Debian Security

DSA-6109-1 incus - security update

23 January, 2026 - 00:00

Two security issues were discovered in Incus, a system container and virtual machine manager, which could result the in execution of arbitrary commands via malformed images.

https://security-tracker.debian.org/tracker/DSA-6109-1

Categories: Security

DSA-6102-2 python-urllib3 - regression update

22 January, 2026 - 00:00

The update for python-urllib3 announced in DSA 6102-1 introduced a regression in the patch meant to address CVE-2026-21441 for the oldstable distribution (bookworm). Updated packages are now available to correct this issue.

https://security-tracker.debian.org/tracker/DSA-6102-2

Categories: Security

DSA-6108-1 chromium - security update

22 January, 2026 - 00:00

A security issue was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-6108-1

Categories: Security

DSA-6107-1 bind9 - security update

22 January, 2026 - 00:00

Vlatko Kosturjak discovered that BIND, a DNS server implementation, does not properly handle malformed BRID/HHIT records, which may result in denial of service (named daemon crash).

https://security-tracker.debian.org/tracker/DSA-6107-1

Categories: Security

DSA-6106-1 inetutils - security update

22 January, 2026 - 00:00

Kyu Neushwaistein discovered that telnetd from inetutils does not sanitize the USER environment variable before passing it on to login. A remote attacker can take advantage of this flaw to login as root, bypassing normal authentication processes.

https://security-tracker.debian.org/tracker/DSA-6106-1

Categories: Security

DSA-6105-1 modsecurity-crs - security update

21 January, 2026 - 00:00

It was discovered that one of the rules in the OWASP ModSecurity Core Rule Set parsed some multipart requests incorrectly.

https://security-tracker.debian.org/tracker/DSA-6105-1

Categories: Security

DSA-6104-1 python-keystonemiddleware - security update

20 January, 2026 - 00:00

Grzegorz Grasza discovered a vulnerability in the Openstack middleware to provide authentication and authorization features to web services other than Keystone: If an external OAuth provider is configured, authentication headers are insufficiently sanitised, which could result in privilege escalation or user impersonation.

The oldstable distribution (bookworm) is not affected.

https://security-tracker.debian.org/tracker/DSA-6104-1

Categories: Security

DSA-6103-1 thunderbird - security update

17 January, 2026 - 00:00

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-6103-1

Categories: Security

DSA-6102-1 python-urllib3 - security update

17 January, 2026 - 00:00

Several vulnerabilities were discovered in python-urllib3, a HTTP library with thread-safe connection pooling for Python3, which could result in denial of service or request forgery.

https://security-tracker.debian.org/tracker/DSA-6102-1

Categories: Security

DSA-6101-1 firefox-esr - security update

15 January, 2026 - 00:00

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, information disclosure or spoofing.

https://security-tracker.debian.org/tracker/DSA-6101-1

Categories: Security

DSA-6100-1 chromium - security update

14 January, 2026 - 00:00

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-6100-1

Categories: Security

DSA-6099-1 python-parsl - security update

14 January, 2026 - 00:00

Viral Vaghela discovered an SQL injection vulnerability in Parsl, a parallel scripting library for Python.

https://security-tracker.debian.org/tracker/DSA-6099-1

Categories: Security

DSA-6098-1 net-snmp - security update

12 January, 2026 - 00:00

A vulnerability was discovered in the snmptrapd daemon in net-snmp, a suite of Simple Network Management Protocol applications, which could result in denial of service or the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-6098-1

Categories: Security

DSA-6097-1 chromium - security update

9 January, 2026 - 00:00

A security issue was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-6097-1

Categories: Security

DSA-6096-1 vlc - security update

8 January, 2026 - 00:00

Multiple vulnerabilities were discovered in the VLC media player, which could result in denial of service or potentially the execution of arbitrary code if a malformed video file is opened.

https://security-tracker.debian.org/tracker/DSA-6096-1

Categories: Security

DSA-6095-1 foomuuri - security update

7 January, 2026 - 00:00

Matthias Gerstner discovered two vulnerabilities in the Foomuuri firewall generator, which could result in tampering of the firewall configuration by unauthorised users.

https://security-tracker.debian.org/tracker/DSA-6095-1

Categories: Security

DSA-6094-1 libsodium - security update

5 January, 2026 - 00:00

It was discovered that the crypto_core_ed25519_is_valid_point() function of the Sodium cryptography library mishandled checks for valid elliptic curve points.

https://security-tracker.debian.org/tracker/DSA-6094-1

Categories: Security

DSA-6093-1 gimp - security update

4 January, 2026 - 00:00

Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed XCF, JPEG 2000 or PNM files are opened.

https://security-tracker.debian.org/tracker/DSA-6093-1

Categories: Security

DSA-6092-1 smb4k - security update

1 January, 2026 - 00:00

Two vulnerabilities were discovered in smb4k, a KDE desktop utility which allows unprivileged mounting of Samba/CIFS network shares, which may result in local denial of service or local privilege escalation.

https://security-tracker.debian.org/tracker/DSA-6092-1

Categories: Security

DSA-6090-1 rails - security update

21 December, 2025 - 00:00

Multiple security issues were discovered in the Rails web framework which could result in command injection or logging of unescaped ANSI sequences.

https://security-tracker.debian.org/tracker/DSA-6090-1

Categories: Security

You are here

DSA-6109-1 incus - security update

DSA-6102-2 python-urllib3 - regression update

DSA-6108-1 chromium - security update

DSA-6107-1 bind9 - security update

DSA-6106-1 inetutils - security update

DSA-6105-1 modsecurity-crs - security update

DSA-6104-1 python-keystonemiddleware - security update

DSA-6103-1 thunderbird - security update

DSA-6102-1 python-urllib3 - security update

DSA-6101-1 firefox-esr - security update

DSA-6100-1 chromium - security update

DSA-6099-1 python-parsl - security update

DSA-6098-1 net-snmp - security update

DSA-6097-1 chromium - security update

DSA-6096-1 vlc - security update

DSA-6095-1 foomuuri - security update

DSA-6094-1 libsodium - security update

DSA-6093-1 gimp - security update

DSA-6092-1 smb4k - security update

DSA-6090-1 rails - security update

Pages

Services

Books

Open & Distributed WOW