ELA-1073-1 expat security update
[DSA 5668-1] chromium security update
ELA-1073-1 expat security update
Package : expat
Version : 2.1.0-6+deb8u11 (jessie), 2.2.0-2+deb9u8 (stretch)
Related CVEs :
CVE-2023-52425
Expat, an XML parsing C library has been found to have an vulnerability that
allows an attacker to perform a denial of service (resource consumption, when
many full reparsings are required in the case of a large tokens.
When parsing a really big token that requires multiple buffer fills to
complete, expat has to re-parse the token from start multiple times, which
takes time. These patches introduce a heuristic that, when having failed on the
same token multiple times, defers further parsing until there’s significantly
more data available.
The patch also introduces an optional API, XML_SetReparseDeferralEnabled() to
disable the new heuristic.
[DSA 5668-1] chromium security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5668-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
April 20, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium
CVE ID : CVE-2024-3832 CVE-2024-3833 CVE-2024-3834 CVE-2024-3837
CVE-2024-3838 CVE-2024-3839 CVE-2024-3840 CVE-2024-3841
CVE-2024-3843 CVE-2024-3844 CVE-2024-3845 CVE-2024-3846
CVE-2024-3847
Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
For the stable distribution (bookworm), these problems have been fixed in
version 124.0.6367.60-1~deb12u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
