The cJSON library, used for parsing JSON, was found to have a vulnerability related to inadequate input sanitization that could allow for out-of-bounds memory access. This issue has been addressed in Debian GNU/Linux 11 (Bullseye) with the update to version 1.7.14-1+deb11u3. Users are encouraged to upgrade their cJSON packages to ensure security.
Simultaneously, multiple vulnerabilities were identified in Mozilla Firefox ESR versions ranging from 128.x to 140.x, which could potentially enable arbitrary code execution or allow for information disclosure. These vulnerabilities affect both Debian GNU/Linux 12 (Bookworm) and 13 (Trixie) distributions. The respective updates are available in version 140.3.0esr-1deb12u1 for Bookworm and version 140.3.0esr-1deb13u1 for Trixie. Users are likewise advised to upgrade their firefox-esr packages.
The advisories provide links for further information regarding the security status and the specific vulnerabilities (CVE IDs) associated with each package. Additional resources on applying these updates and general security guidelines for Debian systems are also available.
Extension:
In light of these updates, it is crucial for Debian users to remain vigilant about security practices. Regularly checking for updates and understanding the nature of vulnerabilities can help mitigate risks. Users should consider enabling automatic updates to ensure they receive the latest security patches promptly. Additionally, participating in community forums can provide valuable insights and support regarding best practices for maintaining a secure Debian environment. Overall, staying informed and proactive is key to safeguarding systems against emerging threats
Firefox-ESR and cJSON updates for Debian
A security update has been issued for the cJSON library, which was discovered to have an insufficient input sanitizing vulnerability that could lead to out-of-bounds memory access. The issue affects Debian GNU/Linux 11 (Bullseye) LTS and has been fixed in version 1.7.14-1+deb11u3 of the cjson package. Additionally, a security update has been issued for Mozilla Firefox ESR due to multiple vulnerabilities discovered in versions between 128.x and 140.x that could allow arbitrary code execution or information disclosure. The issue affects both Debian GNU/Linux 12 (Bookworm) and 13 (Trixie) distributions and has been fixed in version 140.3.0esr-1deb12u1 and version 140.3.0esr-1deb13u1, respectively.
[DLA 4304-1] cjson security update
[DSA 6003-1] firefox-esr security update
