Debian GNU/Linux 9 (Jessie) and 10 (Buster) Extended LTS:
ELA-1409-1 zabbix security update
Debian GNU/Linux 10 (Buster):
ELA-1410-1 python3.7 security update
Debian GNU/Linux 11 (Bullseye):
[DLA 4140-1] libsoup2.4 security update
Debian GNU/Linux 12 (Bookworm):
[DSA 5907-1] linux security update
ELA-1409-1 zabbix security update
Package : zabbix
Version : 1:2.2.23+dfsg-0+deb8u10 (jessie), 1:4.0.4+dfsg-1+deb10u6 (buster)
Related CVEs :
CVE-2024-22114
CVE-2024-22116
CVE-2024-22117
CVE-2024-22122
CVE-2024-22123
CVE-2024-36464
CVE-2024-36467
CVE-2024-36469
CVE-2024-42325
CVE-2024-42332
CVE-2024-42333
CVE-2024-45700
Several security vulnerabilities have been discovered in zabbix, a network
monitoring solution, potentially among other effects allowing XSS, Code
Execution, information disclosure, remote code execution, impersonation or
session hijacking.
Most of the CVEs are targeting the buster update, the CVE targeting jessie
is marked accordingly.
CVE-2024-22114
A user with no permission to any of the Hosts can access and view host
count & other statistics through System Information Widget in Global
View Dashboard.
CVE-2024-22116
An administrator with restricted permissions can exploit the script
execution functionality within the Monitoring Hosts section. The lack of
default escaping for script parameters enabled this user ability to
execute arbitrary code via the Ping script, thereby compromising
infrastructure.
CVE-2024-22117
When a URL is added to the map element, it is recorded in the database
with sequential IDs. Upon adding a new URL, the system retrieves the
last sysmapelementurlid value and increments it by one. However, an
issue arises when a user manually changes the sysmapelementurlid value
by adding sysmapelementurlid + 1. This action prevents others from
adding URLs to the map element.
CVE-2024-22122
Zabbix allows to configure SMS notifications. AT command injection
occurs on "Zabbix Server" because there is no validation of "Number"
field on Web nor on Zabbix server side. Attacker can run test of SMS
providing specially crafted phone number and execute additional AT
commands on the modem.
CVE-2024-22123
Setting SMS media allows to set GSM modem file. Later this file is used
as Linux device. But due everything is a file for Linux, it is possible
to set another file, e.g. log file and zabbix_server will try to
communicate with it as modem. As a result, log file will be broken with
AT commands and small part for log file content will be leaked to UI.
CVE-2024-36464
When exporting media types, the password is exported in the YAML in
plain text. This appears to be a best practices type issue and may
have no actual impact. The user would need to have permissions to
access the media types and therefore would be expected to have
access to these passwords.
CVE-2024-36467
An authenticated user with API access (e.g.: user with default User
role), more specifically a user with access to the user.update API
endpoint is enough to be able to add themselves to any group
(e.g.: Zabbix Administrators), except to groups that are disabled
or having restricted GUI access.
CVE-2024-36469
Execution time for an unsuccessful login differs when using a
non-existing username compared to using an existing one.
CVE-2024-42325 (jessie and buster)
Zabbix API user.get returns all users that share common group with the
calling user. This includes media and other information, such as login
attempts, etc.
CVE-2024-42332
The researcher is showing that due to the way the SNMP trap log is
parsed, an attacker can craft an SNMP trap with additional lines of
information and have forged data show in the Zabbix UI. This attack
requires SNMP auth to be off and/or the attacker to know the
community/auth details. The attack requires an SNMP item to be
configured as text on the target host.
CVE-2024-42333
The researcher is showing that it is possible to leak a small amount
of Zabbix Server memory using an out of bounds read in
src/libs/zbxmedia/email.c
CVE-2024-45700
Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled
resource exhaustion. An attacker can send specially crafted requests to
the server, which will cause the server to allocate an excessive amount
of memory and perform CPU-intensive decompression operations, ultimately
leading to a service crash.ELA-1409-1 zabbix security update
[SECURITY] [DSA 5907-1] linux security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5907-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 27, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : linux
CVE ID : CVE-2023-53034 CVE-2024-36908 CVE-2024-46733 CVE-2024-46742
CVE-2024-46753 CVE-2024-46774 CVE-2024-46816 CVE-2024-46823
CVE-2024-50063 CVE-2025-21853 CVE-2025-22025 CVE-2025-22027
CVE-2025-22033 CVE-2025-22035 CVE-2025-22038 CVE-2025-22040
CVE-2025-22041 CVE-2025-22042 CVE-2025-22044 CVE-2025-22045
CVE-2025-22049 CVE-2025-22050 CVE-2025-22054 CVE-2025-22055
CVE-2025-22056 CVE-2025-22058 CVE-2025-22060 CVE-2025-22063
CVE-2025-22066 CVE-2025-22071 CVE-2025-22072 CVE-2025-22073
CVE-2025-22075 CVE-2025-22079 CVE-2025-22081 CVE-2025-22086
CVE-2025-22088 CVE-2025-22089 CVE-2025-22093 CVE-2025-22095
CVE-2025-22097 CVE-2025-22126 CVE-2025-23136 CVE-2025-23138
CVE-2025-37785 CVE-2025-37838 CVE-2025-38152 CVE-2025-38575
CVE-2025-38637 CVE-2025-39728 CVE-2025-39735
Debian Bug : 1086175 1102914
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
For the stable distribution (bookworm), these problems have been fixed in
version 6.1.135-1.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
ELA-1410-1 python3.7 security update
Package : python3.7
Version : 3.7.3-2+deb10u10 (buster)
Related CVEs :
CVE-2025-1795
List separators in email headers were wrongly Unicode-encoded in email headers in the Python3 interpreter.ELA-1410-1 python3.7 security update
[SECURITY] [DLA 4140-1] libsoup2.4 security update
-------------------------------------------------------------------------
Debian LTS Advisory DLA-4140-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Andreas Henriksson
April 27, 2025 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : libsoup2.4
Version : 2.72.0-2+deb11u2
CVE ID : CVE-2025-2784 CVE-2025-32050 CVE-2025-32052 CVE-2025-32053
CVE-2025-32906 CVE-2025-32909 CVE-2025-32910 CVE-2025-32911
CVE-2025-32912 CVE-2025-32913 CVE-2025-32914
Debian Bug : 1091502 1102208 1102212 1102214 1102215 1103521 1103517
1103516 1103515 1103267 1103512
Several security vulnerabilities have been discovered in libsoup2.4, a http
client/server library popularly used in GNOME, et.al.
CVE-2025-2784
The package is vulnerable to a heap buffer over-read when sniffing content
via the skip_insight_whitespace() function. Libsoup clients may read one
byte out-of-bounds in response to a crafted HTTP response by an HTTP
server.
CVE-2025-32050
The libsoup append_param_quoted() function may contain an overflow bug
resulting in a buffer under-read.
CVE-2025-32052
A vulnerability in the sniff_unknown() function may lead to heap buffer
over-read.
CVE-2025-32053
A vulnerability in sniff_feed_or_html() and skip_insignificant_space()
functions may lead to a heap buffer over-read.
CVE-2025-32906
The soup_headers_parse_request() function may be vulnerable to an
out-of-bound read. This flaw allows a malicious user to use a specially
crafted HTTP request to crash the HTTP server.
CVE-2025-32909
SoupContentSniffer may be vulnerable to a NULL pointer dereference in the
sniff_mp4 function. The HTTP server may cause the libsoup client to crash.
CVE-2025-32910
A flaw was found in libsoup, where soup_auth_digest_authenticate() is
vulnerable to a NULL pointer dereference. This issue may cause the libsoup
client to crash.
CVE-2025-32911
Vulnerable to a use-after-free memory issue not on the heap in the
soup_message_headers_get_content_disposition() function.
This flaw allows a malicious HTTP client to cause memory corruption in the
libsoup server.
CVE-2025-32912
SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server
may cause the libsoup client to crash.
CVE-2025-32913
The soup_message_headers_get_content_disposition() function is vulnerable
to a NULL pointer dereference. This flaw allows a malicious HTTP peer to
crash a libsoup client or server that uses this function.
CVE-2025-32914
The soup_multipart_new_from_message() function is vulnerable to an
out-of-bounds read. This flaw allows a malicious HTTP client to induce the
libsoup server to read out of bounds.
Additionally this update also includes a fix to extend the lifetime
of a certificate used by the test-suite during build to avoid
expiring soon.
Note that this update does *not* yet address CVE-2025-32907 and CVE-2025-32049
which are still being discussed.
For Debian 11 bullseye, these problems have been fixed in version
2.72.0-2+deb11u2.
We recommend that you upgrade your libsoup2.4 packages.
For the detailed security status of libsoup2.4 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libsoup2.4
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
