Debian 9955 Published by

Updated Expat packages are available for both Debian GNU/Linux 8 and 9 Extended LTS, as well as updated Chromium packages for Debian GNU/Linux 12:

ELA-1073-1 expat security update
[DSA 5668-1] chromium security update

ELA-1073-1 expat security update

Package : expat
Version : 2.1.0-6+deb8u11 (jessie), 2.2.0-2+deb9u8 (stretch)

Related CVEs :

Expat, an XML parsing C library has been found to have an vulnerability that
allows an attacker to perform a denial of service (resource consumption, when
many full reparsings are required in the case of a large tokens.
When parsing a really big token that requires multiple buffer fills to
complete, expat has to re-parse the token from start multiple times, which
takes time. These patches introduce a heuristic that, when having failed on the
same token multiple times, defers further parsing until there’s significantly
more data available.
The patch also introduces an optional API, XML_SetReparseDeferralEnabled() to
disable the new heuristic.

ELA-1073-1 expat security update

[DSA 5668-1] chromium security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5668-1 Andres Salomon
April 20, 2024
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2024-3832 CVE-2024-3833 CVE-2024-3834 CVE-2024-3837
CVE-2024-3838 CVE-2024-3839 CVE-2024-3840 CVE-2024-3841
CVE-2024-3843 CVE-2024-3844 CVE-2024-3845 CVE-2024-3846

Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information

For the stable distribution (bookworm), these problems have been fixed in
version 124.0.6367.60-1~deb12u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: