Advisories: Debian

Here are the latest security advisories for the Debian Linux distribution:

  • DSA-5869-1 chromium - security update
    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5869-1
  • DSA-5868-1 openssh - security update
    The Qualys Threat Research Unit (TRU) discovered that the OpenSSH client is vulnerable to a machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (disabled by default). Details can be found in the Qualys advisory at https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt https://security-tracker.debian.org/tracker/DSA-5868-1
  • DSA-5867-1 gnutls28 - security update
    Bing Shi reported a flaw in GnuTLS, a library implementing the TLS and SSL protocols. Inefficient processing of certificates containing numerous names or name constraints may result in a denial of service. https://security-tracker.debian.org/tracker/DSA-5867-1
  • DSA-5866-1 chromium - security update
    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5866-1
  • DSA-5865-1 webkit2gtk - security update
    The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2025-24143 An anonymous researcher discovered that a maliciously crafted webpage may be able to fingerprint the user. CVE-2025-24150 Johan Carlsson discovered that copying a URL from Web Inspector may lead to command injection. CVE-2025-24158 Q1IQ and P1umer discovered that processing web content may lead to a denial-of-service. CVE-2025-24162 linjy and chluo discovered that processing maliciously crafted web content may lead to an unexpected process crash. https://security-tracker.debian.org/tracker/DSA-5865-1
  • DSA-5864-1 pam-pkcs11 - security update
    Two vulnerabilities were discovered in pam-pkcs11, a PAM module which allows to use PKCS#11 based smart cards in the PAM authentication stack, which may allow to bypass the authentication in some scenarios. https://security-tracker.debian.org/tracker/DSA-5864-1
  • DSA-5863-1 libtasn1-6 - security update
    Bing Shi reported a flaw in Libtasn1, a library to manage ASN.1 structures. Inefficient processing of input DER data containing a large number of SEQUENCE OF or SET OF elements, may result in a denial of service. https://security-tracker.debian.org/tracker/DSA-5863-1
  • DSA-5862-1 cacti - security update
    Multiple security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in cross-site scripting, SQL injection, or command injection. https://security-tracker.debian.org/tracker/DSA-5862-1
  • DSA-5861-1 thunderbird - security update
    Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-5861-1
  • DSA-5860-1 linux - security update
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. https://security-tracker.debian.org/tracker/DSA-5860-1
  • DSA-5859-1 chromium - security update
    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5859-1
  • DSA-5858-1 firefox-esr - security update
    Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-5858-1
  • DSA-5857-1 openjdk-17 - security update
    A vulnerability has been discovered in the OpenJDK Java runtime, which may result in authorisation bypass or information disclosure. https://security-tracker.debian.org/tracker/DSA-5857-1
  • DSA-5856-1 redis - security update
    Two security issues were discovered in Redis, a persistent key-value database, which could result in the execution of arbitrary code or denial of service. https://security-tracker.debian.org/tracker/DSA-5856-1
  • DSA-5855-1 chromium - security update
    Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5855-1
  • DSA-5854-1 bind9 - security update
    Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service. https://security-tracker.debian.org/tracker/DSA-5854-1
  • DSA-5853-1 pam-u2f - security update
    Matthias Gerstner reported that pam-u2f, a PAM module which allows to use U2F (Universal 2nd Factor) devices in the PAM authentication stack, does not properly handle PAM_IGNORE return values, allowing to bypass the second factor or password-less login without inserting the proper device. https://security-tracker.debian.org/tracker/DSA-5853-1
  • DSA-5851-1 openjpeg2 - security update
    Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, which could result in denial of service or the execution of arbitrary code if malformed images are opened. https://security-tracker.debian.org/tracker/DSA-5851-1
  • DSA-5850-1 git - security update
    Multiple issues were found in Git, a fast, scalable, distributed revision control system, which may result in leaking credential information to an unintended host. https://security-tracker.debian.org/tracker/DSA-5850-1
  • DSA-5849-1 git-lfs - security update
    It was discovered that Git LFS, a Git extension for versioning large files, could leak authentication credentials in some setups. https://security-tracker.debian.org/tracker/DSA-5849-1
  • More...

Tell me what you are thinking?