Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. For the oldstable distribution (bookworm), this problem has been fixed in version 7:5.1.8-0+deb12u1.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, same-origin policy bypass or privilege escalation. For the oldstable distribution (bookworm), these problems have been fixed in version 140.6.0esr-1~deb12u1.
Multiple security issues were discovered in the WordPress blogging tool, which could result in cross-site scripting or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 6.1.9+dfsg1-0+deb12u1. We recommend that you upgrade your wordpress packages.
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2025-13947 Janet Black discovered that a website may be able to exfiltrate sensitive system information.
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. For the stable distribution (trixie), this problem has been fixed in version 7:7.1.3-0+deb13u1.
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 143.0.7499.40-1~deb12u1.
It was discovered that incorrect handling of promiscuous NS RRSets in Unbound, a validating, recursive, caching DNS resolver, could result in cache poisoning. For the stable distribution (trixie), this problem has been fixed in version 1.22.0-2+deb13u1.
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2025-43392 Tom Van Goethem discovered that a website may exfiltrate image data cross-origin.
It was discovered that openvpn, a virtual private network application, does not properly handle HMAC verification checks. A remote attacker can take advantage of this flaw to bypass source IP address validation. For the oldstable distribution (bookworm), this problem has been fixed in version 2.6.3-1+deb12u4.
Two security vulnerabilities were discovered in the Containerd container runtime, which may result in denial of service or local privilege escalation. For the oldstable distribution (bookworm), these problems have been fixed in version 1.6.20~ds1-1+deb12u2.
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in memory disclosure, denial of service or privilege escalation. For the oldstable distribution (bookworm), these problems have been fixed in version 4.17.5+72-g01140da4e8-1.
It was discovered that missing validation of the device ID during handshakes in KDE Connect, a tool to integrate smart phones to a desktop, could allow an attacker to impersonate another device. The oldstable distribution (bookworm) is not affected. For the stable distribution (trixie), this problem has been fixed in
It was discovered that a buffer overflow in the TGA parser of Krita, a creative application for raster images, could potentially result in the execution of arbitrary code if malformed images are opened. For the oldstable distribution (bookworm), this problem has been fixed in version 1:5.1.5+dfsg-2+deb12u1.
Several security vulnerabilities were discovered in the server of the Tryton application platform, which could lead to information disclosure. For the oldstable distribution (bookworm), this problem has been fixed in version 6.0.29-2+deb12u4. For the stable distribution (trixie), this problem has been fixed in
It was discovered that missing validation of the device ID during handshakes in KDE Connect, a tool to integrate smart phones to a desktop, could allow an attacker to impersonate another device. The oldstable distribution (bookworm) is not affected. For the stable distribution (trixie), this problem has been fixed in
A vulnerability was discovered in pdfminer, a tool for extracting information from PDF documents, which may result in the execution of arbitrary code if a specially crafted PDF file is processed. For the oldstable distribution (bookworm), this problem has been fixed in version 20221105+dfsg-1.1~deb12u1.
Abdulfatah Abdillahi discovered a cross-site scripting vulnerability in the web client of the Tryton application platform. For the oldstable distribution (bookworm), this problem has been fixed in version 6.0.28+ds1-2+deb12u2. For the stable distribution (trixie), this problem has been fixed in
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. Google is aware that an exploit for CVE-2025-13223 exists in the wild. For the oldstable distribution (bookworm), these problems have been fixed
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the oldstable distribution (bookworm), these problems have been fixed
Keane O’Kelley discovered several vulnerabilities in lasso, a library implementing Liberty Alliance and SAML protocols, which could result in denial of service or the execution of arbitrary code.
It was discovered that LXD, a system container and virtual machine manager, is prone to a local privilege escalation vulnerability if unprivileged users are allowed to access LXD through lxd-user.
A vulnerability was discovered in the ec2tokens and s3tokens APIs of Keystone, the OpenStack identity service, which may result in authorisation bypass or privilege escalation if /v3/ec2tokens or /v3/s3tokens are reachable by unauthenticated clients.
A security issue was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Two security issues were discovered in sudo-rs, a Rust-based implemention of sudo (and su), which could result in the local disclosure of partially typed passwords or an authentication bypass in some targetpw/rootpw configurations.
It was discovered that Incus, a system container and virtual machine manager, is prone to a local privilege escalation vulnerability unprivileged users are allowed access to Incus through incus-user.
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
A buffer overflow was discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed XWD images are opened.
Multiple security issues were found in Rack, an interface for developing web applications in Ruby, which could result in denial of service or proxy bypass.
53 queries. 9.25 mb Memory usage. 1.114 seconds.