Security

It was discovered that openvpn, a virtual private network application, does not properly handle HMAC verification checks. A remote attacker can take advantage of this flaw to bypass source IP address validation.

https://security-tracker.debian.org/tracker/DSA-6069-1

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in memory disclosure, denial of service or privilege escalation.

https://security-tracker.debian.org/tracker/DSA-6068-1

Two security vulnerabilities were discovered in the Containerd container runtime, which may result in denial of service or local privilege escalation.

https://security-tracker.debian.org/tracker/DSA-6067-1

It was discovered that missing validation of the device ID during handshakes in KDE Connect, a tool to integrate smart phones to a desktop, could allow an attacker to impersonate another device.

The oldstable distribution (bookworm) is not affected.

https://security-tracker.debian.org/tracker/DSA-6066-1

It was discovered that a buffer overflow in the TGA parser of Krita, a creative application for raster images, could potentially result in the execution of arbitrary code if malformed images are opened.

https://security-tracker.debian.org/tracker/DSA-6065-1

Several security vulnerabilities were discovered in the server of the Tryton application platform, which could lead to information disclosure.

https://security-tracker.debian.org/tracker/DSA-6064-1

It was discovered that missing validation of the device ID during handshakes in KDE Connect, a tool to integrate smart phones to a desktop, could allow an attacker to impersonate another device.

The oldstable distribution (bookworm) is not affected.

https://security-tracker.debian.org/tracker/DSA-6063-1

A vulnerability was discovered in pdfminer, a tool for extracting information from PDF documents, which may result in the execution of arbitrary code if a specially crafted PDF file is processed.

https://security-tracker.debian.org/tracker/DSA-6062-1

Abdulfatah Abdillahi discovered a cross-site scripting vulnerability in the web client of the Tryton application platform.

https://security-tracker.debian.org/tracker/DSA-6061-1

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. Google is aware that an exploit for CVE-2025-13223 exists in the wild.

https://security-tracker.debian.org/tracker/DSA-6060-1

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-6059-1

Keane O'Kelley discovered several vulnerabilities in lasso, a library implementing Liberty Alliance and SAML protocols, which could result in denial of service or the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-6058-1

It was discovered that LXD, a system container and virtual machine manager, is prone to a local privilege escalation vulnerability if unprivileged users are allowed to access LXD through lxd-user.

https://security-tracker.debian.org/tracker/DSA-6057-1

A vulnerability was discovered in the ec2tokens and s3tokens APIs of Keystone, the OpenStack identity service, which may result in authorisation bypass or privilege escalation if /v3/ec2tokens or /v3/s3tokens are reachable by unauthenticated clients.

The Swift object storage service also requires an update to work with the updated Keystone: The update to Swift is provided as 2.30.1-0+deb12u1 for bookworm and 2.35.1-0+deb13u1 for trixie and is backwards-compatible with older Keystone versions. As such, it is recommended to first upgrade Swift before deploying the Keystone update.

https://security-tracker.debian.org/tracker/DSA-6056-1

A security issue was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-6055-1

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy.

https://security-tracker.debian.org/tracker/DSA-6054-1

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

https://security-tracker.debian.org/tracker/DSA-6053-1

Two security issues were discovered in sudo-rs, a Rust-based implemention of sudo (and su), which could result in the local disclosure of partially typed passwords or an authentication bypass in some targetpw/rootpw configurations.

https://security-tracker.debian.org/tracker/DSA-6052-1

It was discovered that Incus, a system container and virtual machine manager, is prone to a local privilege escalation vulnerability unprivileged users are allowed access to Incus through incus-user.

https://security-tracker.debian.org/tracker/DSA-6051-1

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-6050-1