1825 Monetary Lane Suite #104 Carrollton, TX
Do a presentation at NTLUG.
What is the Linux Installation Project?
Real companies using Linux!
Not just for business anymore.
Providing ready to run platforms on Linux
|
<< Mandriva | Distributions | Gentoo >>
Community
Support
|
Debian Planet
|
Debian Security Notices
- DSA-5958-1 jpeg-xl - security update
Multiple vulnerabilities are discovered in jpeg-xl, the JPEG XL ("JXL")image coding library, including out of bounds read/write and stack basedbuffer overflow, which may cause excessive memory usage and denial ofservice attacks. CVE-2023-0645 Specifically crafted file could cause an out of bounds read in the exif handler of libjxl. CVE-2023-35790 Integer underflow in patch decoding code of libjxl. CVE-2024-11403 Out of bounds write in the JPEG decoder used for recompression of JPEG files. CVE-2024-11498 Specifically crafted file could cause the JPEG XL decoder to use large amounts of stack space, potentially exhausting the stack.
https://security-tracker.debian.org/tracker/DSA-5958-1
- DSA-5954-1 sudo - security update
Rich Mirch discovered that sudo, a program designed to provide limitedsuper user privileges to specific users, does not correctly handle thehost (-h or --host) option. Due to a bug the host option was notrestricted to listing privileges only and could be used when running acommand via sudo or editing a file with sudoedit. Depending on the rulespresent in the sudoers file the flaw might allow a local privilegeescalation attack. https://security-tracker.debian.org/tracker/DSA-5954-1
- DSA-5937-1 webkit2gtk - security update
The following vulnerabilities have been discovered in the WebKitGTKweb engine: CVE-2025-24223 rheza and an anonymous researcher discovered that processing maliciously crafted web content may lead to memory corruption. CVE-2025-31204 Nan Wang discovered that processing maliciously crafted web content may lead to memory corruption. CVE-2025-31205 Ivan Fratric discovered that a malicious website may exfiltrate data cross-origin. CVE-2025-31206 An anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2025-31215 Jiming Wang and Jikai Ren discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2025-31257 Juergen Schmied discovered that processing maliciously crafted web content may lead to an unexpected process crash. https://security-tracker.debian.org/tracker/DSA-5937-1
|