Ike.ninja

Debian: Critical Symlink Bypass Vulnerability in node-tar-fs DSA-6013-1

Sep28

by Ike on September 28, 2025 at 2:42 pm

Posted In: Debian Linux Distribution - Security Advisories

Critical vulnerability in node-tar-fs DSA-6013-1

It was discovered that the symlink validation in node-tar-fs, a Node.js module that provides filesystem-like access to tar files, could be bypassed.

└ Tags: Debian Linux Distribution - Security Advisories

Comment

Debian: firefox-esr Important Connection Errors Fix DSA-6003-2

Sep28

by Ike on September 28, 2025 at 12:04 pm

Posted In: Debian Linux Distribution - Security Advisories

Debian firefox-esr connection error fix

Firefox 140.3.1 has been released, which fixes connection errors with some sites; if HTTP/3 connections failed, the fallback is now handled more gracefully.

└ Tags: Debian Linux Distribution - Security Advisories

Comment

Debian: nncp Important Path Traversal Threat DSA-6012-1 CVE-2025-60020

Sep26

by Ike on September 26, 2025 at 9:30 pm

Posted In: Debian Linux Distribution - Security Advisories

Debian Security Advisory Illustration for nncp updates

Eugene Medvedev discovered that nncp, a package facilitating secure store-and-forward file and mail exchange, was susceptible to path traversal with the freq and file commands.

└ Tags: Debian Linux Distribution - Security Advisories

Comment