Debian 9988 Published by

The following updates are available for Debian GNU/Linux:

[DSA 5655-2] cockpit regression update
[DSA 5662-1] apache2 security update
ELA-1072-1 xorg-server security update




[DSA 5655-2] cockpit regression update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5655-2 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 16, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : cockpit
Debian Bug : 1069059

The update of cockpit released in DSA 5655-1 did not correctly built
binary packages due to unit test failures when building against libssh
0.10.6. This update corrects that problem.

For the stable distribution (bookworm), this problem has been fixed in
version 287.1-0+deb12u2.

We recommend that you upgrade your cockpit packages.

For the detailed security status of cockpit please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/cockpit

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[DSA 5662-1] apache2 security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5662-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 16, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : apache2
CVE ID : CVE-2023-31122 CVE-2023-38709 CVE-2023-43622
CVE-2023-45802 CVE-2024-24795 CVE-2024-27316

Multiple vulnerabilities have been discovered in the Apache HTTP server,
which may result in HTTP response splitting or denial of service.

For the oldstable distribution (bullseye), these problems have been fixed
in version 2.4.59-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 2.4.59-1~deb12u1.

We recommend that you upgrade your apache2 packages.

For the detailed security status of apache2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/apache2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


ELA-1072-1 xorg-server security update

Package : xorg-server
Version : 2:1.16.4-1+deb8u16 (jessie), 2:1.19.2-1+deb9u19 (stretch)

Related CVEs :
CVE-2024-31080
CVE-2024-31081
CVE-2024-31083

Multiple vulnerabilities have been fixed in the Xorg X server.

CVE-2024-31080
Heap buffer overread in ProcXIGetSelectedEvents()

CVE-2024-31081
Heap buffer overread in ProcXIPassiveGrabDevice()

CVE-2024-31083
Use-after-free in ProcRenderAddGlyphs()

ELA-1072-1 xorg-server security update