Dashboard

Package : gstreamer1.0 CVE ID : CVE-2024-47606 Antonio Morales reported an integer overflow vulnerability in the memory allocator in the Core GStreamer libraries, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is processed. For the stable distribution (bookworm), this problem has been fixed in version 1.22.0-2+deb12u1. We recommend that you upgrade your gstreamer1.0 packages. For the detailed security…

Package : gst-plugins-base1.0 CVE ID : CVE-2024-47538 CVE-2024-47541 CVE-2024-47600 CVE-2024-47607 CVE-2024-47615 CVE-2024-47835 Multiple multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. For the stable distribution (bookworm), these problems have been fixed in version 1.22.0-3+deb12u3.…

Package : smarty4 CVE ID : CVE-2024-35226 A security vulnerability was discovered in Smarty, a template engine for PHP, which could result in PHP code injection. For the stable distribution (bookworm), this problem has been fixed in version 4.3.0-1+deb12u2. We recommend that you upgrade your smarty4 packages. For the detailed security status of smarty4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/smarty4 Further…

Package : chromium CVE ID : CVE-2024-12381 CVE-2024-12382 Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 131.0.6778.139-1~deb12u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at:…

Package : python-aiohttp CVE ID : CVE-2023-47627 CVE-2023-49081 CVE-2023-49082 CVE-2024-23334 CVE-2024-30251 CVE-2024-52304 Multiple security vulnerabilities were discovered in python-aiohttp, a HTTP client/server for asyncio, which could result in denial of service, directory traversal, CRLF injection or request smuggling. For the stable distribution (bookworm), these problems have been fixed in version 3.8.4-1+deb12u1. We recommend that you upgrade your…

Package : proftpd-dfsg CVE ID : CVE-2024-48651 Debian Bug : 1082326 Brian Ristuccia discovered that in ProFTPD, a powerful modular FTP/SFTP/FTPS server, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql. For the stable distribution (bookworm), this problem has been fixed in version 1.3.8+dfsg-4+deb12u4. We recommend that you upgrade your proftpd-dfsg packages. For the detailed security status…

Package : smarty3 CVE ID : CVE-2023-28447 CVE-2024-35226 Two security vulnerabilities were discovered in Smarty, a template engine for PHP, which could result in PHP code injection or cross-site scripting. For the stable distribution (bookworm), these problems have been fixed in version 3.1.47-2+deb12u1. We recommend that you upgrade your smarty3 packages. For the detailed security status of smarty3 please refer to its security tracker page at:…

Package : ceph CVE ID : CVE-2023-43040 CVE-2024-48916 Sage McTaggart discovered an authentication bypass in radosgw, the RADOS REST gateway of Ceph, a distributed storage and file system. For the stable distribution (bookworm), these problems have been fixed in version 16.2.15+ds-0+deb12u1. We recommend that you upgrade your ceph packages. For the detailed security status of ceph please refer to its security tracker page at:…

Package : chromium CVE ID : CVE-2024-12053 Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), this problem has been fixed in version 131.0.6778.108-1~deb12u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at:…

Package : webkit2gtk CVE ID : CVE-2024-44308 CVE-2024-44309 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2024-44308 Clement Lecigne and Benoit Sevens discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. CVE-2024-44309 Clement Lecigne and Benoit Sevens discovered that…