Debian GNU/Linux has announced critical security updates for two packages: libfile-find-rule-perl and edk2, specifically addressing vulnerabilities in Debian 11 (Bullseye) and Debian 12 (Bookworm).
1. libfile-find-rule-perl:
- Advisories:
- DLA-4209-1 for Debian 11 (Bullseye)
- DSA-5936-1 for Debian 12 (Bookworm)
- CVE ID: CVE-2011-10007
- Issue: The module, which is designed to search for files based on rules, is susceptible to arbitrary code execution due to a flaw in the `grep()` function when it processes specially crafted file names.
- Resolution: For Debian 11, the vulnerability has been patched in version 0.34-1+deb11u1, while Debian 12 has received a fix in version 0.34-4~deb12u1.
- Recommendation: Users are advised to upgrade their libfile-find-rule-perl packages promptly. More details can be found on the [Debian Security Tracker](https://security-tracker.debian.org/tracker/libfile-find-rule-perl).
2. edk2:
- Advisory: DLA-4207-1 for Debian 11 (Bullseye)
- CVE IDs: A total of 13 vulnerabilities have been addressed, including CVE-2021-28216 and CVE-2024-38796, among others.
- Issues: These vulnerabilities include remotely exploitable buffer overflows and out-of-bounds errors, which could lead to denial of service or execution of arbitrary code.
- Resolution: The fixes have been incorporated in version 2020.11-2+deb11u3 for Debian 11.
- Recommendation: Users are strongly encouraged to upgrade their edk2 packages to ensure security. Further information can be accessed via the [Security Tracker for edk2](https://security-tracker.debian.org/tracker/edk2).
Security Updates Overview:
1. libfile-find-rule-perl:
- Advisories:
- DLA-4209-1 for Debian 11 (Bullseye)
- DSA-5936-1 for Debian 12 (Bookworm)
- CVE ID: CVE-2011-10007
- Issue: The module, which is designed to search for files based on rules, is susceptible to arbitrary code execution due to a flaw in the `grep()` function when it processes specially crafted file names.
- Resolution: For Debian 11, the vulnerability has been patched in version 0.34-1+deb11u1, while Debian 12 has received a fix in version 0.34-4~deb12u1.
- Recommendation: Users are advised to upgrade their libfile-find-rule-perl packages promptly. More details can be found on the [Debian Security Tracker](https://security-tracker.debian.org/tracker/libfile-find-rule-perl).
2. edk2:
- Advisory: DLA-4207-1 for Debian 11 (Bullseye)
- CVE IDs: A total of 13 vulnerabilities have been addressed, including CVE-2021-28216 and CVE-2024-38796, among others.
- Issues: These vulnerabilities include remotely exploitable buffer overflows and out-of-bounds errors, which could lead to denial of service or execution of arbitrary code.
- Resolution: The fixes have been incorporated in version 2020.11-2+deb11u3 for Debian 11.
- Recommendation: Users are strongly encouraged to upgrade their edk2 packages to ensure security. Further information can be accessed via the [Security Tracker for edk2](https://security-tracker.debian.org/tracker/edk2).
Conclusion:
Maintaining security through regular updates is crucial for users of Debian systems. The Debian team emphasizes the importance of upgrading affected packages to protect against potential threats and vulnerabilities. For additional guidance on applying these updates and other security-related inquiries, users can consult the [Debian Wiki on LTS](https://wiki.debian.org/LTS) and the [Debian Security FAQ](https://www.debian.org/security/faq)EDK2 and Libfile-Find-Rule-Perl security update for Debian
Debian GNU/Linux has received security updates, including libfile-find-rule-perl for both Debian 11 and 12 and edk2 for Debian 11:
[DLA 4209-1] libfile-find-rule-perl security update
[DSA 5936-1] libfile-find-rule-perl security update
[DLA 4207-1] edk2 security update
EDK2 and Libfile-Find-Rule-Perl security update for Debian @ Linux Compatible
