Letzte Aktivitäten

Package : jpeg-xl CVE ID : CVE-2023-0645 CVE-2023-35790 CVE-2024-11403 CVE-2024-11498 Debian Bug : 1034722 1055306 1088818 Multiple vulnerabilities are discovered in jpeg-xl, the JPEG XL ("JXL") image coding library, including out of bounds read/write and stack based buffer overflow, which may cause excessive memory usage and denial of service attacks. CVE-2023-0645 Specifically crafted file could cause an out of bounds read in the exif handler of libjxl.…

Package : mediawiki CVE ID : CVE-2025-6590 CVE-2025-6591 CVE-2025-6593 CVE-2025-6594 CVE-2025-6595 CVE-2025-6597 CVE-2025-6926 CVE-2025-32072 Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, information disclosure, HTML injection or incorrect tracking of authentication events. For the stable distribution (bookworm), these problems have been fixed in version 1:1.39.13-1~deb12u1.…

Package : ring CVE ID : CVE-2023-27585 The embedded copy of pjproject is affected by a buffer overflow vulnerability, which affects applications that use PJSIP DNS resolver. For the stable distribution (bookworm), this problem has been fixed in version 20230206.0~ds2-1.1+deb12u1. We recommend that you upgrade your ring packages. For the detailed security status of ring please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ring…

Package : chromium CVE ID : CVE-2025-6554 Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. Google is aware that an exploit for CVE-2025-6554 exists in the wild. For the stable distribution (bookworm), this problem has been fixed in version 138.0.7204.92-1~deb12u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please…

Package : sudo CVE ID : CVE-2025-32462 Rich Mirch discovered that sudo, a program designed to provide limited super user privileges to specific users, does not correctly handle the host (-h or --host) option. Due to a bug the host option was not restricted to listing privileges only and could be used when running a command via sudo or editing a file with sudoedit. Depending on the rules present in the sudoers file the flaw might allow a local privilege escalation attack.…

Package : catdoc CVE ID : CVE-2024-48877 CVE-2024-52035 CVE-2024-54028 Debian Bug : 1107168 Several vulnerabilities were discovered in catdoc, a text extractor for MS-Office files, which may result in denial of service or the execution of arbitrary code if a specially crafted file is processed. For the stable distribution (bookworm), these problems have been fixed in version 1:0.95-6~deb12u1. We recommend that you upgrade your catdoc packages. For the detailed…

Package : chromium CVE ID : CVE-2025-6555 CVE-2025-6556 CVE-2025-6557 Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 138.0.7204.49-1~deb12u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at:…

Package : firefox-esr CVE ID : CVE-2025-6424 CVE-2025-6425 CVE-2025-6429 CVE-2025-6430 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For the stable distribution (bookworm), these problems have been fixed in version 128.12.0esr-1~deb12u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security…

Package : libxml2 CVE ID : CVE-2022-49043 CVE-2023-39615 CVE-2023-45322 CVE-2024-25062 CVE-2024-34459 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 CVE-2025-32414 CVE-2025-32415 Debian Bug : 1051230 1053629 1063234 1071162 1094238 1098320 1098321 1098322 1102521 1103511 Brief introduction Multiple memory related vulnerabilities, inlcuding use-after-free, out-of-bounds memory access and NULL pointer dereference, were discovered in GNOME XML Parser and Toolkit Library…

Package : trafficserver CVE ID : CVE-2024-53868 CVE-2025-31698 CVE-2025-49763 Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service, HTTP request smuggling or incorrect processing of ACLs. For the stable distribution (bookworm), these problems have been fixed in version 9.2.5+ds-0+deb12u3. We recommend that you upgrade your trafficserver packages. For the detailed security status…

Package : xorg-server CVE ID : CVE-2025-49175 CVE-2025-49176 CVE-2025-49177 CVE-2025-49178 CVE-2025-49179 CVE-2025-49180 Nils Emmerich discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged. For the stable distribution (bookworm), these problems have been fixed in version 2:21.1.7-3+deb12u10. We recommend that you upgrade your xorg-server packages. For the detailed security status of…

Package : gdk-pixbuf CVE ID : CVE-2025-6199 It was discovered that incorrect bounds validation in the GIF decoder of the GDK Pixbuf library may result in memory disclosure. For the stable distribution (bookworm), this problem has been fixed in version 2.42.10+dfsg-1+deb12u2. We recommend that you upgrade your gdk-pixbuf packages. For the detailed security status of gdk-pixbuf please refer to its security tracker page at:…

Package : konsole CVE ID : CVE-2025-49091 Dennis Dast discovered that the Konsole terminal emulator insecurely handled the telnet URI scheme, which could result in the execution of arbitrary code in some configurations. For the stable distribution (bookworm), this problem has been fixed in version 4:22.12.3-1+deb12u1. We recommend that you upgrade your konsole packages. For the detailed security status of konsole please refer to its security tracker page at:…

Package : chromium CVE ID : CVE-2025-6191 CVE-2025-6192 Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 137.0.7151.119-1~deb12u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at:…

Package : libblockdev CVE ID : CVE-2025-6019 The Qualys Threat Research Unit (TRU) discovered a local privilege escalation vulnerability in libblockdev, a library for manipulating block devices. An "allow_active" user can exploit this flaw via the udisks daemon to obtain the full privileges of the root user. Details can be found in the Qualys advisory at https://www.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt Along with the libblockdev update, updated udisks2…

Package : chromium CVE ID : CVE-2025-5958 CVE-2025-5959 Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 137.0.7151.103-1~deb12u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at:…

Package : gst-plugins-bad1.0 CVE ID : CVE-2025-3887 Multiple vulnerabilities were discovered in the H.265 plugin for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. For the stable distribution (bookworm), this problem has been fixed in version 1.22.0-4+deb12u6. We recommend that you upgrade your gst-plugins-bad1.0 packages. For the detailed security status of…

Package : modsecurity-apache CVE ID : CVE-2025-47947 CVE-2025-48866 Debian Bug : 1106286 1107196 Several vulnerabilities were discovered in modsecurity-apache, an Apache module to tighten the Web application security, which may result in denial of service (high memory consumption). For the stable distribution (bookworm), these problems have been fixed in version 2.9.7-1+deb12u1. We recommend that you upgrade your modsecurity-apache packages. For the detailed…

Package : gimp CVE ID : CVE-2025-2760 CVE-2025-2761 CVE-2025-48797 CVE-2025-48798 Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed XCF, TGA, DDS, FLI or ICO files are opened. For the stable distribution (bookworm), these problems have been fixed in version 2.10.34-1+deb12u3. We recommend that you upgrade your gimp packages. For the…

Package : python-tornado CVE ID : CVE-2025-47287 It was discovered that the Tornado Python web framework performed excessive logging when parsing some multipart/form-data requests, which could result in denial of service. For the stable distribution (bookworm), this problem has been fixed in version 6.2.0-3+deb12u2. We recommend that you upgrade your python-tornado packages. For the detailed security status of python-tornado please refer to its security tracker page…