Two vulnerabilities were discovered in cups, the Common UNIX Printing System, which may result in authentication bypass with AuthType Negotiate or in denial of service (daemon crash).
Comment
Posts Tagged Debian Linux Distribution – Security Advisories
1153 results.
Multiple memory corruption vulnerbilities were discovered in imagemagick, a software suit used for editing and manipulating digital images, which could lead to information leak, denial of service, and potentially arbitrary code execution.
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a “SCRIPT” keyword which is normally used to record the commands input by the database admin to output such a
Florian Stuhlmann discovered a SQL vulnerability in the ODBC plugin in the Shibboleth Service Provider which may result in information leak. For additional information please refer to the upstream advisory at
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Two vulnerabilities were discovered in the Firebird database, which may result in denial of service or authentication bypass. For the stable distribution (trixie), these problems have been fixed in
Multiple vulnerabilities were discovered in Node.js, which could result in denial of service, HTTP request smuggling, privilege escalation, a side channel attack against PKCS#1 1.5 or a bypass of network import restrictions.
A flaw was found in libxslt, the XSLT 1.0 processing library, where the attribute type, atype, flags are modified in a way that corrupts internal memory management. This is addressed by adding guards in libxml2, the GNOME XML library, preventing the heap use-after-free from happening.
Michael Imfeld discovered an out-of-bounds read vulnerability in udisks2, a D-Bus service to access and manipulate storage devices, which may result in denial of service (daemon process crash), or in mapping an internal file descriptor from the daemon process onto a loop device,
A security issues was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Multiple security issues were discovered in Unbound, a validating, recursive, caching DNS resolver, which may result in denial of service or cache poisoning via the “rebirthday attack”.
Nikita Skorovoda discovered that Node cipher-base, an abstract base class for crypto-streams, performed incomplete type checks. For the oldstable distribution (bookworm), this problem has been fixed
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the oldstable distribution (bookworm), these problems have been fixed
This update removes the usage of the C (Credential) flag for the binfmt_misc registration within the qemu-user package, as it allowed for privilege escalation when running a suid/sgid binary under qemu-user. This means suid/sgid foreign-architecture binaries are not running with
Two security issues were discovered in the Squid proxy caching server, which could result in the execution of arbitrary code, information disclosure or denial of service.
A security issues was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or bypass of the same-origin policy.
Two vunlerabilities were found in libxslt, the XSLT 1.0 processing library, which may lead to information disclosure and DoS attack. CVE-2023-40403
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2025-6558
Rajesh Pangare discovered two vulnerabilities in aide, an advanced intrusion detection system. A local attacker can take advantage of these flaws to hide the addition or removal of a file from the the report, tamper with the log output, or cause aide to crash during report
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Two security issues were found in pgpool-II, the connection pool server and replication proxy for PostgreSQL, which could result in authentication bypass and exposure of sensitive information.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or weakened TLS connections.
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
Stefan Buehler discovered a flaw in sope, the set of Objective-C frameworks powering SOGo, which may result in denial of service via a specially crafted POST request.
Several security issues were discovered in Redis, a persistent key-value database, which could result in the execution of arbitrary code or denial of service.