Mate Kukri discovered the Debian build of EDK2, a UEFI firmware
implementation, used an insecure default configuration which could result
in Secure Boot bypass via the UEFI shell.
This updates disables the UEFI shell if Secure Boot is used.
Several vulnerabilities were discovered in BIND, a DNS server
implementation, which may result in denial of service.
Two vulnerabilities were discovered in unbound, a validating, recursive,
caching DNS resolver. Specially crafted DNSSEC answers could lead
unbound down a very CPU intensive and time costly DNSSEC
(CVE-2023-50387) or NSEC3 hash (CVE-2023-50868) validation path,
resulting in denial of service.
Details can be found at
https://nlnetlabs.nl/downloads/unbound/CVE-2023-50387_CVE-2023-50868.txt
