Debian Linux Security LinuxSecurity Advisories is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals.
Stay Vigilant with Timely Linux Security Advisories LinuxSecurity.com is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the commu
- Debian DSA-6263-1 libpng1.6 Important Use-After-Free Vulnerability
on May 10, 2026 at 4:11 pmA use-after-free was discovered in libpng, a library implementing an interface for reading and writing PNG (Portable Network Graphics) files. For the oldstable distribution (bookworm), this problem has been fixed in version 1.6.39-2+deb12u5. For the stable distribution (trixie), this problem has been fixed in
- Debian DSA-6262-1 lcms2 Important Integer Overflow Advisoryon May 10, 2026 at 4:00 pm
Two integer overflows were discovered in the LittleCMS 2 colour management library. For the oldstable distribution (bookworm), this problem has been fixed in version 2.14-2+deb12u1. For the stable distribution (trixie), this problem has been fixed in
- Debian Bookworm Corosync Critical DoS Memory Disclosure DSA-6261-1on May 10, 2026 at 11:21 am
Two security vulnerabilities were discovered in the Corosync cluster engine, which could result in denial of service or memory disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 3.1.7-1+deb12u2. For the stable distribution (trixie), these problems have been fixed in
- Debian Bookworm Tor Important DoS Issues DSA-6260-1 CVE-2026-44597on May 10, 2026 at 11:13 am
Multiple security vulnerabilities were discovered in Tor, a connection- based low-latency anonymous communication system, which could result in denial of service. For the oldstable distribution (bookworm), these problems have been fixed in version 0.4.9.8-0+deb12u1.
- Debian Bookworm DSA-6259-1 PyJWT Important Authentication Flawon May 9, 2026 at 11:35 am
It was discovered that PyJWT, a Python implementation of JSON web tokens insufficiently validated the “crit” header parameter, which could result in incomplete enforcement of authentication settings. For the oldstable distribution (bookworm), this problem has been fixed in version 2.6.0-1+deb12u1.
- Debian Bookworm Linux Important Local Escalation Fix DSA-6258-1on May 9, 2026 at 8:25 am
Two vulnerabilities have been discovered in the Linux kernel that may lead to local privilege escalation. For the oldstable distribution (bookworm), these problems have been fixed in version 6.1.170-3. We recommend that you upgrade your linux packages.
- Debian Bookworm Postorius Important Cross-Site Scripting Fix DSA-6257-1on May 8, 2026 at 6:54 pm
A cross-site scripting vulnerability was discovered in Postorius, the administrative web frontend for Mailman 3. For the oldstable distribution (bookworm), this problem has been fixed in version 1.3.8-3+deb12u1. For the stable distribution (trixie), this problem has been fixed in
- Debian Trixie php8.4 Significant SQL Injection DOS DSA-6256-1on May 8, 2026 at 6:49 pm
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service, SQL injection, cross-site scripting, information disclosure or the execution of arbitrary code. For the stable distribution (trixie), these problems have been fixed in
- Debian DSA-6255-1 php8.2 Critical Security Issues Affecting Userson May 8, 2026 at 6:49 pm
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service, SQL injection, cross-site scripting or the execution of arbitrary code. For the oldstable distribution (bookworm), these problems have been fixed
