Advisories: Debian

Here are the latest security advisories for the Debian Linux distribution:

  • DSA-5983-1 qemu - security update
    This update removes the usage of the C (Credential) flag for the binfmt_misc registration within the qemu-user package, as it allowed for privilege escalation when running a suid/sgid binary under qemu-user. This means suid/sgid foreign-architecture binaries are not running with elevated privileges under qemu-user anymore. If you relied on this behavior of qemu-user in the past (running suid/sgid foreign-arch binaries), this will require changes to your deployment. In Bookworm the affected packages are qemu-user-static (and qemu-user-binfmt) instead of qemu-user. Additionally, two security issues were fixed the in SR-IOV support of QEMU system emulation. https://security-tracker.debian.org/tracker/DSA-5983-1
  • DSA-5982-1 squid - security update
    Two security issues were discovered in the Squid proxy caching server, which could result in the execution of arbitrary code, information disclosure or denial of service. https://security-tracker.debian.org/tracker/DSA-5982-1
  • DSA-5981-1 chromium - security update
    A security issues was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5981-1
  • DSA-5980-1 firefox-esr - security update
    Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or bypass of the same-origin policy. https://security-tracker.debian.org/tracker/DSA-5980-1
  • DSA-5979-1 libxslt - security update
    Two vunlerabilities were found in libxslt, the XSLT 1.0 processing library, which may lead to information disclosure and DoS attack. CVE-2023-40403 Information disclosure with weak memory handling of generated-id() CVE-2025-7424 Type confusion in xmlNode.psvi between stylesheet and source nodes, which may allow an attacker to crash the application or corrupt memory. https://security-tracker.debian.org/tracker/DSA-5979-1
  • DSA-5978-1 webkit2gtk - security update
    The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2025-6558 Clement Lecigne and Vlad Stolyarov discovered that processing maliciously crafted web content may lead to an unexpected crash. CVE-2025-31273 Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei discovered that processing maliciously crafted web content may lead to memory corruption. CVE-2025-31278 Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei discovered that processing maliciously crafted web content may lead to memory corruption. CVE-2025-43211 Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei discovered that processing web content may lead to a denial-of-service. CVE-2025-43212 Nan Wang and Ziling Chen discovered that processing maliciously crafted web content may lead to an unexpected crash. CVE-2025-43216 Ignacio Sanmillan discovered that processing maliciously crafted web content may lead to an unexpected crash. CVE-2025-43227 Gilad Moav discovered that processing maliciously crafted web content may disclose sensitive user information. CVE-2025-43228 Jaydev Ahire discovered that visiting a malicious website may lead to address bar spoofing. CVE-2025-43240 Syarif Muhammad Sajjad discovered that a download's origin may be incorrectly associated. CVE-2025-43265 HexRabbit discovered that processing maliciously crafted web content may disclose internal states of the app. https://security-tracker.debian.org/tracker/DSA-5978-1
  • DSA-5977-1 aide - security update
    Rajesh Pangare discovered two vulnerabilities in aide, an advanced intrusion detection system. A local attacker can take advantage of these flaws to hide the addition or removal of a file from the the report, tamper with the log output, or cause aide to crash during report printing or database listing. https://security-tracker.debian.org/tracker/DSA-5977-1
  • DSA-5976-1 chromium - security update
    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5976-1
  • DSA-5975-1 linux - security update
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. https://security-tracker.debian.org/tracker/DSA-5975-1
  • DSA-5974-1 pgpool2 - security update
    Two security issues were found in pgpool-II, the connection pool server and replication proxy for PostgreSQL, which could result in authentication bypass and exposure of sensitive information. https://security-tracker.debian.org/tracker/DSA-5974-1
  • DSA-5973-1 linux - security update
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. https://security-tracker.debian.org/tracker/DSA-5973-1
  • DSA-5972-1 openjdk-17 - security update
    Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or weakened TLS connections. https://security-tracker.debian.org/tracker/DSA-5972-1
  • DSA-5971-1 chromium - security update
    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5971-1
  • DSA-5970-1 sope - security update
    Stefan Buehler discovered a flaw in sope, the set of Objective-C frameworks powering SOGo, which may result in denial of service via a specially crafted POST request. https://security-tracker.debian.org/tracker/DSA-5970-1
  • DSA-5969-1 redis - security update
    Several security issues were discovered in Redis, a persistent key-value database, which could result in the execution of arbitrary code or denial of service. https://security-tracker.debian.org/tracker/DSA-5969-1
  • DSA-5968-1 chromium - security update
    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5968-1
  • DSA-5967-1 php8.2 - security update
    Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service or server side request forgery. https://security-tracker.debian.org/tracker/DSA-5967-1
  • DSA-5966-1 thunderbird - security update
    Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-5966-1
  • DSA-5965-1 chromium - security update
    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5965-1
  • DSA-5964-1 firefox-esr - security update
    Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-5964-1
  • More...

Tell me what you are thinking?