#debian

Debian Linux Security Advisory 5607-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Linux Security Advisory 5606-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, phishing, clickjacking, privilege escalation, HSTS bypass or bypass of content security policies.

Debian Linux Security Advisory 5605-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

Debian Linux Security Advisory 5604-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking sensitive data to log files, denial of service or bypass of sandbox restrictions.

Debian Linux Security Advisory 5603-1 - Several vulnerabilities were discovered in the Xorg X server, which may result in privilege escalation if the X server is running privileged or denial of service.

In Traceroute versions 2.0.12 through to 2.1.2, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. The affected wrapper scripts include tcptraceroute, tracepath, traceproto, and traceroute-nanog. Version 2.1.3 addresses this issue.

Linux versions 5.6 and above appear to suffer from a cred refcount overflow when handling approximately 39 gigabytes of memory usage via io_uring.

Ubuntu Security Notice 6590-1 - It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Xerces-C++ was not properly performing bounds checks when processing XML Schema Definition files, which could lead to an out-of-bounds access via an HTTP request. If a user or automated system were tricked into processing a specially crafted XSD file, a remote attacker could possibly use this issue to cause a denial of service.

Debian Linux Security Advisory 5602-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. An exploit for CVE-2024-0519 exists in the wild.

Ubuntu Security Notice 6579-2 - USN-6579-1 fixed a vulnerability in Xerces-C++. This update provides the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04 and Ubuntu 23.10. It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.