639-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonMarch 13, 2024                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-2400Security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bookworm), this problem has been fixed inversion 122.0.6261.128-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmXx7LIACgkQZF0CR8NudjcWZA/9E8Fv7qz1xdAfgt/f8Iueu24Ct3n2/0yIvZ7GZCEHhyeU7jPaieh3LKL2HIvafH9UWOlU643jHefoX4xQVos3uc8VuXjBAfX0AJrRl0N0JR4am7EpbKJ/WkQjSqpklh9QFbm+0g5iKbhWVA3KI+IZ8wkx/g4QUxYpmF2Pou6xZWIr3RkWX0T2x/Bb4nG9CrVOwQg5BltP6jPln269sU/5Olr6VL3S4KN+1CdBySmXrrhKVsxpbi7qLa9d+czGAjYhAp/2YGCEz67Ib55n/1mhaCL7fqU2cZHBdwqYjTBJqOnsGVJSm8Q7hbJ2i7SaETJkk9oVYIN8XUw2xzdONGS44Xd/rhUesJzsfduYNSD+Yhq+AhqKmxGILshMC+Vz6elNGgG7mKaUwj7/6FtN6VmP0jiVbHMLRpH1ROvph2uENUQYPE/slfkYluNhPTU4BefBnGghyfj6E9HBV3AjWTR/EmsrMUF9+kbs6AEwVlAiVArJorQ63kbRQ5KXFdvJnQ22XDztR+zWwfS5QhQAyEmpdhO/UoFfVyhWnzbfolEUkEmv/MlTFndCoiYWErmqpXLui7Iq66rEgjLJHv2V8s6jJvsT6a75XdjRCaZkCKab/f/pCI6xLZtn2JhL6LkGeY2qpmZOsEwieBbVvsix6ysmmmXIinEmE7Ckf66ENs7TKZw==RmDM-----END PGP SIGNATURE-----

Tag

#debian