Letzte Aktivitäten
Micha hat eine Antwort im Thema Debian Security Advisory verfasst.
Package : jpeg-xl
CVE ID : CVE-2023-0645 CVE-2023-35790 CVE-2024-11403 CVE-2024-11498
Debian Bug : 1034722 1055306 1088818
Multiple vulnerabilities are discovered in jpeg-xl, the JPEG XL ("JXL") image coding library, including out of bounds read/write and stack based buffer overflow, which may cause excessive memory usage and denial of service attacks.
CVE-2023-0645
Specifically crafted file could cause an out of bounds read in the exif
handler of libjxl.…
Micha hat eine Antwort im Thema Debian Security Advisory verfasst.
Package : mediawiki
CVE ID : CVE-2025-6590 CVE-2025-6591 CVE-2025-6593 CVE-2025-6594
CVE-2025-6595 CVE-2025-6597 CVE-2025-6926 CVE-2025-32072
Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, information disclosure, HTML injection or incorrect tracking of authentication events.
For the stable distribution (bookworm), these problems have been fixed in version 1:1.39.13-1~deb12u1.…
Micha hat eine Antwort im Thema Debian Security Advisory verfasst.
Package : ring
CVE ID : CVE-2023-27585
The embedded copy of pjproject is affected by a buffer overflow vulnerability, which affects applications that use PJSIP DNS resolver.
For the stable distribution (bookworm), this problem has been fixed in version 20230206.0~ds2-1.1+deb12u1.
We recommend that you upgrade your ring packages.
For the detailed security status of ring please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/ring…
Micha hat eine Antwort im Thema Debian Security Advisory verfasst.
Package : chromium
CVE ID : CVE-2025-6554
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. Google is aware that an exploit for CVE-2025-6554 exists in the wild.
For the stable distribution (bookworm), this problem has been fixed in version 138.0.7204.92-1~deb12u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please…
Micha hat eine Antwort im Thema Debian Security Advisory verfasst.
Package : sudo
CVE ID : CVE-2025-32462
Rich Mirch discovered that sudo, a program designed to provide limited super user privileges to specific users, does not correctly handle the host (-h or --host) option. Due to a bug the host option was not restricted to listing privileges only and could be used when running a command via sudo or editing a file with sudoedit. Depending on the rules present in the sudoers file the flaw might allow a local privilege escalation attack.…
Micha hat eine Antwort im Thema Debian Security Advisory verfasst.
Package : catdoc
CVE ID : CVE-2024-48877 CVE-2024-52035 CVE-2024-54028
Debian Bug : 1107168
Several vulnerabilities were discovered in catdoc, a text extractor for MS-Office files, which may result in denial of service or the execution of arbitrary code if a specially crafted file is processed.
For the stable distribution (bookworm), these problems have been fixed in version 1:0.95-6~deb12u1.
We recommend that you upgrade your catdoc packages.
For the detailed…
Micha hat eine Antwort im Thema Debian Security Advisory verfasst.
Package : chromium
CVE ID : CVE-2025-6555 CVE-2025-6556 CVE-2025-6557
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
For the stable distribution (bookworm), these problems have been fixed in version 138.0.7204.49-1~deb12u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to its security tracker page at:…
Micha hat eine Antwort im Thema Debian Security Advisory verfasst.
Package : firefox-esr
CVE ID : CVE-2025-6424 CVE-2025-6425 CVE-2025-6429 CVE-2025-6430
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
For the stable distribution (bookworm), these problems have been fixed in version 128.12.0esr-1~deb12u1.
We recommend that you upgrade your firefox-esr packages.
For the detailed security status of firefox-esr please refer to its security…
Micha hat eine Antwort im Thema Debian Security Advisory verfasst.
Package : libxml2
CVE ID : CVE-2022-49043 CVE-2023-39615 CVE-2023-45322 CVE-2024-25062
CVE-2024-34459 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113
CVE-2025-32414 CVE-2025-32415
Debian Bug : 1051230 1053629 1063234 1071162 1094238 1098320 1098321 1098322 1102521 1103511
Brief introduction
Multiple memory related vulnerabilities, inlcuding use-after-free, out-of-bounds memory access and NULL pointer dereference, were discovered in GNOME XML Parser and Toolkit Library…
Micha hat eine Antwort im Thema Debian Security Advisory verfasst.
Package : trafficserver
CVE ID : CVE-2024-53868 CVE-2025-31698 CVE-2025-49763
Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service, HTTP request smuggling or incorrect processing of ACLs.
For the stable distribution (bookworm), these problems have been fixed in version 9.2.5+ds-0+deb12u3.
We recommend that you upgrade your trafficserver packages.
For the detailed security status…
Micha hat eine Antwort im Thema Debian Security Advisory verfasst.
Package : xorg-server
CVE ID : CVE-2025-49175 CVE-2025-49176 CVE-2025-49177 CVE-2025-49178
CVE-2025-49179 CVE-2025-49180
Nils Emmerich discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged.
For the stable distribution (bookworm), these problems have been fixed in version 2:21.1.7-3+deb12u10.
We recommend that you upgrade your xorg-server packages.
For the detailed security status of…
Micha hat eine Antwort im Thema Debian Security Advisory verfasst.
Package : gdk-pixbuf
CVE ID : CVE-2025-6199
It was discovered that incorrect bounds validation in the GIF decoder of the GDK Pixbuf library may result in memory disclosure.
For the stable distribution (bookworm), this problem has been fixed in version 2.42.10+dfsg-1+deb12u2.
We recommend that you upgrade your gdk-pixbuf packages.
For the detailed security status of gdk-pixbuf please refer to its security tracker page at:…
Micha hat eine Antwort im Thema Debian Security Advisory verfasst.
Package : konsole
CVE ID : CVE-2025-49091
Dennis Dast discovered that the Konsole terminal emulator insecurely handled the telnet URI scheme, which could result in the execution of arbitrary code in some configurations.
For the stable distribution (bookworm), this problem has been fixed in version 4:22.12.3-1+deb12u1.
We recommend that you upgrade your konsole packages.
For the detailed security status of konsole please refer to its security tracker page at:…
Micha hat eine Antwort im Thema Debian Security Advisory verfasst.
Package : chromium
CVE ID : CVE-2025-6191 CVE-2025-6192
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
For the stable distribution (bookworm), these problems have been fixed in version 137.0.7151.119-1~deb12u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to its security tracker page at:…
Micha hat eine Antwort im Thema Debian Security Advisory verfasst.
Package : libblockdev
CVE ID : CVE-2025-6019
The Qualys Threat Research Unit (TRU) discovered a local privilege escalation vulnerability in libblockdev, a library for manipulating block devices. An "allow_active" user can exploit this flaw via the udisks daemon to obtain the full privileges of the root user.
Details can be found in the Qualys advisory at https://www.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt
Along with the libblockdev update, updated udisks2…
Micha hat eine Antwort im Thema Debian Security Advisory verfasst.
Package : chromium
CVE ID : CVE-2025-5958 CVE-2025-5959
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
For the stable distribution (bookworm), these problems have been fixed in version 137.0.7151.103-1~deb12u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to its security tracker page at:…
Micha hat eine Antwort im Thema Debian Security Advisory verfasst.
Package : gst-plugins-bad1.0
CVE ID : CVE-2025-3887
Multiple vulnerabilities were discovered in the H.265 plugin for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.
For the stable distribution (bookworm), this problem has been fixed in version 1.22.0-4+deb12u6.
We recommend that you upgrade your gst-plugins-bad1.0 packages.
For the detailed security status of…
Micha hat eine Antwort im Thema Debian Security Advisory verfasst.
Package : modsecurity-apache
CVE ID : CVE-2025-47947 CVE-2025-48866
Debian Bug : 1106286 1107196
Several vulnerabilities were discovered in modsecurity-apache, an Apache module to tighten the Web application security, which may result in denial of service (high memory consumption).
For the stable distribution (bookworm), these problems have been fixed in version 2.9.7-1+deb12u1.
We recommend that you upgrade your modsecurity-apache packages.
For the detailed…
Micha hat eine Antwort im Thema Debian Security Advisory verfasst.
Package : gimp
CVE ID : CVE-2025-2760 CVE-2025-2761 CVE-2025-48797 CVE-2025-48798
Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed XCF, TGA, DDS, FLI or ICO files are opened.
For the stable distribution (bookworm), these problems have been fixed in version 2.10.34-1+deb12u3.
We recommend that you upgrade your gimp packages.
For the…
Micha hat eine Antwort im Thema Debian Security Advisory verfasst.
Package : python-tornado
CVE ID : CVE-2025-47287
It was discovered that the Tornado Python web framework performed excessive logging when parsing some multipart/form-data requests, which could result in denial of service.
For the stable distribution (bookworm), this problem has been fixed in version 6.2.0-3+deb12u2.
We recommend that you upgrade your python-tornado packages.
For the detailed security status of python-tornado please refer to its security tracker page…