Recent Changes - Search:
NTLUG

Linux is free.
Life is good.

Linux Training
10am on Meeting Days!

1825 Monetary Lane Suite #104 Carrollton, TX

Do a presentation at NTLUG.

What is the Linux Installation Project?

Real companies using Linux!

Not just for business anymore.

Providing ready to run platforms on Linux

<< Mandriva | Distributions | Gentoo >>


Community

Support

Debian Planet

Error: It's not possible to reach RSS file http://planet.debian.net/rss20.xml ...

Debian Security Notices




  • DSA-5958-1 jpeg-xl - security update
    Multiple vulnerabilities are discovered in jpeg-xl, the JPEG XL ("JXL")image coding library, including out of bounds read/write and stack basedbuffer overflow, which may cause excessive memory usage and denial ofservice attacks.
    CVE-2023-0645
    Specifically crafted file could cause an out of bounds read in the exif handler of libjxl.
    CVE-2023-35790
    Integer underflow in patch decoding code of libjxl.
    CVE-2024-11403
    Out of bounds write in the JPEG decoder used for recompression of JPEG files.
    CVE-2024-11498
    Specifically crafted file could cause the JPEG XL decoder to use large amounts of stack space, potentially exhausting the stack.

    https://security-tracker.debian.org/tracker/DSA-5958-1





  • DSA-5954-1 sudo - security update
    Rich Mirch discovered that sudo, a program designed to provide limitedsuper user privileges to specific users, does not correctly handle thehost (-h or --host) option. Due to a bug the host option was notrestricted to listing privileges only and could be used when running acommand via sudo or editing a file with sudoedit. Depending on the rulespresent in the sudoers file the flaw might allow a local privilegeescalation attack.
    https://security-tracker.debian.org/tracker/DSA-5954-1


















  • DSA-5937-1 webkit2gtk - security update
    The following vulnerabilities have been discovered in the WebKitGTKweb engine:
    CVE-2025-24223
    rheza and an anonymous researcher discovered that processing maliciously crafted web content may lead to memory corruption.
    CVE-2025-31204
    Nan Wang discovered that processing maliciously crafted web content may lead to memory corruption.
    CVE-2025-31205
    Ivan Fratric discovered that a malicious website may exfiltrate data cross-origin.
    CVE-2025-31206
    An anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected process crash.
    CVE-2025-31215
    Jiming Wang and Jikai Ren discovered that processing maliciously crafted web content may lead to an unexpected process crash.
    CVE-2025-31257
    Juergen Schmied discovered that processing maliciously crafted web content may lead to an unexpected process crash.
    https://security-tracker.debian.org/tracker/DSA-5937-1







Debian Forum at linuxquestions.org

Page last modified on September 14, 2006, at 05:07 AM