Debian 10999 Published by

Debian officials released emergency patches for Chromium, addressing fifteen critical vulnerabilities in both the Debian 12 long-term support release and the Debian 13 stable distribution. The Chromium updates prevent attackers from executing arbitrary code, forcing service interruptions, or exposing sensitive data through specially crafted web content. Separate advisories for OpenSSL and libxfont resolve numerous buffer overflow and pointer dereference flaws that could compromise system memory and cryptographic operations.

[DLA 4687-1] chromium security update
[DSA 6390-1] chromium security update
ELA-1773-1 openssl security update (by )
ELA-1774-1 libxfont security update (by )




[SECURITY] [DLA 4687-1] chromium security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4687-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
July 16, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : chromium
Version : 150.0.7871.124-1~deb12u1
CVE ID : CVE-2026-15764 CVE-2026-15765 CVE-2026-15766 CVE-2026-15767
CVE-2026-15768 CVE-2026-15769 CVE-2026-15770 CVE-2026-15771
CVE-2026-15772 CVE-2026-15773 CVE-2026-15774 CVE-2026-15775
CVE-2026-15776 CVE-2026-15777 CVE-2026-15778

Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.

For Debian 12 bookworm, these problems have been fixed in version
150.0.7871.124-1~deb12u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



[SECURITY] [DSA 6390-1] chromium security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-6390-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
July 16, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2026-15764 CVE-2026-15765 CVE-2026-15766 CVE-2026-15767
CVE-2026-15768 CVE-2026-15769 CVE-2026-15770 CVE-2026-15771
CVE-2026-15772 CVE-2026-15773 CVE-2026-15774 CVE-2026-15775
CVE-2026-15776 CVE-2026-15777 CVE-2026-15778

Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.

For the stable distribution (trixie), these problems have been fixed in
version 150.0.7871.124-1~deb13u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


ELA-1773-1 openssl security update (by )


Package : openssl
Version : 1.1.0l-1~deb9u13 (stretch), 1.1.1n-0+deb10u10 (buster)

Related CVEs :
CVE-2026-7383
CVE-2026-9076
CVE-2026-28387
CVE-2026-28388
CVE-2026-28389
CVE-2026-28390
CVE-2026-34180
CVE-2026-42766
CVE-2026-45447

Multiple vulnerabilities were found in OpenSSL, a Secure Socket Layer
toolkit providing the SSL and TLS cryptographic protocols for secure
communication over the Internet.

CVE-2026-7383
A signed integer overflow when sizing the destination buffer for
Unicode output in ASN1_mbstring_ncopy() can lead to a heap buffer
overflow.

This issue was reported on 27th February 2026 by Zehua Qiao and
Jinwen He. The fix was developed by Viktor Dukhovni.

CVE-2026-9076
When CMS password-based decryption (RFC 3211 / PWRI key unwrap)
processes attacker-supplied CMS data, an attacker-chosen stream-mode
KEK cipher can trigger a heap out-of-bounds read in kek_unwrap_key().

This issue was reported on 16th May 2026 by Bhabani Sankar Das. It
was independently reported on 20th May 2026 by Haruki Oyama (Waseda
University). The fix was developed by Nikola Pajkovsky.

CVE-2026-28387
An uncommon configuration of clients performing DANE TLSA-based
server authentication, when paired with uncommon server DANE TLSA
records, may result in a use-after-free and/or double-free on the
client side.

This issue was reported on the 8th of January 2026 by Igor
Morgenstern (Aisle Research). The fix was developed by Viktor
Dukhovni and Alexandr Nedvedicky.

CVE-2026-28388
When a delta CRL that contains a Delta CRL Indicator extension is
processed a NULL pointer dereference might happen if the required CRL
Number extension is missing.

This issue was reported on 8th January 2026 by Igor Morgenstern
(Aisle Research). The fix was developed by Igor Morgenstern (Aisle
Research).

CVE-2026-28389
During processing of a crafted CMS EnvelopedData message with
KeyAgreeRecipientInfo a NULL pointer dereference can happen.

This issue was reported on 13th February 2026 by Nathan Sportsman
(Praetorian), on 25th February 2026 by Daniel Rhea, on 15th March
2026 by Jaeho Nam (Seoul National University), on 26th March 2026 by
Muhammad Daffa, on 27th March 2026 by Zhanpeng Liu (Tencent Xuanwu
Lab), Guannan Wang (Tencent Xuanwu Lab) and Guancheng Li (Tencent
Xuanwu Lab) and on 30th March 2026 by Joshua Rogers (Aisle Research).
The fix was developed by Neil Horman.

CVE-2026-28390
During processing of a crafted CMS EnvelopedData message with
KeyTransportRecipientInfo a NULL pointer dereference can happen.

This issue was reported on 26th March 2026 by Muhammad Daffa, on 27th
March 2026 by Zhanpeng Liu (Tencent Xuanwu Lab), Guannan Wang
(Tencent Xuanwu Lab) and Guancheng Li (Tencent Xuanwu Lab), on 30th
March 2026 by Joshua Rogers (Aisle Research) and on 31st March 2026
by Chanho Kim. The fix was developed by Neil Horman.

CVE-2026-34180
Parsing a crafted DER-encoded ASN.1 structure with a primitive
element whose content exceeds 2 gigabytes in length may cause a heap
buffer over-read on 64-bit Unix and Unix-like platforms.

This issue was reported on 30th January 2026 by Frank Buss. The fix
was developed by Viktor Dukhovni.

CVE-2026-42766
A specially crafted password-encrypted CMS message can trigger a NULL
pointer dereference during CMS decryption.

This issue was reported by Mayank Jangid and Kushal Khemka on 20th
April 2026, independently reported by Hari Priandana on 4th May 2026,
by Bhabani Sankar Das on 15th May 2026, and by Qifan Zhang (Palo Alto
Networks) on 18th May 2026. The fix was developed by Igor Ustinov.

CVE-2026-45447
A specially crafted PKCS#7 or S/MIME signed message could trigger a
use-after-free during PKCS#7 signature verification.

This issue was reported by Thai Duong (Calif.io in collaboration with
Claude and Anthropic Research). on 27th April 2026. The fix was
developed by Igor Ustinov.


ELA-1773-1 openssl security update (by )



ELA-1774-1 libxfont security update (by )


Package : libxfont


Version : 1:2.0.3-1+deb10u1 (buster), 1:2.0.1-3+deb9u3 (stretch)


Related CVEs :

CVE-2026-56001

CVE-2026-56002

CVE-2026-56003





CVE-2026-56001
A heap buffer overflow in BitmapScaleBitmaps in due to an overflowing
32-bit size.


CVE-2026-56002
A heap bufferflow in pcfReadFont() due to missing glyph bounds
checking.


CVE-2026-56003
A heap buffer overflow due to missing size checking in the property
buffer when parsing PCF files in ComputeScaledProperties().


ELA-1774-1 libxfont security update (by )