[SECURITY] [DLA 3471-1] c-ares security update

2023-06-26 Thread Anton Gladky 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian LTS Advisory DLA-3471-1debian-...@lists.debian.org
https://www.debian.org/lts/security/ Anton Gladky
June 26, 2023 https://wiki.debian.org/LTS
- -

Package: c-ares
Version: 1.14.0-1+deb10u3
CVE ID : CVE-2023-31130 CVE-2023-32067

Two vunerabilities were discovered in c-ares, an asynchronous name
resolver library:

CVE-2023-31130

ares_inet_net_pton() is found to be vulnerable to a buffer underflow
for certain ipv6 addresses, in particular "0::00:00:00/2" was found
to cause an issue. c-ares only uses this function internally for
configuration purposes, however external usage for other purposes may
cause more severe issues.

CVE-2023-32067

Target resolver may erroneously interprets a malformed UDP packet
with a length of 0 as a graceful shutdown of the connection, which
could cause a denial of service.

For Debian 10 buster, these problems have been fixed in version
1.14.0-1+deb10u3.

We recommend that you upgrade your c-ares packages.

For the detailed security status of c-ares please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/c-ares

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmSZ61QACgkQ0+Fzg8+n
/wb82hAAmK/VnXYGgePdz6nDLPP+Zz/+VfykeDdOt6Ru2KL0fkuGWTtxDwRJ6R/O
yopEG3Ws68vapseQd8aQdwkDbmhEOmxcEqfvbVj0DTx5uu70Dg/jxEACDcnFwN2V
wUPt2PoJj5Qy20gF1G4kEFzKg8u6W0m+fCXf9mWAyF0+0cir9aXobCS7AbDmiweO
9QEAY5ybJdytKiFA7fYNm63j8LCTgny5emDmXeEyFUd8500poel9UbMVmglUSton
Qdl2EbnvHx1BZ9WK++4KKQZbn5at/N+2ldl8oefDOnHuyIc3QZh1KXjahkrU6q9X
LKTJTN3PiQj1NXOt5NHkjfeefk5Ofe/1mLlbaZ7QAYKAyOn8NQMpMEY+oIb9T2UO
yKkUt958KvAmPZzwLFfDFzU04VgX1xygiLhpQvYJoPNCgqrBlqsaff35EbAdEzJb
W46qGmpIn2Uy9qbEWGgyWBg6moYEA0LF8CK4JMEPA6Cyh4Ka7nfGpfqCGkN5C8Xb
IgyiQf9+oCh+IK9p3YLv+4lIt5Y84LYxYooqdPJPceJxlbEgYNIxQpydqtNAnWie
o/LIyDLSI0hhDs9N9D0vmeyETl+vUOmKUjUmnp3R3G844svK18MahXbudMxFk44f
EyMTVFRz4WexiyHa32MuApIBUHAdSu70vTvLIivinIgIrMyoMCo=
=LIQi
-END PGP SIGNATURE-

[SECURITY] [DLA 3472-1] libx11 security update

2023-06-26 Thread Adrian Bunk 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian LTS Advisory DLA-3472-1debian-...@lists.debian.org
https://www.debian.org/lts/security/  Adrian Bunk
June 26, 2023 https://wiki.debian.org/LTS
- -

Package: libx11
Version: 2:1.6.7-1+deb10u3
CVE ID : CVE-2023-3138
Debian Bug : 1038133

Missing input validation in various functions may have resulted in 
denial of service in various functions provided by libx11, the X11 
client-side library.

For Debian 10 buster, this problem has been fixed in version
2:1.6.7-1+deb10u3.

We recommend that you upgrade your libx11 packages.

For the detailed security status of libx11 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libx11

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmSZuvYACgkQiNJCh6LY
mLEUWw//T4+UW57/SKvFsQ8Dvb8Q85KOM4qCiIKRyNbCLy4kswHYTZWraIEZqU33
4EtKzyqbP9t1k8oQkqJqwk97SDjcQ8JsL7kXihYIR7AgeuoZB6kp0hBqJXmMt1JV
OVOmyAq+E97ntAKrUrSD5068YoSfDOv9uVBAY/2TABbng+Z+tW5p7l0ubknfCDJi
mHfHboencPU0wIz3eP/vBCY/8AEuH/f4o6EAGb40y3VH4tBnwmd0jzj7jb+x6cE3
I7Kb9m3BowKZ37sySd6BPg9An/AlPs30erHVr5Kzfh/1gBQVRMZ2NWCiI7/8EFqE
pXAcTmdKGXvGvGdp6E1TSXf52RBuBZRN41Q9N4Be6uu7Pi1mYr3pFbIhGYQEaSO5
IHD5E0cfkQclcLNOEwBLJmyt+YT5fVNZNUDw773Rz1U7IHKPqZJZwU59i5IYH6ah
xWmHwdnkz94/wQbbZ/hLxC0zGA5wl2FabZ3YztImf3X9zNqeiZ3EU/BybTk2gauy
djIf9ciFHjwGx2dg38jpiY0Fy4E40HKaGn7Kg5WtSbzC1BpRleT/+O5lopBFjtFr
upqTyhPl8jKtgWKVxUY0gP67p0kvw66av+m3ibzpZwMEuXOZgDHP2ZU0oX+LE486
To5dxlZePJ5kxPt6tGF6QEeM31OoSA1VkpykaghQJOZ41/gwCZo=
=5P6t
-END PGP SIGNATURE-