DEBIAN-CVE-2024-53114

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client A number of Zen4 client SoCs advertise the ability to use virtualized VMLOAD/VMSAVE, but using these instructions is reported to be a cause of a random host reboot. Thes...

DEBIAN-CVE-2024-53118

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix skerrorqueue memory leak Kernel queues MSGZEROCOPY completion notifications on the error queue. Where they remain, until explicitly recved. To prevent memory leaks, clean up the queue when the socket is destroyed...

CLSA-2024-1732637149 Fix CVE(s): CVE-2024-23672

SECURITY UPDATE: Denial of Service vulnerability - debian/patches/CVE-2024-23672.patch: refactor WebSocket close for suspend/resume to ensure WebSocket connection closure completes - CVE-2024-23672...

CLSA-2024-1732555093 Fix CVE(s): CVE-2020-27767

SECURITY UPDATE: Undefined behavior due to values outside range in quantum.h - debian/patches/CVE-2020-27767.patch: Fix quantum.h to include float.h to handle min and max values for Quantum type - debian/patches/CVE-2020-27767-1.patch: Fix ClampToQuantum function to handle negative values correct...

DEBIAN-CVE-2024-53051

In the Linux kernel, the following vulnerability has been resolved: drm/i915/hdcp: Add encoder check in intelhdcpgetcapability Sometimes during hotplug scenario or suspend/resume scenario encoder is not always initialized when intelhdcpgetcapability add a check to avoid kernel null pointer...

CLSA-2024-1731599555 Fix CVE(s): CVE-2023-25815

SECURITY UPDATE: gettext machinery might get auto-initialized using an unintended locale directory - debian/patches/CVE-2023-25815.patch: avoid using gettext if the locale dir is not present - CVE-2023-25815...

CLSA-2024-1731344359 Fix CVE(s): CVE-2020-27763

SECURITY UPDATE: Division by zero vulnerability - debian/patches/CVE-2020-27763.patch: Fix window function scaling in resize.c to avoid division on every filter call - CVE-2020-27763...

CLSA-2024-1731343085 Fix CVE(s): CVE-2020-27772

SECURITY UPDATE: Integer overflow vulnerability in bmp.c - debian/patches/CVE-2020-27772.patch: fix integer overflow causing incorrect color primary values in BMP image encoding - CVE-2020-27772 - debian/patches/fix-cast-to-ssizet-always-resulting-in-zero.patch: Fix cast to ssizet always resultin...

CLSA-2024-1730478623 Fix CVE(s): CVE-2023-7347, CVE-2024-7347

SECURITY UPDATE: mp4 module allows buffer underread and unordered chunks - debian/patches/CVE-2024-7347.patch: fix buffer underread while updating stsz atom and reject unordered chunks - CVE-2023-7347...

CLSA-2024-1729627812 Fix CVE(s): CVE-2024-8927

SECURITY UPDATE: insecure configuration vulnerability - debian/patches/CVE-2024-8927.patch: fix bypass of cgi.forceredirect configuration - CVE-2024-8927...

CLSA-2024-1729627193 Fix CVE(s): CVE-2023-27043

SECURITY UPDATE: Incorrect parsing of email addresses containing special characters - debian/patches/CVE-2023-27043.patch: Fix email address parsing errors by adding optional 'strict' parameter to getaddresses and parseaddr functions - CVE-2023-27043...

CLSA-2024-1729626893 Fix CVE(s): CVE-2024-8927

SECURITY UPDATE: security vulnerability in package - debian/patches/CVE-2024-8927.patch: Fix bypass of cgi.forceredirect configuration - CVE-2024-8927...

DEBIAN-CVE-2023-52918

In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: check cx23885vdevinit return cx23885vdevinit can return a NULL pointer, but that pointer is used in the next line without a check. Add a NULL pointer check and go to the error unwind if it is NULL...

DEBIAN-CVE-2024-49947

In the Linux kernel, the following vulnerability has been resolved: net: test for not too small csumstart in virtionethdrtoskb syzbot was able to trigger this warning 1, after injecting a malicious packet through afpacket, setting skb-csumstart and thus the transport header to an incorrect value...

DEBIAN-CVE-2024-49935

In the Linux kernel, the following vulnerability has been resolved: ACPI: PAD: fix crash in exitroundrobin The kernel occasionally crashes in cpumaskclearcpu, which is called within exitroundrobin, because when executing clearbitnr, addr with nr set to 0xffffffff, the address calculation may caus...

DEBIAN-CVE-2024-49893

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check streamstatus before it is used WHAT & HOW dcstategetstreamstatus can return null, and therefore null must be checked before streamstatus is used. This fixes 1 NULLRETURNS issue reported by Coverity...

DEBIAN-CVE-2024-49872

In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix memfdpinfolios alloc race panic If memfdpinfolios tries to create a hugetlb page, but someone else already did, then folio gets the value -EEXIST here: folio = memfdallocfoliomemfd, startidx; if ISERRfolio ret =...

DEBIAN-CVE-2024-49874

In the Linux kernel, the following vulnerability has been resolved: i3c: master: svc: Fix use after free vulnerability in svci3cmaster Driver Due to Race Condition In the svci3cmasterprobe function, &master-hjwork is bound with svci3cmasterhjwork, &master-ibiwork is bound with svci3cmasteribiwork...

DEBIAN-CVE-2024-38809

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers,...

CLSA-2024-1727453123 Fix CVE(s): CVE-2024-7348

SECURITY UPDATE: TOCTOU race condition in pgdump - debian/patches/CVE-2024-7348.patch: Fix TOCTOU race condition in pgdump. - CVE-2024-7348...