Debian GNU/Linux has recently implemented a series of important security updates affecting various packages, including audiofile, libcaca, libetpan, libxml2, libfastjson, and PHP across different Debian releases.
1. Debian GNU/Linux 9 (Stretch) - Extended LTS:
- ELA-1489-1: Security update for PHP version 7.0.
2. Debian GNU/Linux 10 (Buster) - Extended LTS:
- ELA-1488-1: Security update for PHP version 7.3.
- ELA-1487-1: Security update for libxml2.
3. Debian GNU/Linux 11 (Bullseye) - LTS:
- DLA 4255-1: Security update for audiofile.
- DLA 4257-1: Security update for libcaca.
- DLA 4256-1: Security update for libetpan.
- DLA 4258-1: Security update for libfastjson.
4. Debian GNU/Linux 12 (Bookworm):
- DSA 5967-1: Security update for PHP version 8.2.
- Audiofile Security Update (DLA 4255-1):
- Fixed vulnerabilities including CVE-2019-13147 (integer overflow in NeXT audio files) and CVE-2022-24599 (memory leak from non-null-terminated strings). Users are encouraged to upgrade to version 0.3.6-5+deb11u1.
- Libcaca Security Update (DLA 4257-1):
- Addressed heap buffer overflow vulnerabilities (CVE-2021-30498 and CVE-2021-30499). Upgrade to version 0.99.beta19-2.2+deb11u1 is recommended.
- Libetpan Security Update (DLA 4256-1):
- Resolved a potential null pointer dereference vulnerability (CVE-2022-4121) with the latest version 1.9.4-3+deb11u1.
- Libxml2 Security Update (ELA-1487-1):
- Fixed multiple vulnerabilities, including buffer over-reads, memory corruption, and potential crashes. Users should upgrade to the most recent version available for their release.
- Libfastjson Security Update (DLA 4258-1):
- Addressed an out-of-bounds write issue (CVE-2020-12762) when parsing large JSON files. Upgrade to version 0.99.9-1+deb11u1 is advised.
- PHP Security Updates:
- ELA-1489-1 for PHP 7.0 and ELA-1488-1 for PHP 7.3 addressed vulnerabilities including server-side request forgery and denial of service risks due to improper handling of inputs and null pointers. Users should upgrade their PHP packages to the respective patched versions.
- DSA 5967-1 for PHP 8.2 also addressed similar issues, emphasizing the importance of upgrading to version 8.2.29-1~deb12u1.
It is highly recommended for users to apply these updates promptly to maintain system security and stability. For detailed information on each security advisory, including how to apply updates and additional resources, users can refer to the Debian security tracker pages and the official Debian wiki.
With these updates, Debian continues to reinforce its commitment to security, providing timely patches for vulnerabilities affecting widely used libraries and applications. Users are encouraged to stay informed and regularly check for updates to ensure their systems remain secure
Security Updates Overview
1. Debian GNU/Linux 9 (Stretch) - Extended LTS:
- ELA-1489-1: Security update for PHP version 7.0.
2. Debian GNU/Linux 10 (Buster) - Extended LTS:
- ELA-1488-1: Security update for PHP version 7.3.
- ELA-1487-1: Security update for libxml2.
3. Debian GNU/Linux 11 (Bullseye) - LTS:
- DLA 4255-1: Security update for audiofile.
- DLA 4257-1: Security update for libcaca.
- DLA 4256-1: Security update for libetpan.
- DLA 4258-1: Security update for libfastjson.
4. Debian GNU/Linux 12 (Bookworm):
- DSA 5967-1: Security update for PHP version 8.2.
Detailed Security Issues
- Audiofile Security Update (DLA 4255-1):
- Fixed vulnerabilities including CVE-2019-13147 (integer overflow in NeXT audio files) and CVE-2022-24599 (memory leak from non-null-terminated strings). Users are encouraged to upgrade to version 0.3.6-5+deb11u1.
- Libcaca Security Update (DLA 4257-1):
- Addressed heap buffer overflow vulnerabilities (CVE-2021-30498 and CVE-2021-30499). Upgrade to version 0.99.beta19-2.2+deb11u1 is recommended.
- Libetpan Security Update (DLA 4256-1):
- Resolved a potential null pointer dereference vulnerability (CVE-2022-4121) with the latest version 1.9.4-3+deb11u1.
- Libxml2 Security Update (ELA-1487-1):
- Fixed multiple vulnerabilities, including buffer over-reads, memory corruption, and potential crashes. Users should upgrade to the most recent version available for their release.
- Libfastjson Security Update (DLA 4258-1):
- Addressed an out-of-bounds write issue (CVE-2020-12762) when parsing large JSON files. Upgrade to version 0.99.9-1+deb11u1 is advised.
- PHP Security Updates:
- ELA-1489-1 for PHP 7.0 and ELA-1488-1 for PHP 7.3 addressed vulnerabilities including server-side request forgery and denial of service risks due to improper handling of inputs and null pointers. Users should upgrade their PHP packages to the respective patched versions.
- DSA 5967-1 for PHP 8.2 also addressed similar issues, emphasizing the importance of upgrading to version 8.2.29-1~deb12u1.
Recommendations
It is highly recommended for users to apply these updates promptly to maintain system security and stability. For detailed information on each security advisory, including how to apply updates and additional resources, users can refer to the Debian security tracker pages and the official Debian wiki.
Conclusion
With these updates, Debian continues to reinforce its commitment to security, providing timely patches for vulnerabilities affecting widely used libraries and applications. Users are encouraged to stay informed and regularly check for updates to ensure their systems remain secure
Audiofile, Libcacam Libetpan, LibXML2, Libfastjson, PHP updates for Debian
Debian GNU/Linux has received several security updates, including audiofile, libcaca, libetpan, libxml2, libfastjson, and php security updates:
Debian GNU/Linux 9 (Stretch) Extended LTS:
ELA-1489-1 php7.0 security update
Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1488-1 php7.3 security update
ELA-1487-1 libxml2 security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4255-1] audiofile security update
[DLA 4257-1] libcaca security update
[DLA 4256-1] libetpan security update
[DLA 4258-1] libfastjson security update
Debian GNU/Linux 12 (Bookworm):
[DSA 5967-1] php8.2 security updateAudiofile, Libcacam Libetpan, LibXML2, Libfastjson, PHP updates for Debian @ Linux Compatible
