Debian Security

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5976-1

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

https://security-tracker.debian.org/tracker/DSA-5975-1

Two security issues were found in pgpool-II, the connection pool server and replication proxy for PostgreSQL, which could result in authentication bypass and exposure of sensitive information.

https://security-tracker.debian.org/tracker/DSA-5974-1

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

https://security-tracker.debian.org/tracker/DSA-5973-1

Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or weakened TLS connections.

https://security-tracker.debian.org/tracker/DSA-5972-1

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5971-1

Stefan Buehler discovered a flaw in sope, the set of Objective-C frameworks powering SOGo, which may result in denial of service via a specially crafted POST request.

https://security-tracker.debian.org/tracker/DSA-5970-1

Several security issues were discovered in Redis, a persistent key-value database, which could result in the execution of arbitrary code or denial of service.

https://security-tracker.debian.org/tracker/DSA-5969-1

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5968-1

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service or server side request forgery.

https://security-tracker.debian.org/tracker/DSA-5967-1

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5966-1

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5965-1

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5964-1

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. Google is aware that an exploit for CVE-2025-6558 exists in the wild.

https://security-tracker.debian.org/tracker/DSA-5963-1

Multiple security issues were discovered in GNU TLS, which could result in denial of service.

https://security-tracker.debian.org/tracker/DSA-5962-1

Sekou Diakite from HPE discovered a mistake with permission handling for Coordinators within the accounting system of Slurm Workload Manager, a cluster resource management and job scheduling system, that it could allow a Coordinator to promote a user to Administrator.

- -

https://security-tracker.debian.org/tracker/DSA-5961-1

Antonio Morales discovered an out-of-bounds write in the MMRDecoder::scanruns method in djvulibre, a library and set of tools to handle documents in the DjVu format, which may result in the execution of arbitrary code if a specially crafted document is processed.

https://security-tracker.debian.org/tracker/DSA-5960-1

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5959-1

Multiple vulnerabilities are discovered in jpeg-xl, the JPEG XL ("JXL") image coding library, including out of bounds read/write and stack based buffer overflow, which may cause excessive memory usage and denial of service attacks.

CVE-2023-0645

Specifically crafted file could cause an out of bounds read in the exif handler of libjxl.

CVE-2023-35790

Integer underflow in patch decoding code of libjxl.

CVE-2024-11403

Out of bounds write in the JPEG decoder used for recompression of JPEG files.

CVE-2024-11498

Specifically crafted file could cause the JPEG XL decoder to use large amounts of stack space, potentially exhausting the stack.

https://security-tracker.debian.org/tracker/DSA-5958-1

Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, information disclosure, HTML injection or incorrect tracking of authentication events.

https://security-tracker.debian.org/tracker/DSA-5957-1