[SECURITY] [DLA 3126-1] libsndfile security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3126-1debian-...@lists.debian.org https://www.debian.org/lts/security/Thorsten Alteholz September 30, 2022https://wiki.debian.org/LTS - - Package: libsndfile Version: 1.0.28-6+deb10u2 CVE ID : CVE-2021-4156 An issue has been found in libsndfile, a library for reading/writing audio files. Using a crafted FLAC file, an attacker could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information. For Debian 10 buster, this problem has been fixed in version 1.0.28-6+deb10u2. We recommend that you upgrade your libsndfile packages. For the detailed security status of libsndfile please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libsndfile Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmM2GaRfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEf+AxAAsTnr18A8AuK3sV9O0Gur0Sqpr+bnfU2XkrClvStX4Xq/WBtUceoALYR8 5b5SX+kFc7REFTnQmfGmALySJ/EN3nDeXEJJyUv1c7wpmsLsgr1/GBechtCX+J9J Se8ntSJsaevViyRTO8CpwPKobqrSbuVVyPvwE4UDKHMtJJot95I6P2Qg9dJ5LBww /sJNe4cH5K+gj16KuTr3bnOq1EU11OhjbJ0ArnJ6IYAvuVxPVhev9n9Xeopb7rSD f71x1fhu8VK7PFUDV9oMkFxYyAD2EQQmRx2p2XpRfjOE1Sa+du3SvGrJ9q8/ulsS bQRGIOmbjqlINryfnSyFU/UA07SX+K2Po87dY6mYEtZ8hdPZXtIJxosw8mba9Kax 3dYz7y/gCwnOUqJPGCUhjYFXg9F7YmEHrMTWAur5IUGDuaWkV71iEM91cNKuBph0 YYYMDrQgKv7rMEPOhfcnbxz717hF9xUREK7ETFKgHnebbscELJoMMu2pOx6PGJ5K twSmfxKy5gqBU/hFN8APjf4gry3/ThTxGFcMOyGVZnxpqsYvKBpXZtvB0+6fJmjF Jnw9mRzW5uT4WrDLN4d7MwIP45juYiWQ2j0YhoTV+ghuO7jq68U9Wi08H6Q+sRi0 xjnV4biJoVnrwPTVbev5Pypa14OE0j8fo/wCFQ8BHMwBL91bijU= =92/Q -END PGP SIGNATURE-
[SECURITY] [DLA 3125-1] libvncserver security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-3125-1debian-...@lists.debian.org https://www.debian.org/lts/security/Thorsten Alteholz September 30, 2022https://wiki.debian.org/LTS - - Package: libvncserver Version: 0.9.11+dfsg-1.3+deb10u5 CVE ID : CVE-2020-25708 CVE-2020-29260 Two issues have been found in libvncserver, a library to write one's own VNC server. CVE-2020-25708 Due to some missing checks, a divide by zero could happen, which could result in a denial of service. CVE-2020-29260 Due to a memory leak in function rfbClientCleanup() a remote attacker might be able to cause a denial of service. For Debian 10 buster, these problems have been fixed in version 0.9.11+dfsg-1.3+deb10u5. We recommend that you upgrade your libvncserver packages. For the detailed security status of libvncserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libvncserver Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmM2GMlfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEcVTA//ZkZQiKKI6vHOi3mSQs04DfEbz9wiNFge6HB3UUeAnry4EUj5r8kkSKWp U9O082D6anMCyRvSNW2GT7u9hcjOVq5OOCUdDn1cpmh6MldNoVdpOritCF1chfFF diIdml+GaV8VD15qd/JfO6ml5GpjeDfbPD7zXg3sn4Vwen9l438QfqynLx8Up6qL GDtAISlVA257J2Az9ubPUhn5Ua+hXffxY/Ii+h2bLs4jYscQj+aTePTxxI+X3IH0 nj+z0726fITxM0516avf58nbfXzIBRx0zPnQEHsGYm0e8mm6TPutmoKSPAe7tUUU 7A3Pbk2TGb4d6AkesoHjoHJRW5BZlTRn7LysVwvPc2k9SRCy6AejVr/Q7k7xiTRp stzzPX6EGk1K762EEZSxWEm8aU49EkI7aL+P6kfvE5LWoGEyJHmuWIZa7dSRHshm ziPRQ7PfGXvicztpSlPVYqFWMD2jrlWpW8AyCX3KNRUT14i5coE6KsL8L1hhmcbc m2pjWEs6rVGDtZYdgHWWRP7+ga47quVAHEtr6ev9fEwnfT/d4J2GUKpo8AKx76JW eYa26p6AOBj6/sMYg8E9y8n/1BzHbWuf6SmxVbm/NyhYAzINI4Va09Krr+51oloR tw2vUET+MykXf5BqY+KEy3vnPlGYzdDD2puv2Za61dFw+RVHmo0= =8V2/ -END PGP SIGNATURE-
[SECURITY] [DLA 3124-1] webkit2gtk security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian LTS Advisory DLA-3124-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 28, 2022https://wiki.debian.org/LTS - - Package: webkit2gtk Version: 2.38.0-1~deb10u1 CVE ID : CVE-2022-32886 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-32886 P1umer, afang5472 and xmzyshypnc discovered that processing maliciously crafted web content may lead to arbitrary code execution For Debian 10 buster, this problem has been fixed in version 2.38.0-1~deb10u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmM00TEACgkQnUbEiOQ2 gwIKkw//XyQgVsqPHMRQ6bLgIwfRGXOV7VVWnNCUthuu/TpT8PlG7oeT9rB8eern ROnD4aNbEWYymNyNW6OaJh5q1K69jSIqabMGbhktoWSG6Q7JH2//HYBbquZxYblN ePRgcgjF8XsnxAUm+7StrnWEDsC93wgFOitYu2WrCx994oXZThmuc0b4jABKf4KG Imaa6MPg87sRYtIM6D2bvn00pQGVa6aGVk31imLjC5aZMO0WCmh0maqNiGjKGp80 sLngdCqBvb3VabrfJhTs4vGmDNxmZ0QxiDjEbFvRoATUpA/mxKbYCPhXxltyDDEX mExadW/nviHF++EhGLygsDCOy+/F15T5casSuhtkDSlDWW2pZxf9BmRM937XLjQQ ojRjk8f7ABa27f6p3tzmxjxwn9upVBCcXTjRLK1v1wej5YBwHQxSQLJQ/jQp6DDg 6mnGfPPEBcVJ7ePv6KaXGv2BkIwub71zF76NIOy71uvB4Sk/alJ2xky1TDHUAEJB tWyZFeEiP5ciZ81KJzHLyEFX46qyJkiMrGotBUYY4soRJ/GryEiBSJVfwi2slfnQ C6KJzrkJbPIopGoT/U3MosE0U3Bm2WbGbMyiuMm0xSN5/FUfO2hQH80CC/ZLuauf E4+HobjPNP3H6Bejbbfv+43aYNJ5zGT0eM5ly2wWPkCRW+rO0t4= =/GVv -END PGP SIGNATURE-