You are here

Debian Security

Subscribe to Debian Security feed
Debian Security Advisories
Updated: 1 hour 25 min ago

DSA-5965-1 chromium - security update

24 July, 2025 - 00:00
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5965-1

Categories: Security

DSA-5964-1 firefox-esr - security update

23 July, 2025 - 00:00
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5964-1

Categories: Security

DSA-5963-1 chromium - security update

17 July, 2025 - 00:00
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. Google is aware that an exploit for CVE-2025-6558 exists in the wild.

https://security-tracker.debian.org/tracker/DSA-5963-1

Categories: Security

DSA-5962-1 gnutls28 - security update

16 July, 2025 - 00:00
Multiple security issues were discovered in GNU TLS, which could result in denial of service.

https://security-tracker.debian.org/tracker/DSA-5962-1

Categories: Security

DSA-5961-1 slurm-wlm - security update

8 July, 2025 - 00:00
Sekou Diakite from HPE discovered a mistake with permission handling for Coordinators within the accounting system of Slurm Workload Manager, a cluster resource management and job scheduling system, that it could allow a Coordinator to promote a user to Administrator.

- -

https://security-tracker.debian.org/tracker/DSA-5961-1

Categories: Security

DSA-5960-1 djvulibre - security update

7 July, 2025 - 00:00
Antonio Morales discovered an out-of-bounds write in the MMRDecoder::scanruns method in djvulibre, a library and set of tools to handle documents in the DjVu format, which may result in the execution of arbitrary code if a specially crafted document is processed.

https://security-tracker.debian.org/tracker/DSA-5960-1

Categories: Security

DSA-5959-1 thunderbird - security update

6 July, 2025 - 00:00
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5959-1

Categories: Security

DSA-5958-1 jpeg-xl - security update

4 July, 2025 - 00:00
Multiple vulnerabilities are discovered in jpeg-xl, the JPEG XL ("JXL") image coding library, including out of bounds read/write and stack based buffer overflow, which may cause excessive memory usage and denial of service attacks.

CVE-2023-0645

Specifically crafted file could cause an out of bounds read in the exif handler of libjxl.

CVE-2023-35790

Integer underflow in patch decoding code of libjxl.

CVE-2024-11403

Out of bounds write in the JPEG decoder used for recompression of JPEG files.

CVE-2024-11498

Specifically crafted file could cause the JPEG XL decoder to use large amounts of stack space, potentially exhausting the stack.

https://security-tracker.debian.org/tracker/DSA-5958-1

Categories: Security

DSA-5957-1 mediawiki - security update

3 July, 2025 - 00:00
Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, information disclosure, HTML injection or incorrect tracking of authentication events.

https://security-tracker.debian.org/tracker/DSA-5957-1

Categories: Security

DSA-5956-1 ring - security update

3 July, 2025 - 00:00
The embedded copy of pjproject is affected by a buffer overflow vulnerability, which affects applications that use PJSIP DNS resolver.

https://security-tracker.debian.org/tracker/DSA-5956-1

Categories: Security

DSA-5955-1 chromium - security update

2 July, 2025 - 00:00
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. Google is aware that an exploit for CVE-2025-6554 exists in the wild.

https://security-tracker.debian.org/tracker/DSA-5955-1

Categories: Security

DSA-5954-1 sudo - security update

30 June, 2025 - 00:00
Rich Mirch discovered that sudo, a program designed to provide limited super user privileges to specific users, does not correctly handle the host (-h or --host) option. Due to a bug the host option was not restricted to listing privileges only and could be used when running a command via sudo or editing a file with sudoedit. Depending on the rules present in the sudoers file the flaw might allow a local privilege escalation attack.

https://security-tracker.debian.org/tracker/DSA-5954-1

Categories: Security

DSA-5953-1 catdoc - security update

29 June, 2025 - 00:00
Several vulnerabilities were discovered in catdoc, a text extractor for MS-Office files, which may result in denial of service or the execution of arbitrary code if a specially crafted file is processed.

https://security-tracker.debian.org/tracker/DSA-5953-1

Categories: Security

DSA-5952-1 chromium - security update

27 June, 2025 - 00:00
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5952-1

Categories: Security

DSA-5951-1 icu - security update

26 June, 2025 - 00:00
A buffer overflow was discovered in the International Components for Unicode (ICU) library.

https://security-tracker.debian.org/tracker/DSA-5951-1

Categories: Security

DSA-5949-1 libxml2 - security update

26 June, 2025 - 00:00
Brief introduction

Multiple memory related vulnerabilities, inlcuding use-after-free, out-of-bounds memory access and NULL pointer dereference, were discovered in GNOME XML Parser and Toolkit Library and its Python bindings, which may cause denial of service or other unintended behaviors.

https://security-tracker.debian.org/tracker/DSA-5949-1

Categories: Security

DSA-5950-1 firefox-esr - security update

25 June, 2025 - 00:00
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5950-1

Categories: Security

DSA-5948-1 trafficserver - security update

24 June, 2025 - 00:00
Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service, HTTP request smuggling or incorrect processing of ACLs.

https://security-tracker.debian.org/tracker/DSA-5948-1

Categories: Security

DSA-5947-1 xorg-server - security update

23 June, 2025 - 00:00
Nils Emmerich discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged.

https://security-tracker.debian.org/tracker/DSA-5947-1

Categories: Security

DSA-5946-1 gdk-pixbuf - security update

22 June, 2025 - 00:00
It was discovered that incorrect bounds validation in the GIF decoder of the GDK Pixbuf library may result in memory disclosure.

https://security-tracker.debian.org/tracker/DSA-5946-1

Categories: Security

Pages