Debian Security

Debian Trixie DSA-6109-1 Incus Critical Command Execution Issues

Stay Vigilant with Timely Linux Security Advisories Jan 23, 2026 | 20:08 pm

Two security issues were discovered in Incus, a system container and virtual machine manager, which could result the in execution of arbitrary commands via malformed images. For the stable distribution (trixie), these problems have been fixed in version 6.0.4-2+deb13u4.

Debian Bookworm Python-urllib3 Announces Critical Regression Fix DSA-6102-2

Stay Vigilant with Timely Linux Security Advisories Jan 22, 2026 | 22:26 pm

The update for python-urllib3 announced in DSA 6102-1 introduced a regression in the patch meant to address CVE-2026-21441 for the oldstable distribution (bookworm). Updated packages are now available to correct this issue. For the oldstable distribution (bookworm), this problem has[…]

Debian DSA-6108-1 Critical Chromium Arbitrary Code Exec CVE-2026-1220

Stay Vigilant with Timely Linux Security Advisories Jan 22, 2026 | 22:10 pm

A security issue was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), this problem has been fixed in version 144.0.7559.96-1~deb12u1.

Debian Oldstable BIND9 Critical Denial of Service DSA-6107-1 CVE-2025-13878

Stay Vigilant with Timely Linux Security Advisories Jan 22, 2026 | 20:08 pm

Vlatko Kosturjak discovered that BIND, a DNS server implementation, does not properly handle malformed BRID/HHIT records, which may result in denial of service (named daemon crash). For the oldstable distribution (bookworm), this problem has been fixed in version 1:9.18.44-1~deb12u1.

Debian: inetutils Important Telnetd Login Bypass CVE-2026-24061 DSA-6106-1

Stay Vigilant with Timely Linux Security Advisories Jan 22, 2026 | 07:19 am

Kyu Neushwaistein discovered that telnetd from inetutils does not sanitize the USER environment variable before passing it on to login. A remote attacker can take advantage of this flaw to login as root, bypassing normal authentication processes. For the oldstable[…]

Debian: modsecurity-crs Critical Fix for CVE-2026-21876 DSA-6105-1

Stay Vigilant with Timely Linux Security Advisories Jan 21, 2026 | 21:51 pm

It was discovered that one of the rules in the OWASP ModSecurity Core Rule Set parsed some multipart requests incorrectly. For the oldstable distribution (bookworm), this problem has been fixed in version 3.3.4-1+deb12u1. For the stable distribution (trixie), this problem[…]

Debian: python-keystonemiddleware Security Flaw DSA-6104-1 CVE-2026-22797

Stay Vigilant with Timely Linux Security Advisories Jan 20, 2026 | 21:37 pm

Grzegorz Grasza discovered a vulnerability in the Openstack middleware to provide authentication and authorization features to web services other than Keystone: If an external OAuth provider is configured, authentication headers are insufficiently sanitised, which could result in privilege escalation or[…]

Debian: Thunderbird Critical Arbitrary Code Exec DSA-6103-1 CVE-2025-14327

Stay Vigilant with Timely Linux Security Advisories Jan 17, 2026 | 16:51 pm

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the oldstable distribution (bookworm), these problems have been fixed in version 1:140.7.0esr-1~deb12u1. For the stable distribution (trixie), these problems have been fixed in

Debian: python-urllib3 Important Denial of Service DSA-6102-1

Stay Vigilant with Timely Linux Security Advisories Jan 17, 2026 | 11:25 am

Several vulnerabilities were discovered in python-urllib3, a HTTP library with thread-safe connection pooling for Python3, which could result in denial of service or request forgery. For the oldstable distribution (bookworm), these problems have been fixed in version 1.26.12-1+deb12u2.

Debian: firefox-esr Important Sandbox Escape and Code Exec DSA-6101-1

Stay Vigilant with Timely Linux Security Advisories Jan 15, 2026 | 19:42 pm

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, information disclosure or spoofing. For the oldstable distribution (bookworm), these problems have been fixed in version[…]

Debian Bookworm: Chromium Low Denial Of Service Risk DSA-6100-1

Stay Vigilant with Timely Linux Security Advisories Jan 15, 2026 | 03:59 am

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 144.0.7559.59-1~deb12u1.

Debian: python-parsl Important SQL Injection Fix DSA-6099-1 CVE-2026-21892

Stay Vigilant with Timely Linux Security Advisories Jan 14, 2026 | 07:58 am

Viral Vaghela discovered an SQL injection vulnerability in Parsl, a parallel scripting library for Python. For the stable distribution (trixie), this problem has been fixed in version 2025.01.13+ds-1+deb13u1. We recommend that you upgrade your python-parsl packages.

Debian: net-snmp Critical Denial of Service and Code Exec DSA-6098-1

Stay Vigilant with Timely Linux Security Advisories Jan 12, 2026 | 19:52 pm

A vulnerability was discovered in the snmptrapd daemon in net-snmp, a suite of Simple Network Management Protocol applications, which could result in denial of service or the execution of arbitrary code. For the oldstable distribution (bookworm), this problem has been[…]

Debian: Chromium Critical Arbitrary Code Execution DSA-6097-1

Stay Vigilant with Timely Linux Security Advisories Jan 10, 2026 | 03:32 am

A security issue was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), this problem has been fixed in version 143.0.7499.192-1~deb12u1.

Debian: VLC DSA-6096-1 Denial of Service and Code Exec Fix

Stay Vigilant with Timely Linux Security Advisories Jan 8, 2026 | 20:00 pm

Multiple vulnerabilities were discovered in the VLC media player, which could result in denial of service or potentially the execution of arbitrary code if a malformed video file is opened. For the oldstable distribution (bookworm), this problem has been fixed[…]

Debian: Critical Firewall Unauthorized Config Alteration DSA-6095-1

Stay Vigilant with Timely Linux Security Advisories Jan 7, 2026 | 19:16 pm

Matthias Gerstner discovered two vulnerabilities in the Foomuuri firewall generator, which could result in tampering of the firewall configuration by unauthorised users. For the stable distribution (trixie), these problems have been fixed in version 0.27-2+deb13u1.

Debian Bookworm: Libsodium Critical Crypto Core Integrity Issue DSA-6094-1

Stay Vigilant with Timely Linux Security Advisories Jan 5, 2026 | 19:33 pm

It was discovered that the crypto_core_ed25519_is_valid_point() function of the Sodium cryptography library mishandled checks for valid elliptic curve points. For the oldstable distribution (bookworm), this problem has been fixed in version 1.0.18-1+deb12u1.

Debian Bookworm: GIMP Important Denial Of Service DSA-6093-1 CVE-2025-14422

Stay Vigilant with Timely Linux Security Advisories Jan 4, 2026 | 19:38 pm

Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed XCF, JPEG 2000 or PNM files are opened. For the oldstable distribution (bookworm),[…]

Debian Trixie: DSA-6092-1 smb4k Critical Local Privilege Escalation

Stay Vigilant with Timely Linux Security Advisories Jan 1, 2026 | 22:26 pm

Two vulnerabilities were discovered in smb4k, a KDE desktop utility which allows unprivileged mounting of Samba/CIFS network shares, which may result in local denial of service or local privilege escalation. For the stable distribution (trixie), these problems have been fixed[…]

Debian: Rails Severe Command Manipulation DSA-6090-2 CVE-2025-24294

Stay Vigilant with Timely Linux Security Advisories Dec 21, 2025 | 15:51 pm

Multiple security issues were discovered in the Rails web framework which could result in command injection or logging of unescaped ANSI sequences. For the oldstable distribution (bookworm), these problems have been fixed in version 2:6.1.7.10+dfsg-1~deb12u2.

Beitrag teilen

Das Neueste von Support

Ähnliche Artikel