Debian LTS Linux Security is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals.
Stay Vigilant with Timely Linux Security Advisories LinuxSecurity.com is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the commu
- Debian 11 Thunderbird Critical Code Execution Info Disclosure DLA-4495-1
on February 28, 2026 at 7:01 pmMultiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. For Debian 11 bullseye, these problems have been fixed in version 1:140.8.0esr-1~deb11u1. We recommend that you upgrade your thunderbird packages.
- Debian 11 DLA-4494-1 Orthanc Important Privilege Escalation Fixon February 28, 2026 at 5:27 pm
Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application’s HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access. For Debian 11 bullseye, this problem has been fixed in version
- Debian 11 libstb Critical DoS and Buffer Overflow Advisory DLA-4493-1on February 26, 2026 at 1:51 pm
Several vulnerabilities were discovered in libstb, single-file image and audio processing libraries for C/C++. CVE-2021-28021 Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h. Can be exploited with a crafted JPEG file.
- Debian 11 gnutls28 Critical Denial Of Service CVE-2025-9820 DLA-4492-1on February 25, 2026 at 10:13 am
Vulnerabilities were found in GnuTLS, a portable library which implements the Transport Layer Security and Datagram Transport Layer Security protocols, which may lead to Denial of Service. CVE-2025-9820 An out-of-bound write issue was discovered when a PKCS#11 token is
- Debian 11 OpenSSL Critical Fix – Denial of Service Issues DLA-4490-1on February 24, 2026 at 9:55 am
Aisle Research found multiple vulnerabilites in OpenSSL, a Secure Socket Layer toolkit providing the SSL and TLS cryptographic protocols for secure communication over the Internet. CVE-2025-68160 Petr Simecek (Aisle Research) and Stanislav Fort (Aisle Research) found
- Debian 11 GLib2.0 DLA-4491-1 Multiple DoS Memory Issues CVE-2026-0988on February 23, 2026 at 12:10 pm
Multiple issues were found in GLib, a general-purpose, portable utility library, that could lead to denial of service, memory corruption or potentially arbitrary code execution if maliciously crafted data is processed. CVE-2026-0988
- Debian 11 libvpx Important Buffer Overflow DoS Advisory DLA-4489-1on February 22, 2026 at 6:35 pm
A buffer overflow was discovered in libvpx, a library implementing the VP8/VP9 open video codecs, which could result in denial of service or potentially the execution of arbitrary code. For Debian 11 bullseye, this problem has been fixed in version 1.9.0-1+deb11u5.
- Debian 11 modsecurity-crs Moderate Content-Type Attack Bypass DLA-4488-1on February 22, 2026 at 11:03 am
Multiple issues have been fixed in modsecurity-crs, a set of generic attack detection rules for use with ModSecurity. CVE-2023-38199 Coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This
- Debian Bullseye GEGL Critical Buffer Overflow DoS DLA-4487-1 CVE-2026-2049on February 21, 2026 at 10:22 am
A heap-based buffer overflow was discovered in the RGBE/HDR parser of GEGL, a graph-based image processing library, which could result in denial of service or the execution of arbitrary code if malformed files are processed. For Debian 11 bullseye, these problems have been fixed in version
