Debian Linux Security LinuxSecurity Advisories is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals.
Stay Vigilant with Timely Linux Security Advisories LinuxSecurity.com is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the commu
- Debian DSA-6152-1 Thunderbird Important Info Disclosure Code Execution
on February 28, 2026 at 1:31 pmMultiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 1:140.8.0esr-1~deb12u1. For the stable distribution (trixie), these problems have been fixed in
- Debian Bookworm DSA-6151-1 Chromium Critical Arbitrary Code Riskon February 27, 2026 at 12:35 am
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 145.0.7632.116-1~deb12u1.
- Debian Oldstable Python-Django Moderate SQL Injection and DoS DSA-6150-1on February 26, 2026 at 9:47 pm
Multiple security issues were found in Django, a Python web development framework, which could result in denial of service, information disclosure or SQL injection. For the oldstable distribution (bookworm), these problems have been fixed in version 3:3.2.25-0+deb12u2.
- Debian Bookworm DSA-6149-1 NSS Critical Integer Overflow CVE-2026-2781on February 26, 2026 at 7:46 pm
Clay Ver Valen discovered an integer overflow in the AES-GCM implementation of the Mozilla Network Security Service libraries. For the oldstable distribution (bookworm), this problem has been fixed in version 2:3.87.1-1+deb12u2. For the stable distribution (trixie), this problem has been fixed in
- Debian DSA-6148-1 firefox-esr Critical Code Execution Riskson February 25, 2026 at 7:04 pm
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, bypass of the same-origin policy, information disclosure or privilege escalation. For the oldstable distribution (bookworm), these problems have been fixed
- Debian 2026 DSA-6146-1 Chromium Important Security Risk Updateon February 20, 2026 at 6:01 pm
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 145.0.7632.109-1~deb12u3.
- Debian DSA-6145-1 Nova Image Resize Issue CVE-2026-24708on February 19, 2026 at 8:53 pm
Dan Smith discovered that nova, a cloud computing fabric controller, calls qemu-img without format restrictions for resize, which may result in unsafe image resize operations that could destroy data on the host system. Only compute nodes using the Flat image backend are affected. For the oldstable distribution (bookworm), this problem has been fixed
- Debian trixie inetutils Critical Telnetd Authentication Bypass DSA-6144-1on February 19, 2026 at 8:41 pm
Ron Ben Yizhak discovered that the inetutils implementation of telnetd didn’t sanitise the CREDENTIALS_DIRECTORY environment variable before passing it to the login binary. This could be exploited to bypass authentication and login as root. For the stable distribution (trixie), this problem has been fixed in
- Debian libvpx Critical DoS Buffer Overflow CVE-2026-2447 DSA-6143-1on February 19, 2026 at 8:23 pm
A buffer overflow was discovered in libvpx, a library implementing the VP8/VP9 open video codecs, which could result in denial of service or potentially the execution of arbitrary code. For the oldstable distribution (bookworm), these problems have been fixed in version 1.12.0-1+deb12u5.
