[SECURITY] [DLA 3759-1] qemu security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3759-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 11, 2024https://wiki.debian.org/LTS - - Package: qemu Version: 1:3.1+dfsg-8+deb10u12 CVE ID : CVE-2023-2861 CVE-2023-3354 CVE-2023-5088 Multiple vulnerabilities have been fixed in the machine emulator and virtualizer QEMU. CVE-2023-2861 9pfs did not prohibit opening special files on the host side CVE-2023-3354 remote unauthenticated clients could cause denial of service in VNC server CVE-2023-5088 IDE guest I/O operation addressed to an arbitrary disk offset might get targeted to offset 0 instead For Debian 10 buster, these problems have been fixed in version 1:3.1+dfsg-8+deb10u12. We recommend that you upgrade your qemu packages. For the detailed security status of qemu please refer to its security tracker page at: https://security-tracker.debian.org/tracker/qemu Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXvPusACgkQiNJCh6LY mLEpLQ//aGHe1oAqi/qNG1F16/1bA9DJ5jhVr+OmRhNSddCIrelqsOBlBo+l09vV UxbWFSOheTfOj9QZS2q9WG3I2rA8EGz7lliMX9wOoPg2K/hxWMuhbvjmz2ZkFAOX QhuSH6dqUf7F0AqiHWTcIoMzJp7yXwh7S0kPjsIS34sdclTu4+gTGJSQoG0jR5Jz /jaNr8wMVNKpAWnSEuoEnUXwS3E5GoEJ6P/BUprCVKG5QEdn9IwCIkObELZi6K06 HG5b/r8WsWoF7THte6TfJp7MI0T8xCUGmAavUXtjCe5WenEAOfzzMjzVQuQYIyae fAr4zk/Y0quph9G/BlnMx2rI+7KQcm0SXE+KKz8qCMffA8dP8GAiEcZkJl/QjpGZ KgTYwaXXhcXOTDsTD7i3guHT2wQdxvSO39ScOHssxsz3+ijoMhl036mG2QN/Y8vf 3CZg4F4uJ2q7N4q6viZC+TR06rpq227uvJEYGSPiUtOkSDX28GbLDBPNcHept3SM /BkaDvcPqA+tkIRw2GBeX/SKNMZ0WNo3RUI1SL+9MiPoi+AcI0ZoIZRNdht1IIeb Uh8t0YYOnNL9K6hqrmp3ikNxNavX85RPqcPdEGdITi+1mWnZ+x+gs6zdIjOn9Pb0 EigLFMck+BB3IzVjoSe4rl9yqedlpbDZ/+gPC1PhvxB6lVXRjy4= =4xcX -END PGP SIGNATURE-
[SECURITY] [DLA 3758-1] tiff security update
- Debian LTS Advisory DLA-3758-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Abhijith PA March 11, 2024https://wiki.debian.org/LTS - Package: tiff Version: 4.1.0+git191117-2~deb10u9 CVE ID : CVE-2023-3576 CVE-2023-52356 Two vulnerabilities were discovered in tiff, Tag Image File Format library. CVE-2023-3576 A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service CVE-2023-52356 A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. For Debian 10 buster, these problems have been fixed in version 4.1.0+git191117-2~deb10u9. We recommend that you upgrade your tiff packages. For the detailed security status of tiff please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tiff Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS signature.asc Description: PGP signature