Here are the latest security advisories for the Debian Linux distribution:

• DSA-5874-1 firefox-esr - security update
  Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-5874-1
• DSA-5873-1 libreoffice - security update
  Amel Bouziane-Leblond discovered that insufficient validation of "vnd.libreoffice.command" URI schemes could result in the execution of arbitrary macro commands. https://security-tracker.debian.org/tracker/DSA-5873-1
• DSA-5872-1 xorg-server - security update
  Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged. https://security-tracker.debian.org/tracker/DSA-5872-1
• DSA-5871-1 emacs - security update
  Two security vulnerabilities were discovered in Emacs: CVE-2024-53920 Elisp byte-compilation ('elisp-flymake-byte-compile') in the Flymake mode is now disabled for untrusted files. CVE-2025-1244 An incomplete escaping of shell meta characters in the man reader component could potentially result in the execution of arbitrary shell commands. Discovered by Maxim Nikulin. https://security-tracker.debian.org/tracker/DSA-5871-1
• DSA-5870-1 openh264 - security update
  A heap-based buffer overflow flaw in the decoding functions of openh264, a codec library which supports H.264 encoding and decoding, may allow a remote attacker to cause a denial of service or the execution of arbitrary code if a specially crafted video is processed. https://security-tracker.debian.org/tracker/DSA-5870-1
• DSA-5869-1 chromium - security update
  Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5869-1
• DSA-5868-1 openssh - security update
  The Qualys Threat Research Unit (TRU) discovered that the OpenSSH client is vulnerable to a machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (disabled by default). Details can be found in the Qualys advisory at https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt https://security-tracker.debian.org/tracker/DSA-5868-1
• DSA-5867-1 gnutls28 - security update
  Bing Shi reported a flaw in GnuTLS, a library implementing the TLS and SSL protocols. Inefficient processing of certificates containing numerous names or name constraints may result in a denial of service. https://security-tracker.debian.org/tracker/DSA-5867-1
• DSA-5866-1 chromium - security update
  Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5866-1
• DSA-5865-1 webkit2gtk - security update
  The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2025-24143 An anonymous researcher discovered that a maliciously crafted webpage may be able to fingerprint the user. CVE-2025-24150 Johan Carlsson discovered that copying a URL from Web Inspector may lead to command injection. CVE-2025-24158 Q1IQ and P1umer discovered that processing web content may lead to a denial-of-service. CVE-2025-24162 linjy and chluo discovered that processing maliciously crafted web content may lead to an unexpected process crash. https://security-tracker.debian.org/tracker/DSA-5865-1
• DSA-5864-1 pam-pkcs11 - security update
  Two vulnerabilities were discovered in pam-pkcs11, a PAM module which allows to use PKCS#11 based smart cards in the PAM authentication stack, which may allow to bypass the authentication in some scenarios. https://security-tracker.debian.org/tracker/DSA-5864-1
• DSA-5863-1 libtasn1-6 - security update
  Bing Shi reported a flaw in Libtasn1, a library to manage ASN.1 structures. Inefficient processing of input DER data containing a large number of SEQUENCE OF or SET OF elements, may result in a denial of service. https://security-tracker.debian.org/tracker/DSA-5863-1
• DSA-5862-1 cacti - security update
  Multiple security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in cross-site scripting, SQL injection, or command injection. https://security-tracker.debian.org/tracker/DSA-5862-1
• DSA-5861-1 thunderbird - security update
  Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-5861-1
• DSA-5860-1 linux - security update
  Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. https://security-tracker.debian.org/tracker/DSA-5860-1
• DSA-5859-1 chromium - security update
  Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5859-1
• DSA-5858-1 firefox-esr - security update
  Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-5858-1
• DSA-5857-1 openjdk-17 - security update
  A vulnerability has been discovered in the OpenJDK Java runtime, which may result in authorisation bypass or information disclosure. https://security-tracker.debian.org/tracker/DSA-5857-1
• DSA-5856-1 redis - security update
  Two security issues were discovered in Redis, a persistent key-value database, which could result in the execution of arbitrary code or denial of service. https://security-tracker.debian.org/tracker/DSA-5856-1
• DSA-5855-1 chromium - security update
  Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. https://security-tracker.debian.org/tracker/DSA-5855-1
• More...