NTLUG | Debian / Debian browse

<< Mandriva | Distributions | Gentoo >>

On this page... (hide)

Community
Support
Debian Planet
Debian Security Notices
Debian Forum at linuxquestions.org

Community

Support

Debian Planet

Error: It's not possible to reach RSS file http://planet.debian.net/rss20.xml ...

Debian Security Notices

DSA-5961-1 slurm-wlm - security update
Sekou Diakite from HPE discovered a mistake with permission handling forCoordinators within the accounting system of Slurm Workload Manager, acluster resource management and job scheduling system, that it could allowa Coordinator to promote a user to Administrator.
- -
https://security-tracker.debian.org/tracker/DSA-5961-1

DSA-5960-1 djvulibre - security update
Antonio Morales discovered an out-of-bounds write in theMMRDecoder::scanruns method in djvulibre, a library and set of tools tohandle documents in the DjVu format, which may result in the executionof arbitrary code if a specially crafted document is processed.
https://security-tracker.debian.org/tracker/DSA-5960-1

DSA-5959-1 thunderbird - security update
Multiple security issues were discovered in Thunderbird, which couldresult in the execution of arbitrary code.
https://security-tracker.debian.org/tracker/DSA-5959-1

DSA-5958-1 jpeg-xl - security update
Multiple vulnerabilities are discovered in jpeg-xl, the JPEG XL ("JXL")image coding library, including out of bounds read/write and stack basedbuffer overflow, which may cause excessive memory usage and denial ofservice attacks.
CVE-2023-0645
Specifically crafted file could cause an out of bounds read in the exif handler of libjxl.
CVE-2023-35790
Integer underflow in patch decoding code of libjxl.
CVE-2024-11403
Out of bounds write in the JPEG decoder used for recompression of JPEG files.
CVE-2024-11498
Specifically crafted file could cause the JPEG XL decoder to use large amounts of stack space, potentially exhausting the stack.

https://security-tracker.debian.org/tracker/DSA-5958-1

DSA-5957-1 mediawiki - security update
Multiple security issues were discovered in MediaWiki, a website enginefor collaborative work, which could result in cross-site scripting,information disclosure, HTML injection or incorrect tracking ofauthentication events.
https://security-tracker.debian.org/tracker/DSA-5957-1

DSA-5956-1 ring - security update
The embedded copy of pjproject is affected by a buffer overflowvulnerability, which affects applications that use PJSIP DNS resolver.
https://security-tracker.debian.org/tracker/DSA-5956-1

DSA-5955-1 chromium - security update
Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure. Google is aware that an exploit for CVE-2025-6554 existsin the wild.
https://security-tracker.debian.org/tracker/DSA-5955-1

DSA-5954-1 sudo - security update
Rich Mirch discovered that sudo, a program designed to provide limitedsuper user privileges to specific users, does not correctly handle thehost (-h or --host) option. Due to a bug the host option was notrestricted to listing privileges only and could be used when running acommand via sudo or editing a file with sudoedit. Depending on the rulespresent in the sudoers file the flaw might allow a local privilegeescalation attack.
https://security-tracker.debian.org/tracker/DSA-5954-1

DSA-5953-1 catdoc - security update
Several vulnerabilities were discovered in catdoc, a text extractor forMS-Office files, which may result in denial of service or the executionof arbitrary code if a specially crafted file is processed.
https://security-tracker.debian.org/tracker/DSA-5953-1

DSA-5952-1 chromium - security update
Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.
https://security-tracker.debian.org/tracker/DSA-5952-1

DSA-5951-1 icu - security update
A buffer overflow was discovered in the International Components forUnicode (ICU) library.
https://security-tracker.debian.org/tracker/DSA-5951-1

DSA-5950-1 firefox-esr - security update
Multiple security issues have been found in the Mozilla Firefoxweb browser, which could potentially result in the executionof arbitrary code.
https://security-tracker.debian.org/tracker/DSA-5950-1

DSA-5949-1 libxml2 - security update
Brief introduction

Multiple memory related vulnerabilities, inlcuding use-after-free,out-of-bounds memory access and NULL pointer dereference, were discovered inGNOME XML Parser and Toolkit Library and its Python bindings, which may causedenial of service or other unintended behaviors.
https://security-tracker.debian.org/tracker/DSA-5949-1

DSA-5948-1 trafficserver - security update
Several vulnerabilities were discovered in Apache Traffic Server, areverse and forward proxy server, which could result in denial ofservice, HTTP request smuggling or incorrect processing of ACLs.
https://security-tracker.debian.org/tracker/DSA-5948-1

DSA-5947-1 xorg-server - security update
Nils Emmerich discovered several vulnerabilities in the Xorg X server,which may result in privilege escalation if the X server is runningprivileged.
https://security-tracker.debian.org/tracker/DSA-5947-1

DSA-5946-1 gdk-pixbuf - security update
It was discovered that incorrect bounds validation in the GIF decoder ofthe GDK Pixbuf library may result in memory disclosure.
https://security-tracker.debian.org/tracker/DSA-5946-1

DSA-5945-1 konsole - security update
Dennis Dast discovered that the Konsole terminal emulator insecurelyhandled the telnet URI scheme, which could result in the executionof arbitrary code in some configurations.
https://security-tracker.debian.org/tracker/DSA-5945-1

DSA-5944-1 chromium - security update
Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.
https://security-tracker.debian.org/tracker/DSA-5944-1

DSA-5943-1 libblockdev - security update
The Qualys Threat Research Unit (TRU) discovered a local privilegeescalation vulnerability in libblockdev, a library for manipulatingblock devices. An "allow_active" user can exploit this flaw via theudisks daemon to obtain the full privileges of the root user.
Details can be found in the Qualys advisory athttps://www.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
Along with the libblockdev update, updated udisks2 packages arereleased, to enforce that private mounts are mounted with'nodev,nosuid'.
https://security-tracker.debian.org/tracker/DSA-5943-1

DSA-5942-1 chromium - security update
Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.
https://security-tracker.debian.org/tracker/DSA-5942-1

DSA-5941-1 gst-plugins-bad1.0 - security update
Multiple vulnerabilities were discovered in the H.265 plugin for theGStreamer media framework, which may result in denial of service orpotentially the execution of arbitrary code if a malformed media fileis opened.
https://security-tracker.debian.org/tracker/DSA-5941-1

DSA-5940-1 modsecurity-apache - security update
Several vulnerabilities were discovered in modsecurity-apache, an Apachemodule to tighten the Web application security, which may result indenial of service (high memory consumption).
https://security-tracker.debian.org/tracker/DSA-5940-1

DSA-5939-1 gimp - security update
Several vulnerabilities were discovered in GIMP, the GNU ImageManipulation Program, which could result in denial of service orpotentially the execution of arbitrary code if malformed XCF, TGA, DDS,FLI or ICO files are opened.
https://security-tracker.debian.org/tracker/DSA-5939-1

DSA-5938-1 python-tornado - security update
It was discovered that the Tornado Python web framework performedexcessive logging when parsing some multipart/form-data requests, whichcould result in denial of service.
https://security-tracker.debian.org/tracker/DSA-5938-1

DSA-5937-1 webkit2gtk - security update
The following vulnerabilities have been discovered in the WebKitGTKweb engine:
CVE-2025-24223
rheza and an anonymous researcher discovered that processing maliciously crafted web content may lead to memory corruption.
CVE-2025-31204
Nan Wang discovered that processing maliciously crafted web content may lead to memory corruption.
CVE-2025-31205
Ivan Fratric discovered that a malicious website may exfiltrate data cross-origin.
CVE-2025-31206
An anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-31215
Jiming Wang and Jikai Ren discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-31257
Juergen Schmied discovered that processing maliciously crafted web content may lead to an unexpected process crash.
https://security-tracker.debian.org/tracker/DSA-5937-1

DSA-5936-1 libfile-find-rule-perl - security update
It was discovered that libfile-find-rule-perl, a module to search forfiles based on rules, is vulnerable to arbitrary code execution whengrep() encounters a crafted file name.
https://security-tracker.debian.org/tracker/DSA-5936-1

DSA-5935-1 chromium - security update
Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure. Google is aware that an exploit for CVE-2025-5419 existsin the wild.
https://security-tracker.debian.org/tracker/DSA-5935-1

DSA-5934-1 roundcube - security update
It was discovered that missing input validation in RoundCube Webmailcould result in code execution.
https://security-tracker.debian.org/tracker/DSA-5934-1

DSA-5933-1 tcpdf - security update
Multiple security issues were discovered in TCPDF, a PHP class forgenerating PDF files on-the-fly, which may result in denial of service,cross-site scripting or information disclosure.
https://security-tracker.debian.org/tracker/DSA-5933-1

DSA-5932-1 thunderbird - security update
Multiple security issues were discovered in Thunderbird, which couldresult in the execution of arbitrary code.
https://security-tracker.debian.org/tracker/DSA-5932-1

Community

Support

Debian Planet

Debian Security Notices

Debian Forum at linuxquestions.org