Debian 10236 Published by

Debian GNU/Linux has received security updates for chromium and glib2.0:

Debian GNU/Linux 8 (Jessie), 9 (Stretch), and 10 (Buster) Extended LTS:
ELA-1240-1 glib2.0 security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 3962-1] glib2.0 security update

Debian GNU/Linux 12 (Bookworm):
[DSA 5817-1] chromium security update




[SECURITY] [DSA 5817-1] chromium security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5817-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
November 23, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2024-11110 CVE-2024-11111 CVE-2024-11112 CVE-2024-11113
CVE-2024-11114 CVE-2024-11115 CVE-2024-11116 CVE-2024-11117
CVE-2024-11395

Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.

For the stable distribution (bookworm), these problems have been fixed in
version 131.0.6778.85-1~deb12u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[SECURITY] [DLA 3962-1] glib2.0 security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3962-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
November 23, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : glib2.0
Version : 2.66.8-1+deb11u5
CVE ID : CVE-2024-52533
Debian Bug : 1087419

A buffer overflow with long SOCKS4a proxy hostname and username has been
fixed in the GNOME Input/Output library (GIO).

For Debian 11 bullseye, this problem has been fixed in version
2.66.8-1+deb11u5.

We recommend that you upgrade your glib2.0 packages.

For the detailed security status of glib2.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/glib2.0

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



ELA-1240-1 glib2.0 security update

Package : glib2.0
Version : 2.42.1-1+deb8u8 (jessie), 2.50.3-2+deb9u7 (stretch), 2.58.3-2+deb10u7 (buster)

Related CVEs :
CVE-2024-52533

A buffer overflow with long SOCKS4a proxy hostname and username has been fixed in the GNOME Input/Output library (GIO).

ELA-1240-1 glib2.0 security update