You are here
Debian Security
DSA-5958-1 jpeg-xl - security update
CVE-2023-0645
Specifically crafted file could cause an out of bounds read in the exif handler of libjxl.
CVE-2023-35790
Integer underflow in patch decoding code of libjxl.
CVE-2024-11403
Out of bounds write in the JPEG decoder used for recompression of JPEG files.
CVE-2024-11498
Specifically crafted file could cause the JPEG XL decoder to use large amounts of stack space, potentially exhausting the stack.
DSA-5957-1 mediawiki - security update
DSA-5956-1 ring - security update
DSA-5955-1 chromium - security update
DSA-5954-1 sudo - security update
DSA-5953-1 catdoc - security update
DSA-5952-1 chromium - security update
DSA-5951-1 icu - security update
DSA-5949-1 libxml2 - security update
Multiple memory related vulnerabilities, inlcuding use-after-free, out-of-bounds memory access and NULL pointer dereference, were discovered in GNOME XML Parser and Toolkit Library and its Python bindings, which may cause denial of service or other unintended behaviors.
DSA-5950-1 firefox-esr - security update
DSA-5948-1 trafficserver - security update
DSA-5947-1 xorg-server - security update
DSA-5946-1 gdk-pixbuf - security update
DSA-5945-1 konsole - security update
DSA-5944-1 chromium - security update
DSA-5943-1 libblockdev - security update
Details can be found in the Qualys advisory at https://www.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
Along with the libblockdev update, updated udisks2 packages are released, to enforce that private mounts are mounted with 'nodev,nosuid'.