You are here
Debian Security
DSA-5965-1 chromium - security update
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
Categories: Security
DSA-5964-1 firefox-esr - security update
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code.
Categories: Security
DSA-5963-1 chromium - security update
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure. Google is aware that an exploit for CVE-2025-6558 exists
in the wild.
Categories: Security
DSA-5962-1 gnutls28 - security update
Multiple security issues were discovered in GNU TLS, which could result in
denial of service.
Categories: Security
DSA-5961-1 slurm-wlm - security update
Sekou Diakite from HPE discovered a mistake with permission handling for
Coordinators within the accounting system of Slurm Workload Manager, a
cluster resource management and job scheduling system, that it could allow
a Coordinator to promote a user to Administrator.
- -
Categories: Security
DSA-5960-1 djvulibre - security update
Antonio Morales discovered an out-of-bounds write in the
MMRDecoder::scanruns method in djvulibre, a library and set of tools to
handle documents in the DjVu format, which may result in the execution
of arbitrary code if a specially crafted document is processed.
Categories: Security
DSA-5959-1 thunderbird - security update
Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code.
Categories: Security
DSA-5958-1 jpeg-xl - security update
Multiple vulnerabilities are discovered in jpeg-xl, the JPEG XL ("JXL")
image coding library, including out of bounds read/write and stack based
buffer overflow, which may cause excessive memory usage and denial of
service attacks.
CVE-2023-0645
Specifically crafted file could cause an out of bounds read in the exif handler of libjxl.
CVE-2023-35790
Integer underflow in patch decoding code of libjxl.
CVE-2024-11403
Out of bounds write in the JPEG decoder used for recompression of JPEG files.
CVE-2024-11498
Specifically crafted file could cause the JPEG XL decoder to use large amounts of stack space, potentially exhausting the stack.
Categories: Security
DSA-5957-1 mediawiki - security update
Multiple security issues were discovered in MediaWiki, a website engine
for collaborative work, which could result in cross-site scripting,
information disclosure, HTML injection or incorrect tracking of
authentication events.
Categories: Security
DSA-5956-1 ring - security update
The embedded copy of pjproject is affected by a buffer overflow
vulnerability, which affects applications that use PJSIP DNS resolver.
Categories: Security
DSA-5955-1 chromium - security update
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure. Google is aware that an exploit for CVE-2025-6554 exists
in the wild.
Categories: Security
DSA-5954-1 sudo - security update
Rich Mirch discovered that sudo, a program designed to provide limited
super user privileges to specific users, does not correctly handle the
host (-h or --host) option. Due to a bug the host option was not
restricted to listing privileges only and could be used when running a
command via sudo or editing a file with sudoedit. Depending on the rules
present in the sudoers file the flaw might allow a local privilege
escalation attack.
Categories: Security
DSA-5953-1 catdoc - security update
Several vulnerabilities were discovered in catdoc, a text extractor for
MS-Office files, which may result in denial of service or the execution
of arbitrary code if a specially crafted file is processed.
Categories: Security
DSA-5952-1 chromium - security update
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
Categories: Security
DSA-5951-1 icu - security update
A buffer overflow was discovered in the International Components for
Unicode (ICU) library.
Categories: Security
DSA-5949-1 libxml2 - security update
Brief introduction
Multiple memory related vulnerabilities, inlcuding use-after-free, out-of-bounds memory access and NULL pointer dereference, were discovered in GNOME XML Parser and Toolkit Library and its Python bindings, which may cause denial of service or other unintended behaviors.
Categories: Security
DSA-5950-1 firefox-esr - security update
Multiple security issues have been found in the Mozilla Firefox
web browser, which could potentially result in the execution
of arbitrary code.
Categories: Security
DSA-5948-1 trafficserver - security update
Several vulnerabilities were discovered in Apache Traffic Server, a
reverse and forward proxy server, which could result in denial of
service, HTTP request smuggling or incorrect processing of ACLs.
Categories: Security
DSA-5947-1 xorg-server - security update
Nils Emmerich discovered several vulnerabilities in the Xorg X server,
which may result in privilege escalation if the X server is running
privileged.
Categories: Security
DSA-5946-1 gdk-pixbuf - security update
It was discovered that incorrect bounds validation in the GIF decoder of
the GDK Pixbuf library may result in memory disclosure.
Categories: Security