Advisories: Debian

Here are the latest security advisories for the Debian Linux distribution:

  • DSA-6001-1 cjson - security update
    It was discovered that cJSON, an ultralightweight JSON parser, performed insufficient input sanitising, which could result in out-of-bounds memory access. https://security-tracker.debian.org/tracker/DSA-6001-1
  • DSA-6000-1 libcpanel-json-xs-perl - security update
    Michael Hudak discovered a flaw in libcpanel-json-xs-perl, a module for fast and correct serialising to JSON. An integer buffer overflow causing a segfault when parsing specially crafted JSON, may allow an attacker to mount a denial-of-service attack or cause other unspecified impact. https://security-tracker.debian.org/tracker/DSA-6000-1
  • DSA-5999-1 libjson-xs-perl - security update
    Michael Hudak discovered a flaw in libjson-xs-perl, a module for manipulating JSON-formatted data. An integer buffer overflow causing a segfault when parsing specially crafted JSON, may allow an attacker to mount a denial-of-service attack or cause other unspecified impact. https://security-tracker.debian.org/tracker/DSA-5999-1
  • DSA-5998-1 cups - security update
    Two vulnerabilities were discovered in cups, the Common UNIX Printing System, which may result in authentication bypass with AuthType Negotiate or in denial of service (daemon crash). https://security-tracker.debian.org/tracker/DSA-5998-1
  • DSA-5997-1 imagemagick - security update
    Multiple memory corruption vulnerbilities were discovered in imagemagick, a software suit used for editing and manipulating digital images, which could lead to information leak, denial of service, and potentially arbitrary code execution. https://security-tracker.debian.org/tracker/DSA-5997-1
  • DSA-5996-1 chromium - security update
    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5996-1
  • DSA-5995-1 hsqldb1.8.0 - security update
    Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input by the database admin to output such a script. In combination with LibreOffice, an attacker could craft an odb containing a "database/script" file which itself contained a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker. https://security-tracker.debian.org/tracker/DSA-5995-1
  • DSA-5994-1 shibboleth-sp - security update
    Florian Stuhlmann discovered a SQL vulnerability in the ODBC plugin in the Shibboleth Service Provider which may result in information leak. For additional information please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20250903.txt https://security-tracker.debian.org/tracker/DSA-5994-1
  • DSA-5993-1 chromium - security update
    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5993-1
  • DSA-5992-1 firebird4.0 - security update
    Two vulnerabilities were discovered in the Firebird database, which may result in denial of service or authentication bypass. https://security-tracker.debian.org/tracker/DSA-5992-1
  • DSA-5991-1 nodejs - security update
    Multiple vulnerabilities were discovered in Node.js, which could result in denial of service, HTTP request smuggling, privilege escalation, a side channel attack against PKCS#1 1.5 or a bypass of network import restrictions. https://security-tracker.debian.org/tracker/DSA-5991-1
  • DSA-5990-1 libxml2 - security update
    A flaw was found in libxslt, the XSLT 1.0 processing library, where the attribute type, atype, flags are modified in a way that corrupts internal memory management. This is addressed by adding guards in libxml2, the GNOME XML library, preventing the heap use-after-free from happening. https://security-tracker.debian.org/tracker/DSA-5990-1
  • DSA-5989-1 udisks2 - security update
    Michael Imfeld discovered an out-of-bounds read vulnerability in udisks2, a D-Bus service to access and manipulate storage devices, which may result in denial of service (daemon process crash), or in mapping an internal file descriptor from the daemon process onto a loop device, resulting in local privilege escalation. https://security-tracker.debian.org/tracker/DSA-5989-1
  • DSA-5988-1 chromium - security update
    A security issues was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5988-1
  • DSA-5987-1 unbound - security update
    Multiple security issues were discovered in Unbound, a validating, recursive, caching DNS resolver, which may result in denial of service or cache poisoning via the "rebirthday attack". https://security-tracker.debian.org/tracker/DSA-5987-1
  • DSA-5986-1 node-cipher-base - security update
    Nikita Skorovoda discovered that Node cipher-base, an abstract base class for crypto-streams, performed incomplete type checks. https://security-tracker.debian.org/tracker/DSA-5986-1
  • DSA-5985-1 ffmpeg - security update
    Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. https://security-tracker.debian.org/tracker/DSA-5985-1
  • DSA-5984-1 thunderbird - security update
    Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-5984-1
  • DSA-5983-1 qemu - security update
    This update removes the usage of the C (Credential) flag for the binfmt_misc registration within the qemu-user package, as it allowed for privilege escalation when running a suid/sgid binary under qemu-user. This means suid/sgid foreign-architecture binaries are not running with elevated privileges under qemu-user anymore. If you relied on this behavior of qemu-user in the past (running suid/sgid foreign-arch binaries), this will require changes to your deployment. In Bookworm the affected packages are qemu-user-static (and qemu-user-binfmt) instead of qemu-user. Additionally, two security issues were fixed the in SR-IOV support of QEMU system emulation. https://security-tracker.debian.org/tracker/DSA-5983-1
  • DSA-5982-1 squid - security update
    Two security issues were discovered in the Squid proxy caching server, which could result in the execution of arbitrary code, information disclosure or denial of service. https://security-tracker.debian.org/tracker/DSA-5982-1
  • More...

Tell me what you are thinking?