[SECURITY] [DLA 3626-1] krb5 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3626-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk October 22, 2023 https://wiki.debian.org/LTS - - Package: krb5 Version: 1.17-3+deb10u6 CVE ID : CVE-2023-36054 Debian Bug : 1043431 Potential freeing of an uninitialized pointer in kadm_rpc_xdr.c was fixed in krb5, the MIT implementation of the Kerberos network authentication protocol. For Debian 10 buster, this problem has been fixed in version 1.17-3+deb10u6. We recommend that you upgrade your krb5 packages. For the detailed security status of krb5 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/krb5 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmU1iw4ACgkQiNJCh6LY mLGWpg//edsxfJgl+SQnNIY1p1jr05MJBQ/y0YQ9Gh44AM6BvkwOdrZK5haCx83z VzYyJ3f95rY3fkdoC6E0uh5Q68mVfLpN7+gMiYRQ9QOj59hFrxr6d/b13AnnE5GG +YvP1lWXianKKxg0AI6mLbRBKYsrPXv+UyIT49fRycJX+Ia9VJc4xAzT5nQQ5jUe T1FpypluuIBoHAl+dHB1HHEaeBkUmgPtK+Lx3ZcDUgXqlxhcAGYRDTya38lbkT6p pa2C18t23GNwaGi6HzfFn7Fk5o+Uf/q7hkS0msW17yKN5/vA00QcV5uIL7auDrHL JHdmnCmFCAtgK6pop4U3UXWY12ybaj0kgO+ELTPpo7+LQ1sdDQcpZwfpWiDRhWYM htxaUROjjkfLW2JVt/Nj7dfHCyiZCIRsMvhUpI0O/cRW7Rp9Ar9oKw6RGfwELloj G6XDIhY/E6jUwJEkVVDDWtHy0BtgUBhYSOgpjnMy7ududVEJHJc/5JT0XHZHPyvb A3W3fzVvpXEKZULbnbbVrLAUC9v37w27Ywx0B8Po5FpYnyLCzA81Ol+Ci1rq6o0l Qm/Ljh0kMrdUZ0Nrz6uLc6pf4pT942aQba/tMHkjZ473nokiC/E8qevhQOaf0jxM Wv6sd9vg+/WhD8u2VsTMt3ZfzFp7nERkXBiHuOPdf1NaRABP0l4= =ufsH -END PGP SIGNATURE-
[SECURITY] [DLA 3625-1] ruby-rmagick security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3625-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès October 22, 2023 https://wiki.debian.org/LTS - - Package: ruby-rmagick Version: 2.16.0-6+deb10u1 CVE ID : CVE-2023-5349 A memory leak was found in ruby-magick an interface between Ruby and ImageMagick, that could lead to a Deny of Service (DOS) by memory exhaustion. For Debian 10 buster, this problem has been fixed in version 2.16.0-6+deb10u1. We recommend that you upgrade your ruby-rmagick packages. For the detailed security status of ruby-rmagick please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby-rmagick Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmU1E9cRHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF928g/9En3B+YDwjIr21V+wMLqF8IBZJa5Ljdpt 21ake6SieVcUKV+4GBqsUcgSF3kNsyUHMPYsNnNuU8nyp4jLLyG/v0Jd4oFmQU2e qiBhZCPXxpijtqddiZaJ+uvqNLVcGhkTa5Xnyv4FMZIva07GV5g/eSFU5C6IOkXH hbm40W9knIG2LMVYGRSRcxH9kqSiXYifUQLGBPOulKfEjMYG8HzBbsktS4LGqBFO JCSNTnyhQ2SKglKq4UN5XsXQ3jMlSyoZzYz9pNw6QhnI5/NKSapCJOP67P80Z0An 7tRbqhKMUoHN0BOA4Dgb1CNj3wRb1lKPGYEdhb3slnJiW0524FuCTkzd6c4Mmanz dQHqGfUh+SOcEl6+gCUi3R0MZhVcUnj00BDbmXVeVQIfOt8E7g58bTvCEAPtIhqH T35aiTzlJE53W49mrfqsUCJvcRDI4NMfy1O1QgL31D/GlZqymVVVSg+tbSGGHzkw SrnL+QFBA/MZiZOEJ5wRTkjmqaGZ9mq9xfYoXlj5yb8SQEPUOfewsmw4EpZuQSch Xt0VjtIRMTKNdK+3SWS8DHHC9oAZ48TsHFmcXaITXsD1vlfeaZpA4E95WrtM2sj9 mzSYBpTHHSdzinByopsJMGhHx0uVlcZTASk+veEU6zS9fxc+YFuduVxEcAZlzFRc MAlb7df1o6U= =XmGm -END PGP SIGNATURE-
