Security

Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.

https://security-tracker.debian.org/tracker/DSA-6024-1

It was discovered that missing input sanitising in the libtiff library could result in denial of service or potentially the execution of arbitrary code if malformed image files are processed.

https://security-tracker.debian.org/tracker/DSA-6023-1

Multiple security issues were discovered in the Lua scripting interface of Valkey, a persistent key-value database, which could result in the execution of arbitrary code or denial of service.

https://security-tracker.debian.org/tracker/DSA-6022-1

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-6021-1

Multiple security issues were discovered in the Lua scripting interface of Redis, a persistent key-value database, which could result in the execution of arbitrary code or denial of service.

https://security-tracker.debian.org/tracker/DSA-6020-1

A flaw with the authentication cache management was discovered in the Dovecot email server, which could result in users being logged in as the wrong user in certain configurations.

https://security-tracker.debian.org/tracker/DSA-6019-1

A buffer overflow was discovered in the RGBE/HDR parser of GEGL, a graph-based image processing library, which could result in denial of service or the execution of arbitrary code if malformed files are processed.

https://security-tracker.debian.org/tracker/DSA-6018-1

Oula Kivalo reported that HAProxy, a fast and reliable load balancing reverse proxy, is prone to a denial of service vulnerability when parsing JSON numbers.

https://security-tracker.debian.org/tracker/DSA-6017-1