Debian - SITE - Advanced Web Factories

Debian DSA-6145-1 Nova Image Resize Issue CVE-2026-24708

Stay Vigilant with Timely Linux Security Advisories Feb 19, 2026 | 20:53 pm

Dan Smith discovered that nova, a cloud computing fabric controller, calls qemu-img without format restrictions for resize, which may result in unsafe image resize operations that could destroy data on the host system. Only compute nodes using the Flat image[…]

Debian trixie inetutils Critical Telnetd Authentication Bypass DSA-6144-1

Stay Vigilant with Timely Linux Security Advisories Feb 19, 2026 | 20:41 pm

Ron Ben Yizhak discovered that the inetutils implementation of telnetd didn't sanitise the CREDENTIALS_DIRECTORY environment variable before passing it to the login binary. This could be exploited to bypass authentication and login as root. For the stable distribution (trixie), this[…]

Debian libvpx Critical DoS Buffer Overflow CVE-2026-2447 DSA-6143-1

Stay Vigilant with Timely Linux Security Advisories Feb 19, 2026 | 20:23 pm

A buffer overflow was discovered in libvpx, a library implementing the VP8/VP9 open video codecs, which could result in denial of service or potentially the execution of arbitrary code. For the oldstable distribution (bookworm), these problems have been fixed in[…]

Debian gegl Important Buffer Overflow DoS Advisory DSA-6142-1 CVE-2026-2049

Stay Vigilant with Timely Linux Security Advisories Feb 19, 2026 | 19:59 pm

A heap-based buffer overflow was discovered in the RGBE/HDR parser of GEGL, a graph-based image processing library, which could result in denial of service or the execution of arbitrary code if malformed files are processed. For the oldstable distribution (bookworm),[…]

Debian Trixie Linux Critical Privilege Escalation DSA-6141-1

Stay Vigilant with Timely Linux Security Advisories Feb 18, 2026 | 15:42 pm

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (trixie), these problems have been fixed in version 6.12.73-1.

Debian gnutls28 Important Denial of Service Fix DSA-6140-1 CVE-2025-14831

Stay Vigilant with Timely Linux Security Advisories Feb 18, 2026 | 12:00 pm

Tim Scheckenbach reported a flaw in GnuTLS, a library implementing the TLS and SSL protocols. Processing of specially crafted certificates containing a large number of name constraints may result in denial of service (resource exhaustion). For the oldstable distribution (bookworm),[…]

Debian GIMP High Denial of Service Risk DSA-6139-1 CVE-2026-2239

Stay Vigilant with Timely Linux Security Advisories Feb 18, 2026 | 11:07 am

Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed PSD, PSP or ICO files are opened. For the oldstable distribution (bookworm), these[…]

Debian libjpeg8 Security Flaw Denial of Service Buffer Overflow DSA-6140-2

Stay Vigilant with Timely Linux Security Advisories Feb 17, 2026 | 21:51 pm

A buffer overflow was discovered in libpng, a library implementing an interface for reading and writing PNG (Portable Network Graphics) files, which could result in denial of service or potentially the execution of arbitrary code. For the oldstable distribution (bookworm),[…]

Debian Roundcube Important CSS Injection Threat DSA-6137-1 CVE-2026-25916

Stay Vigilant with Timely Linux Security Advisories Feb 17, 2026 | 08:52 am

CERT Polska and nullcathedral discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow an attacker to perform CSS injection attacks, or leak sensitive information. For the oldstable[…]

Debian python-django Important Denial of Service SQL Injection DSA-6136-1

Stay Vigilant with Timely Linux Security Advisories Feb 15, 2026 | 21:52 pm

Multiple security issues were found in Django, a Python web development framework, which could result in denial of service, information disclosure, directory traversal or SQL injection. For the oldstable distribution (bookworm), these problems have been fixed in version 3:3.2.25-0+deb12u1. python-django-storages[…]

Debian Chromium DSA-6135-1 CVE-2026-2441 Exec Code Denial of Service

Stay Vigilant with Timely Linux Security Advisories Feb 15, 2026 | 00:17 am

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. Google is aware that an exploit for CVE-2026-2441 exists in the wild. For the oldstable distribution (bookworm), these problems[…]

Debian Trixie pdns-recursor Denial-of-Service Security Issues DSA-6135-2

Stay Vigilant with Timely Linux Security Advisories Feb 13, 2026 | 19:12 pm

Two vulnerabiliites have been discovered in PDNS Recursor, a resolving name server which result result in denial of service when processing a malformed zone file. For the stable distribution (trixie), these problems have been fixed in version 5.2.8-0+deb13u1.

Debian postgresql-15 Important Security Flaw Memory Disclosure DSA-6132-1

Stay Vigilant with Timely Linux Security Advisories Feb 12, 2026 | 19:47 pm

Multiple security issues were discovered in PostgreSQL, which may result in memory disclosure or the execution of arbitrary code. For the oldstable distribution (bookworm), these problems have been fixed in version 15.16-0+deb12u1. We recommend that you upgrade your postgresql-15 packages.

Debian DSA-6131-1 Nginx Important Man-in-the-Middle Risk CVE-2026-1642

Stay Vigilant with Timely Linux Security Advisories Feb 12, 2026 | 19:46 pm

A vulnerability has been discovered in Nginx, a high-performance web and reverse proxy server: If configured to proxy to an upstream TLS server, a man-in-the-middle injection attack was possible. For the oldstable distribution (bookworm), this problem has been fixed in[…]

Debian trixie HAProxy Important Fix for Denial of Service DSA-6130-1

Stay Vigilant with Timely Linux Security Advisories Feb 12, 2026 | 14:37 pm

Asim Viladi Oglu Manizada reported that HAProxy, a load balancing reverse proxy, does not properly validate an INITIAL QUIC packet with specially crafted data, which may result in denial of service (process crash). For the stable distribution (trixie), this problem[…]

Debian 2026 Munge Important Buffer Overflow Vuln DSA-6129-1

Stay Vigilant with Timely Linux Security Advisories Feb 10, 2026 | 18:21 pm

Titouan Lazard discovered a buffer overflow vulnerability in munge, an authentication service to create and validate credentials, which may allow local users to leak the MUNGE cryptographic key and forge arbitrary credentials. Additional details can be found in the upstream[…]

Debian Bookworm Shaarli Important Cross-Site Scripting Fix DSA-6128-1

Stay Vigilant with Timely Linux Security Advisories Feb 9, 2026 | 19:36 pm

Moritz Woermann discovered that missing input sanitising in Shaarli, a personal bookmarking service, could result in cross-site scripting. For the oldstable distribution (bookworm), this problem has been fixed in version 0.12.1+dfsg-8+deb12u2. For the stable distribution (trixie), this problem has been[…]

Debian Bookworm Linux Critical Notice DSA-6127-1 Privilege Escalation

Stay Vigilant with Timely Linux Security Advisories Feb 9, 2026 | 19:19 pm

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the oldstable distribution (bookworm), these problems have been fixed in version 6.1.162-1.

Debian trixie DSA-6126-1 Linux Critical Privilege Escalation DoS

Stay Vigilant with Timely Linux Security Advisories Feb 9, 2026 | 18:21 pm

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (trixie), these problems have been fixed in version 6.12.69-1.

Beitrag teilen