Debian Security

Bing Shi reported a flaw in GnuTLS, a library implementing the TLS and SSL protocols. Inefficient processing of certificates containing numerous names or name constraints may result in a denial of service.

https://security-tracker.debian.org/tracker/DSA-5867-1

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5866-1

The following vulnerabilities have been discovered in the WebKitGTK web engine:

CVE-2025-24143

An anonymous researcher discovered that a maliciously crafted webpage may be able to fingerprint the user.

CVE-2025-24150

Johan Carlsson discovered that copying a URL from Web Inspector may lead to command injection.

CVE-2025-24158

Q1IQ and P1umer discovered that processing web content may lead to a denial-of-service.

CVE-2025-24162

linjy and chluo discovered that processing maliciously crafted web content may lead to an unexpected process crash.

https://security-tracker.debian.org/tracker/DSA-5865-1

Two vulnerabilities were discovered in pam-pkcs11, a PAM module which allows to use PKCS#11 based smart cards in the PAM authentication stack, which may allow to bypass the authentication in some scenarios.

https://security-tracker.debian.org/tracker/DSA-5864-1

Bing Shi reported a flaw in Libtasn1, a library to manage ASN.1 structures. Inefficient processing of input DER data containing a large number of SEQUENCE OF or SET OF elements, may result in a denial of service.

https://security-tracker.debian.org/tracker/DSA-5863-1

Multiple security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in cross-site scripting, SQL injection, or command injection.

https://security-tracker.debian.org/tracker/DSA-5862-1

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

https://security-tracker.debian.org/tracker/DSA-5860-1

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5861-1

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5859-1

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5858-1

A vulnerability has been discovered in the OpenJDK Java runtime, which may result in authorisation bypass or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5857-1

Two security issues were discovered in Redis, a persistent key-value database, which could result in the execution of arbitrary code or denial of service.

https://security-tracker.debian.org/tracker/DSA-5856-1

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5855-1

Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service.

https://security-tracker.debian.org/tracker/DSA-5854-1

Matthias Gerstner reported that pam-u2f, a PAM module which allows to use U2F (Universal 2nd Factor) devices in the PAM authentication stack, does not properly handle PAM_IGNORE return values, allowing to bypass the second factor or password-less login without inserting the proper device.

https://security-tracker.debian.org/tracker/DSA-5853-1

Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, which could result in denial of service or the execution of arbitrary code if malformed images are opened.

https://security-tracker.debian.org/tracker/DSA-5851-1

Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, which could result in denial of service or the execution of arbitrary code if malformed images are opened.

https://security-tracker.debian.org/tracker/DSA-5851-1

Multiple issues were found in Git, a fast, scalable, distributed revision control system, which may result in leaking credential information to an unintended host.

https://security-tracker.debian.org/tracker/DSA-5850-1

It was discovered that Git LFS, a Git extension for versioning large files, could leak authentication credentials in some setups.

https://security-tracker.debian.org/tracker/DSA-5849-1

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5848-1