Evince, OpenJPEG2, NSS, OpenVPN, Thunderbird, Chromium updates for Debian

Debian 10922 Published by

Debian issued a series of security advisories to patch critical flaws across several widely used software packages. The updates target dangerous vulnerabilities in evince, openjpeg2, nss, openvpn, thunderbird, and chromium that could allow attackers to execute arbitrary code or crash systems through denial of service attacks. Each notice lists specific version numbers for various Debian releases so administrators can quickly apply patches to fix command injection risks and integer overflow bugs.

[DSA 6286-1] evince security update
ELA-1730-1 openjpeg2 security update
ELA-1729-1 openjpeg2 security update
[DLA 4593-1] openjpeg2 security update
[DSA 6290-1] nss security update
[DSA 6289-1] openvpn security update
[DSA 6288-1] thunderbird security update
[DSA 6287-1] chromium security update



[SECURITY] [DSA 6286-1] evince security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-6286-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 21, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : evince
CVE ID : CVE-2026-46529

It was discovered that evince, a simple multi-page document viewer, is
prone to a command injection vulnerability if a specially crafted PDF
file is opened.

For the oldstable distribution (bookworm), this problem has been fixed
in version 43.1-2+deb12u1.

For the stable distribution (trixie), this problem has been fixed in
version 48.1-3+deb13u1.

We recommend that you upgrade your evince packages.

For the detailed security status of evince please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/evince

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


ELA-1730-1 openjpeg2 security update (by )


Package : openjpeg2


Version : 2.1.2-1.1+deb9u9 (stretch)


Related CVEs :

CVE-2025-50952

CVE-2026-6192



Multiple vulnerabilities have been fixed in the JPEG 2000 image library OpenJPEG.
CVE-2025-50952
Avoid potential undefined behaviour in opj_dwt_decode_tile()

CVE-2026-6192
A vulnerability was identified in uclouvain. This impacts the function
opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation
leads to integer overflow. The attack must be carried out locally.


ELA-1730-1 openjpeg2 security update (by )



ELA-1729-1 openjpeg2 security update (by )


Package : openjpeg2


Version : 2.3.0-2+deb10u5 (buster)


Related CVEs :

CVE-2026-6192



A vulnerability was identified in uclouvain. This impacts the function
opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation
leads to integer overflow. The attack must be carried out locally.


ELA-1729-1 openjpeg2 security update (by )



[SECURITY] [DLA 4593-1] openjpeg2 security update


-------------------------------------------------------------------------
Debian LTS Advisory DLA-4593-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Jochen Sprickerhof
May 21, 2026 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : openjpeg2
Version : 2.4.0-3+deb11u3
CVE ID : CVE-2026-6192

A vulnerability was identified in uclouvain. This impacts the function
opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation
leads to integer overflow. The attack must be carried out locally.

For Debian 11 bullseye, this problem has been fixed in version
2.4.0-3+deb11u3.

We recommend that you upgrade your openjpeg2 packages.

For the detailed security status of openjpeg2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjpeg2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



[SECURITY] [DSA 6290-1] nss security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-6290-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 21, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : nss
CVE ID : CVE-2026-6766 CVE-2026-6767 CVE-2026-6772

Several vulnerabilities were discovered in NSS, a set of cryptographic
libraries, which may result in or denial of service or potentially the
execution of arbitrary code.

For the stable distribution (trixie), these problems have been fixed in
version 2:3.110-1+deb13u2.

We recommend that you upgrade your nss packages.

For the detailed security status of nss please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nss

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[SECURITY] [DSA 6289-1] openvpn security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-6289-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 21, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : openvpn
CVE ID : CVE-2026-35058 CVE-2026-40215

Two security vulnerabilities were discovered in OpenVPN, which could
result in denial of service or a leak of packet data from a previous
handshake.

For the oldstable distribution (bookworm), these problems have been fixed
in version 2.6.14-0+deb12u1.

For the stable distribution (trixie), these problems have been fixed in
version 2.6.14-1+deb13u2.

We recommend that you upgrade your openvpn packages.

For the detailed security status of openvpn please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openvpn

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[SECURITY] [DSA 6288-1] thunderbird security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-6288-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 21, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2026-8388 CVE-2026-8391 CVE-2026-8401 CVE-2026-8946
CVE-2026-8947 CVE-2026-8950 CVE-2026-8953 CVE-2026-8954
CVE-2026-8955 CVE-2026-8956 CVE-2026-8957 CVE-2026-8958
CVE-2026-8961 CVE-2026-8962 CVE-2026-8968 CVE-2026-8970
CVE-2026-8974 CVE-2026-8975

Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code.

For the oldstable distribution (bookworm), these problems have been fixed
in version 1:140.11.0esr-1~deb12u1.

For the stable distribution (trixie), these problems have been fixed in
version 1:140.11.0esr-1~deb13u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[SECURITY] [DSA 6287-1] chromium security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-6287-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
May 21, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2026-9110 CVE-2026-9111 CVE-2026-9112 CVE-2026-9113
CVE-2026-9114 CVE-2026-9115 CVE-2026-9116 CVE-2026-9117
CVE-2026-9118 CVE-2026-9119 CVE-2026-9120 CVE-2026-9121
CVE-2026-9122 CVE-2026-9123 CVE-2026-9124 CVE-2026-9126

Security issues were discovered in Chromium which could result in the
execution of arbitrary code, denial of service, or information
disclosure.

For the oldstable distribution (bookworm), these problems have been fixed
in version 148.0.7778.178-1~deb12u1.

For the stable distribution (trixie), these problems have been fixed in
version 148.0.7778.178-1~deb13u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Kernel, Libsndfile, Firefox updates for AlmaLinux 8

Kernel, Cockpit, Linux-Firmware updates for Fedora

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...