Debian Security

Insufficient validation of incoming notifies over TCP in PDNS Recursor, a resolving name server, could result in denial of service.

https://security-tracker.debian.org/tracker/DSA-6077-1

Several vulnerabilities were reported in the libpng PNG library, which could lead to information leaks, denial of service or potentially the execution of arbitrary code if a specially crafted image is processed.

https://security-tracker.debian.org/tracker/DSA-6076-1

Multiple security issues were discovered in the WordPress blogging tool, which could result in cross-site scripting or information disclosure.

https://security-tracker.debian.org/tracker/DSA-6075-1

The following vulnerabilities have been discovered in the WebKitGTK web engine:

CVE-2025-13947

Janet Black discovered that a website may be able to exfiltrate sensitive system information.

CVE-2025-43421

Nan Wang discovered that processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2025-43458

Phil Beauvoir discovered that processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2025-66287

Stanislav Fort discovered that processing maliciously crafted web content may lead to an unexpected process crash.

https://security-tracker.debian.org/tracker/DSA-6074-1

Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

https://security-tracker.debian.org/tracker/DSA-6073-1

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-6072-1

It was discovered that incorrect handling of promiscuous NS RRSets in Unbound, a validating, recursive, caching DNS resolver, could result in cache poisoning.

https://security-tracker.debian.org/tracker/DSA-6071-1

The following vulnerabilities have been discovered in the WebKitGTK web engine:

CVE-2025-43392

Tom Van Goethem discovered that a website may exfiltrate image data cross-origin.

CVE-2025-43425

An anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2025-43427

Gary Kwong and rheza discovered that processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2025-43429

Google Big Sleep discovered that processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2025-43430

Google Big Sleep discovered that processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2025-43431

Google Big Sleep discovered that processing maliciously crafted web content may lead to memory corruption.

CVE-2025-43432

Hossein Lotfi discovered that processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2025-43434

Google Big Sleep discovered that processing maliciously crafted web content may lead to an unexpected browser crash.

CVE-2025-43440

Nan Wang discovered that processing maliciously crafted web content may lead to an unexpected process crash.

CVE-2025-43443

An anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected process crash.

https://security-tracker.debian.org/tracker/DSA-6070-1

It was discovered that openvpn, a virtual private network application, does not properly handle HMAC verification checks. A remote attacker can take advantage of this flaw to bypass source IP address validation.

https://security-tracker.debian.org/tracker/DSA-6069-1

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in memory disclosure, denial of service or privilege escalation.

https://security-tracker.debian.org/tracker/DSA-6068-1

Two security vulnerabilities were discovered in the Containerd container runtime, which may result in denial of service or local privilege escalation.

https://security-tracker.debian.org/tracker/DSA-6067-1

It was discovered that missing validation of the device ID during handshakes in KDE Connect, a tool to integrate smart phones to a desktop, could allow an attacker to impersonate another device.

The oldstable distribution (bookworm) is not affected.

https://security-tracker.debian.org/tracker/DSA-6066-1

It was discovered that a buffer overflow in the TGA parser of Krita, a creative application for raster images, could potentially result in the execution of arbitrary code if malformed images are opened.

https://security-tracker.debian.org/tracker/DSA-6065-1

Several security vulnerabilities were discovered in the server of the Tryton application platform, which could lead to information disclosure.

https://security-tracker.debian.org/tracker/DSA-6064-1

It was discovered that missing validation of the device ID during handshakes in KDE Connect, a tool to integrate smart phones to a desktop, could allow an attacker to impersonate another device.

The oldstable distribution (bookworm) is not affected.

https://security-tracker.debian.org/tracker/DSA-6063-1

A vulnerability was discovered in pdfminer, a tool for extracting information from PDF documents, which may result in the execution of arbitrary code if a specially crafted PDF file is processed.

https://security-tracker.debian.org/tracker/DSA-6062-1

Abdulfatah Abdillahi discovered a cross-site scripting vulnerability in the web client of the Tryton application platform.

https://security-tracker.debian.org/tracker/DSA-6061-1

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. Google is aware that an exploit for CVE-2025-13223 exists in the wild.

https://security-tracker.debian.org/tracker/DSA-6060-1

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-6059-1

Keane O'Kelley discovered several vulnerabilities in lasso, a library implementing Liberty Alliance and SAML protocols, which could result in denial of service or the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-6058-1