Debian 9988 Published by

The following updates have been released for Debian GNU/Linux:

Debian GNU/Linux 8 (Jessie) and 9 (Stretch) Extended LTS:
ELA-1094-1 bind9 security update

Debian GNU/Linux 10 (Buster) LTS:
[DLA 3816-1] bind9 security update

Debian GNU/Linux 11 (Bullseye) and 12 (Bookworm):
[DSA 5693-1] thunderbird security update

Debian GNU/Linux 12 (Bookworm):
[DSA 5694-1] chromium security update



[DSA 5694-1] chromium security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5694-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
May 17, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2024-4947 CVE-2024-4948 CVE-2024-4949 CVE-2024-4950

Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

For the stable distribution (bookworm), these problems have been fixed in
version 125.0.6422.60-1~deb12u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[DLA 3816-1] bind9 security update


-------------------------------------------------------------------------
Debian LTS Advisory DLA-3816-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Santiago Ruano Rincón
May 17, 2024 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : bind9
Version : 1:9.11.5.P4+dfsg-5.1+deb10u11
CVE ID : CVE-2023-50387 CVE-2023-50868
Debian Bug :

Two vulnerabilities were discovered in BIND, a DNS server implementation, which
may result in denial of service.

CVE-2023-50387

Certain DNSSEC aspects of the DNS protocol allow remote attackers to cause
a denial of service via DNSSEC queries. This is known as the "KeyTrap"
issue.

CVE-2023-50868

The Closest Encloser Proof aspect of the DNS protocol allows remote
attackers to cause a denial of service via DNSSEC queries in a random
subdomain attack. This is known as the "NSEC3" issue.

For Debian 10 buster, these problems have been fixed in version
1:9.11.5.P4+dfsg-5.1+deb10u11.

We recommend that you upgrade your bind9 packages.

For the detailed security status of bind9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/bind9

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



[DSA 5693-1] thunderbird security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5693-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 17, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2024-4367 CVE-2024-4767 CVE-2024-4768 CVE-2024-4769
CVE-2024-4770 CVE-2024-4777

Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.

For the oldstable distribution (bullseye), these problems have been fixed
in version 1:115.11.0-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 1:115.11.0-1~deb12u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


ELA-1094-1 bind9 security update

Package : bind9
Version : 9.9.5.dfsg-9+deb8u31 (jessie), 1:9.10.3.dfsg.P4-12.3+deb9u16 (stretch)
Related CVEs :
CVE-2023-50387
CVE-2023-50868

Two vulnerabilities were discovered in BIND, a DNS server implementation, which
may result in denial of service.

CVE-2023-50387
Certain DNSSEC aspects of the DNS protocol allow remote attackers to cause
a denial of service via DNSSEC queries. This is known as the "KeyTrap"
issue.

CVE-2023-50868
The Closest Encloser Proof aspect of the DNS protocol allows remote
attackers to cause a denial of service via DNSSEC queries in a random
subdomain attack. This is known as the "NSEC3" issue.

ELA-1094-1 bind9 security update