Beiträge von Micha

    Package : webkit2gtk

    CVE ID : CVE-2025-24143 CVE-2025-24150 CVE-2025-24158 CVE-2025-24162


    The following vulnerabilities have been discovered in the WebKitGTK web engine:


    CVE-2025-24143


    An anonymous researcher discovered that a maliciously crafted

    webpage may be able to fingerprint the user.


    CVE-2025-24150


    Johan Carlsson discovered that copying a URL from Web Inspector

    may lead to command injection.


    CVE-2025-24158


    Q1IQ and P1umer discovered that processing web content may lead to

    a denial-of-service.


    CVE-2025-24162


    linjy and chluo discovered that processing maliciously crafted web

    content may lead to an unexpected process crash.


    For the stable distribution (bookworm), these problems have been fixed in version 2.46.6-1~deb12u1.


    We recommend that you upgrade your webkit2gtk packages.


    For the detailed security status of webkit2gtk please refer to its security tracker page at:

    Information on source package webkit2gtk


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : pam-pkcs11

    CVE ID : CVE-2025-24032 CVE-2025-24531

    Debian Bug : 1095402


    Two vulnerabilities were discovered in pam-pkcs11, a PAM module which allows to use PKCS#11 based smart cards in the PAM authentication stack, which may allow to bypass the authentication in some scenarios.


    For the stable distribution (bookworm), these problems have been fixed in version 0.6.12-1+deb12u1.


    We recommend that you upgrade your pam-pkcs11 packages.


    For the detailed security status of pam-pkcs11 please refer to its security tracker page at:

    Information on source package pam-pkcs11


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : libtasn1-6

    CVE ID : CVE-2024-12133

    Debian Bug : 1095406


    Bing Shi reported a flaw in Libtasn1, a library to manage ASN.1 structures. Inefficient processing of input DER data containing a large number of SEQUENCE OF or SET OF elements, may result in a denial of service.


    For the stable distribution (bookworm), this problem has been fixed in version 4.19.0-2+deb12u1.


    We recommend that you upgrade your libtasn1-6 packages.


    For the detailed security status of libtasn1-6 please refer to its security tracker page at:

    Information on source package libtasn1-6


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : cacti

    CVE ID : CVE-2024-27082 CVE-2024-43362 CVE-2024-43363 CVE-2024-43364

    CVE-2024-43365 CVE-2024-45598 CVE-2024-54145 CVE-2025-22604

    CVE-2025-24367 CVE-2025-24368

    Debian Bug : 1094574


    Multiple security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in cross-site scripting, SQL injection, or command injection.


    For the stable distribution (bookworm), these problems have been fixed in version 1.2.24+ds1-1+deb12u5.


    We recommend that you upgrade your cacti packages.


    For the detailed security status of cacti please refer to its security tracker page at:

    Information on source package cacti


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : linux

    CVE ID : CVE-2024-36899 CVE-2024-49994 CVE-2024-50014 CVE-2024-50047

    CVE-2024-50164 CVE-2024-50304 CVE-2024-53124 CVE-2024-53128

    CVE-2024-53170 CVE-2024-53229 CVE-2024-53234 CVE-2024-53685

    CVE-2024-56551 CVE-2024-56599 CVE-2024-56608 CVE-2024-56631

    CVE-2024-56664 CVE-2024-56703 CVE-2024-57887 CVE-2024-57892

    CVE-2024-57904 CVE-2024-57906 CVE-2024-57907 CVE-2024-57908

    CVE-2024-57910 CVE-2024-57911 CVE-2024-57912 CVE-2024-57913

    CVE-2024-57915 CVE-2024-57916 CVE-2024-57917 CVE-2024-57922

    CVE-2024-57925 CVE-2024-57929 CVE-2024-57939 CVE-2024-57940

    CVE-2024-57948 CVE-2025-21631 CVE-2025-21636 CVE-2025-21637

    CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21646

    CVE-2025-21647 CVE-2025-21648 CVE-2025-21653 CVE-2025-21655

    CVE-2025-21660 CVE-2025-21662 CVE-2025-21664 CVE-2025-21665

    CVE-2025-21666 CVE-2025-21667 CVE-2025-21668 CVE-2025-21669

    CVE-2025-21671 CVE-2025-21675 CVE-2025-21678 CVE-2025-21680

    CVE-2025-21681 CVE-2025-21683


    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.


    For the stable distribution (bookworm), these problems have been fixed in version 6.1.128-1.


    We recommend that you upgrade your linux packages.


    For the detailed security status of linux please refer to its security tracker page at:

    Information on source package linux


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : thunderbird

    CVE ID : CVE-2024-11704 CVE-2025-0510 CVE-2025-1009 CVE-2025-1010

    CVE-2025-1011 CVE-2025-1012 CVE-2025-1013 CVE-2025-1014

    CVE-2025-1015 CVE-2025-1016 CVE-2025-1017


    Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.


    For the stable distribution (bookworm), these problems have been fixed in version 1:128.7.0esr-1~deb12u1.


    We recommend that you upgrade your thunderbird packages.


    For the detailed security status of thunderbird please refer to its security tracker page at:

    Information on source package thunderbird


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : chromium

    CVE ID : CVE-2025-0444 CVE-2025-0445 CVE-2025-0451


    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.


    For the stable distribution (bookworm), these problems have been fixed in version 133.0.6943.53-1~deb12u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : firefox-esr

    CVE ID : CVE-2024-11704 CVE-2025-1009 CVE-2025-1010 CVE-2025-1011

    CVE-2025-1012 CVE-2025-1013 CVE-2025-1014 CVE-2025-1016

    CVE-2025-1017


    Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.


    For the stable distribution (bookworm), these problems have been fixed in version 128.7.0esr-1~deb12u1.


    We recommend that you upgrade your firefox-esr packages.


    For the detailed security status of firefox-esr please refer to its security tracker page at:

    Information on source package firefox-esr


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : openjdk-17

    CVE ID : CVE-2025-21502


    A vulnerability has been discovered in the OpenJDK Java runtime, which may result in authorisation bypass or information disclosure.


    For the stable distribution (bookworm), this problem has been fixed in version 17.0.14+7-1~deb12u1.


    We recommend that you upgrade your openjdk-17 packages.


    For the detailed security status of openjdk-17 please refer to its security tracker page at:

    Information on source package openjdk-17


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : redis

    CVE ID : CVE-2024-46981 CVE-2024-51741


    Two security issues were discovered in Redis, a persistent key-value database, which could result in the execution of arbitrary code or denial of service.


    For the stable distribution (bookworm), these problems have been fixed in version 5:7.0.15-1~deb12u3.


    We recommend that you upgrade your redis packages.


    For the detailed security status of redis please refer to its security tracker page at:

    Information on source package redis


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : chromium

    CVE ID : CVE-2025-0762


    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.


    For the stable distribution (bookworm), this problem has been fixed in version 132.0.6834.159-1~deb12u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : bind9

    CVE ID : CVE-2024-11187 CVE-2024-12705


    Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service.


    For the stable distribution (bookworm), these problems have been fixed in version 1:9.18.33-1~deb12u2.


    We recommend that you upgrade your bind9 packages.


    For the detailed security status of bind9 please refer to its security tracker page at:

    Information on source package bind9


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : pam-u2f

    CVE ID : CVE-2025-23013


    Matthias Gerstner reported that pam-u2f, a PAM module which allows to use U2F (Universal 2nd Factor) devices in the PAM authentication stack, does not properly handle PAM_IGNORE return values, allowing to bypass the second factor or password-less login without inserting the proper device.


    For the stable distribution (bookworm), this problem has been fixed in version 1.1.0-1.1+deb12u1.


    We recommend that you upgrade your pam-u2f packages.


    For the detailed security status of pam-u2f please refer to its security tracker page at:

    Information on source package pam-u2f


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : pdns-recursor

    CVE ID : CVE-2024-25590


    Toshifumi Sakaguchi discovered that too permissive parsing of some resource record sets in the zone file parsing of PDNS Recursor could result in denial of service.


    For the stable distribution (bookworm), this problem has been fixed in version 4.8.8-1+deb12u1.


    We recommend that you upgrade your pdns-recursor packages.


    For the detailed security status of pdns-recursor please refer to its security tracker page at:

    Information on source package pdns-recursor


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : openjpeg2

    CVE ID : CVE-2024-56826 CVE-2024-56827


    Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, which could result in denial of service or the execution of arbitrary code if malformed images are opened.


    For the stable distribution (bookworm), these problems have been fixed in version 2.5.0-2+deb12u1.


    We recommend that you upgrade your openjpeg2 packages.


    For the detailed security status of openjpeg2 please refer to its security tracker page at:

    Information on source package openjpeg2


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : git

    CVE ID : CVE-2024-50349 CVE-2024-52006

    Debian Bug : 1093042


    Multiple issues were found in Git, a fast, scalable, distributed revision control system, which may result in leaking credential information to an unintended host.


    For the stable distribution (bookworm), these problems have been fixed in version 1:2.39.5-0+deb12u2.


    We recommend that you upgrade your git packages.


    For the detailed security status of git please refer to its security tracker page at:

    Information on source package git


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : git-lfs

    CVE ID : CVE-2024-53263


    It was discovered that Git LFS, a Git extension for versioning large files, could leak authentication credentials in some setups.


    For the stable distribution (bookworm), this problem has been fixed in version 3.3.0-1+deb12u1.


    We recommend that you upgrade your git-lfs packages.


    For the detailed security status of git-lfs please refer to its security tracker page at:

    Information on source package git-lfs


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : chromium

    CVE ID : CVE-2025-0611 CVE-2025-0612


    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.


    For the stable distribution (bookworm), these problems have been fixed in version 132.0.6834.110-1~deb12u1.


    We recommend that you upgrade your chromium packages.


    For the detailed security status of chromium please refer to its security tracker page at:

    Information on source package chromium


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : snapcast

    CVE ID : CVE-2023-36177


    It was discovered that the JSON RPC interface of the server componenent of Snapcast, a multi-room client-server audio player, allowed the execution of arbitrary code.


    For the stable distribution (bookworm), this problem has been fixed in version 0.26.0+dfsg1-1+deb12u1.


    We recommend that you upgrade your snapcast packages.


    For the detailed security status of snapcast please refer to its security tracker page at:

    Information on source package snapcast


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Package : libreoffice

    CVE ID : CVE-2024-12425 CVE-2024-12426


    Thomas Rinsma discovered two security vulnerabilities in LibreOffice, which could result in information disclosure or overwriting of files when opening malformed documents.


    For the stable distribution (bookworm), these problems have been fixed in version 4:7.4.7-1+deb12u6.


    We recommend that you upgrade your libreoffice packages.


    For the detailed security status of libreoffice please refer to its security tracker page at:

    Information on source package libreoffice


    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/