ELA-1341-1 sqlparse security update
[DLA 4079-1] openvpn security update
[DSA 5876-1] thunderbird security update
ELA-1341-1 sqlparse security update
Package : sqlparse
Version : 0.1.13-2+deb8u1 (jessie), 0.2.2-1+deb9u2 (stretch), 0.2.4-1+deb10u2 (buster)
Related CVEs :
CVE-2024-4340
Uriya Yavniely discovered that passing a heavily nested list to
sqlparse.parse() may raise a RecursionError exception, which may
lead to denial of service.
A generic SQLParseError is now raised instead.ELA-1341-1 sqlparse security update
[SECURITY] [DLA 4079-1] openvpn security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4079-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Aquila Macedo
March 08, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : openvpn
Version : 2.5.1-3+deb11u1
CVE ID : CVE-2022-0547 CVE-2024-5594
Debian Bug : 1008015 1074488 1086653
Two vulnerabilities were discovered in openvpn, a virtual private
network application which could result in authentication bypass or
data injection.
CVE-2022-0547
OpenVPN may enable authentication bypass in external
authentication plug-ins when more than one of them makes use of
deferred authentication replies, which allows an external user to
be granted access with only partially correct credentials.
CVE-2024-5594
OpenVPN does not sanitize PUSH_REPLY messages properly which
attackers can use to inject unexpected arbitrary data into
third-party executables or plug-ins.
For Debian 11 bullseye, these problems have been fixed in version
2.5.1-3+deb11u1.
We recommend that you upgrade your openvpn packages.
For the detailed security status of openvpn please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openvpn
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DSA 5876-1] thunderbird security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5876-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 08, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : thunderbird
CVE ID : CVE-2024-43097 CVE-2025-1931 CVE-2025-1932 CVE-2025-1933
CVE-2025-1934 CVE-2025-1935 CVE-2025-1936 CVE-2025-1937
CVE-2025-1938
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
For the stable distribution (bookworm), these problems have been fixed in
version 1:128.8.0esr-1~deb12u1.
We recommend that you upgrade your thunderbird packages.
For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
