Debian 10253 Published by

Debian GNU/Linux has been updated with multiple security enhancements, including bind9, netatalk, thunderbird, firefox-esr, and exim4:

Debian GNU/Linux 8 (Jessie), 9 (Stretch), 10 (Buster) Extended LTS:
ELA-1246-1 exim4 security update

Debian GNU/Linux 9 (Stretch) Extended LTS:
ELA-1245-1 bind9 security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 3968-1] netatalk security update

Debian GNU/Linux 12 (Bookworm):
[DSA 5821-1] thunderbird security update
[DSA 5820-1] firefox-esr security update




ELA-1245-1 bind9 security update

Package : bind9
Version : 1:9.10.3.dfsg.P4-12.3+deb9u17 (stretch)

Related CVEs :
CVE-2024-1737
CVE-2024-1975

Several vulnerabilities were discovered in BIND, a DNS server
implementation, which may result in denial of service.

ELA-1245-1 bind9 security update


[SECURITY] [DLA 3968-1] netatalk security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3968-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
November 28, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : netatalk
Version : 3.1.12~ds-8+deb11u2
CVE ID : CVE-2022-22995 CVE-2024-38439 CVE-2024-38440
CVE-2024-38441

Several issues have been found in netatalk, an Apple Filing Protocol
service. Three issues are related to off-by-one errorrs and resultant
heap-based buffer overflow. One issue is related to primitives offered by
SMB and AFP, which might allow an attacker to write arbitrary files and
eventually execute arbitrary code.

For Debian 11 bullseye, these problems have been fixed in version
3.1.12~ds-8+deb11u2.

We recommend that you upgrade your netatalk packages.

For the detailed security status of netatalk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/netatalk

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



[SECURITY] [DSA 5821-1] thunderbird security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5821-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
November 27, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2024-11692 CVE-2024-11694 CVE-2024-11695
CVE-2024-11696 CVE-2024-11697 CVE-2024-11699

Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.

For the stable distribution (bookworm), these problems have been fixed in
version 1:128.5.0esr-1~deb12u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[SECURITY] [DSA 5820-1] firefox-esr security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5820-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
November 27, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2024-11692 CVE-2024-11694 CVE-2024-11695
CVE-2024-11696 CVE-2024-11697 CVE-2024-11699

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, spoofing or cross-site scripting.

For the stable distribution (bookworm), these problems have been fixed in
version 128.5.0esr-1~deb12u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


ELA-1246-1 exim4 security update

Package : exim4
Version : 4.84.2-2+deb8u13 (jessie), 4.89-2+deb9u14 (stretch), 4.92-8+deb10u11 (buster)
Related CVEs :

CVE-2023-42117
CVE-2023-42119

Multiple potential security vulnerabilities have been addressed in exim4, a
mail transport agent. These issues may allow remote attackers to disclose
sensitive information or execute arbitrary code but only if Exim4 is run behind
or with untrusted proxy servers or DNS resolvers. If your proxy-protocol proxy
or DNS resolver are trustworthy, you are not affected.
In addition
CVE-2021-38371 and
CVE-2022-3559 have been addressed for Debian 10
“Buster” and
CVE-2022-3559 for Debian 9 “Stretch”.

ELA-1246-1 exim4 security update