Debian GNU/Linux 8 (Jessie) Extended LTS:
ELA-1099-1 apache2 security update
Debian GNU/Linux 9 (Stretch) Extended LTS:
ELA-1098-1 apache2 security update
ELA-1097-1 libreoffice security update
Debian GNU/Linux 10 (Buster) LTS:
[DLA 3821-1] libreoffice security update
[DLA 3821-1] libreoffice security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3821-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Bastien Roucariès
May 26, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : libreoffice
Version : 1:6.1.5-3+deb10u12
CVE ID : CVE-2024-3044
Unchecked script execution in Graphic on-click binding
in affected LibreOffice versions allows an attacker to create
a document which without prompt will execute scripts built-into
LibreOffice on clicking a graphic. Such scripts were previously
deemed trusted but are now deemed untrusted.
For Debian 10 buster, this problem has been fixed in version
1:6.1.5-3+deb10u12.
We recommend that you upgrade your libreoffice packages.
For the detailed security status of libreoffice please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libreoffice
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
ELA-1099-1 apache2 security update
Package : apache2
Version : 2.4.10-10+deb8u26 (jessie)
Related CVEs :
CVE-2023-31122
CVE-2024-24795
CVE-2023-31122
An Out-of-bounds Read vulnerability was found in mod_macro of Apache HTTP Server.
CVE-2024-24795
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.
ELA-1098-1 apache2 security update
Package : apache2
Version : 2.4.25-3+deb9u16 (stretch)
Related CVEs :
CVE-2023-31122
CVE-2023-38709
CVE-2024-24795
CVE-2023-31122
An Out-of-bounds Read vulnerability was found in mod_macro of Apache HTTP Server.
CVE-2023-38709
A faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.
CVE-2024-24795
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.
ELA-1097-1 libreoffice security update
Package : libreoffice
Version : 1:6.1.5-3~deb9u3 (stretch)
Related CVEs :
CVE-2024-3044
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.
