It was discovered that incorrect bounds validation in the GIF decoder of the GDK Pixbuf library may result in memory disclosure. For the stable distribution (bookworm), this problem has been fixed in
Comment
Archive for Debian Linux Distribution – Security Advisories
1162 results.
Dennis Dast discovered that the Konsole terminal emulator insecurely handled the telnet URI scheme, which could result in the execution of arbitrary code in some configurations.
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
The Qualys Threat Research Unit (TRU) discovered a local privilege escalation vulnerability in libblockdev, a library for manipulating block devices. An “allow_active” user can exploit this flaw via the udisks daemon to obtain the full privileges of the root user.
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Multiple vulnerabilities were discovered in the H.265 plugin for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.
Several vulnerabilities were discovered in modsecurity-apache, an Apache module to tighten the Web application security, which may result in denial of service (high memory consumption).
It was discovered that the Tornado Python web framework performed excessive logging when parsing some multipart/form-data requests, which could result in denial of service.
Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed XCF, TGA, DDS, FLI or ICO files are opened.
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2025-24223
It was discovered that libfile-find-rule-perl, a module to search for files based on rules, is vulnerable to arbitrary code execution when grep() encounters a crafted file name.
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. Google is aware that an exploit for CVE-2025-5419 exists in the wild.
Multiple security issues were discovered in TCPDF, a PHP class for generating PDF files on-the-fly, which may result in denial of service, cross-site scripting or information disclosure.
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the stable distribution (bookworm), these problems have been fixed in
The Qualys Threat Research Unit (TRU) discovered that systemd-coredump is prone to a kill-and-replace race condition which may allow a local attacker to gain sensitive information from crashed SUID processes. Additionally systemd-coredump does not specify %d (the kernel’s per-
Multiple vulnerabilities were discovered in libavif, a library for handling .avif files, which could result in denial of service or potentially the execution of arbitrary code.
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
The update for net-tools announced in DSA 5923-1 introduced a regression for ifconfig always showing zero value packet counters. Updated packages are now available to correct this issue. Two additional stack-based buffer overflow flaws are addressed in this update.
It was discovered that a double-free in the encoder of libvpx, a multimedia library for the VP8 and VP9 video codecs, may result in denial of service and potentially the execution of arbitrary code.
It was discovered that Yelp, the help browser for the GNOME desktop, allowed help files to execute arbitrary scripts. Opening a malformed help file could have resulted in data exfiltration.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or cross-origin leaks.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
This update ships updated CPU microcode for some types of Intel CPUs. In particular it provides mitigations for the Indirect Target Selection (ITS) vulnerability (CVE-2024-28956) and the Branch Privilege Injection vulnerability (CVE-2024-45332).
Mohamed Maatallah discovered a stack-based buffer overflow in the get_name() function in net-tools, a collection of programs for controlling the network subsystem of the Linux kernel, which may result in denial of service (application crash) or potentially the execution of
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Multiple security issues were discovered in Thunderbird, which could result in spoofing of From: mail headers, execution of JavaScript or information disclosure.
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
It was discovered that insecure file handling in open-vm-tools, an open source implementation of VMware Tools, may allow an unprivileged local guest user to tamper local files to trigger insecure file operations within that VM.
Ben Kallus discovered that incorrect parsing of chunked transfer encodings in the Varnish web accelerator may result in HTTP request smuggling or cache poisoning.
A vulnerability has been discovered in mod_auth_openidc, an OpenID Certified authentication and authorization module for the Apache HTTP server that implements the OpenID Connect Relying Party functionality: