Debian GNU/Linux 9 (Stretch) Extended LTS:
ELA-1549-1 gegl security update
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1551-1 raptor2 security update
ELA-1550-1 gimp security update
Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1548-1 gegl security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4344-1] gdk-pixbuf security update
[DLA 4343-1] raptor2 security update
[DLA 4342-1] gimp security update
[DLA 4341-1] gegl security update
Debian GNU/Linux 12 (Bookworm):
[DSA 6032-1] request-tracker4 security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6031-1] request-tracker5 security update
[DSA 6030-1] intel-microcode security update
[SECURITY] [DLA 4344-1] gdk-pixbuf security update
-------------------------------------------------------------------------
Debian LTS Advisory DLA-4344-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Carlos Henrique Lima Melara
October 22, 2025 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : gdk-pixbuf
Version : 2.42.2+dfsg-1+deb11u4
CVE ID : CVE-2025-7345
Debian Bug : 1109262
A vulnerability was found in gdk-pixbuf, a library used by many GTK
applications to load graphical assets. When processing maliciously
crafted JPEG images, a heap buffer overflow can occur during Base64
encoding.
For Debian 11 bullseye, this problem has been fixed in version
2.42.2+dfsg-1+deb11u4.
We recommend that you upgrade your gdk-pixbuf packages.
For the detailed security status of gdk-pixbuf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gdk-pixbuf
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DSA 6032-1] request-tracker4 security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6032-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
October 22, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : request-tracker4
CVE ID : CVE-2025-61873
It was discovered that Request Tracker, an extensible trouble-ticket
tracking system is prone to a CSV injection via ticket values with
special characters that are exported to a TSV from search results.
For the oldstable distribution (bookworm), this problem has been fixed
in version 4.4.6+dfsg-1.1+deb12u3.
We recommend that you upgrade your request-tracker4 packages.
For the detailed security status of request-tracker4 please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/request-tracker4
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[SECURITY] [DSA 6031-1] request-tracker5 security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6031-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
October 22, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : request-tracker5
CVE ID : CVE-2025-9158 CVE-2025-61873
Multiple vulnerabilities have been discovered in Request Tracker, an
extensible trouble-ticket tracking system, which could result in CSV
injection via ticket values with special characters, or cross-site
scripting via calendar invitations added to a ticket.
For the oldstable distribution (bookworm), these problems have been
fixed in version 5.0.3+dfsg-3~deb12u4. The oldstable distribution
(bookworm) is only affected by CVE-2025-61873.
For the stable distribution (trixie), these problems have been fixed in
version 5.0.7+dfsg-4+deb13u1.
We recommend that you upgrade your request-tracker5 packages.
For the detailed security status of request-tracker5 please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/request-tracker5
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[SECURITY] [DLA 4343-1] raptor2 security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4343-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
October 22, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : raptor2
Version : 2.0.14-1.2+deb11u1
CVE ID : CVE-2024-57822 CVE-2024-57823
Two issues have been found in raptor2, an RDF parser and serializer
utilities. One issue is related to a heap-based buffer over-read when
parsing triples. The other issue is related to an integer underflow when
normalizing an URI.
For Debian 11 bullseye, these problems have been fixed in version
2.0.14-1.2+deb11u1.
We recommend that you upgrade your raptor2 packages.
For the detailed security status of raptor2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/raptor2
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DLA 4342-1] gimp security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4342-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
October 22, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : gimp
Version : 2.10.22-4+deb11u3
CVE ID : CVE-2025-2760 CVE-2025-2761 CVE-2025-5473 CVE-2025-6035
CVE-2025-10922 CVE-2025-48797 CVE-2025-48798
Debian Bug : 1105005 1107758 1116459
Several vulnerabilities were discovered in GIMP, the GNU Image
Manipulation Program, which could result in denial of service or
potentially the execution of arbitrary code if malformed DDS, FLI,
ICO, DICOM, TGA or XCF images are opened, or when using the Despeckle
plug-in on a very large image.
CVE-2025-2760
GIMP XWD File Parsing Integer Overflow Remote Code Execution
Vulnerability. The specific flaw exists within the parsing of XWD
files. The issue results from the lack of proper validation of
user-supplied data, which can result in an integer overflow before
allocating a buffer. An attacker can leverage this vulnerability
to execute code in the context of the current process. Was
ZDI-CAN-25082.
CVE-2025-2761
GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution
Vulnerability. The specific flaw exists within the parsing of FLI
files. The issue results from the lack of proper validation of
user-supplied data, which can result in a write past the end of an
allocated buffer. An attacker can leverage this vulnerability to
execute code in the context of the current process. Was
ZDI-CAN-25100.
CVE-2025-5473
GIMP ICO File Parsing Integer Overflow Remote Code Execution
Vulnerability. The specific flaw exists within the parsing of ICO
files. The issue results from the lack of proper validation of
user-supplied data, which can result in an integer overflow before
writing to memory. An attacker can leverage this vulnerability to
execute code in the context of the current process. Was
ZDI-CAN-26752.
CVE-2025-6035
An integer overflow vulnerability exists in the GIMP "Despeckle"
plug-in. The issue occurs due to unchecked multiplication of image
dimensions, such as width, height, and bytes-per-pixel (img_bpp),
which can result in allocating insufficient memory and
subsequently performing out-of-bounds writes. This issue could
lead to heap corruption, a potential denial of service (DoS), or
arbitrary code execution in certain scenarios.
CVE-2025-10922
ZDI-CAN-27863: GIMP DCM File Parsing Heap-based Buffer Overflow
Remote Code Execution Vulnerability
CVE-2025-48797
Flaw when processing certain TGA image files. If a user opens one
of these image files that has been specially crafted by an
attacker, GIMP can be tricked into making serious memory errors,
potentially leading to crashes and causing a heap buffer overflow.
CVE-2025-48798
Flaw when processing XCF image files. If a user opens one of these
image files that has been specially crafted by an attacker, GIMP
can be tricked into making serious memory errors, potentially
leading to crashes and causing use-after-free issues.
For Debian 11 bullseye, these problems have been fixed in version
2.10.22-4+deb11u3.
We recommend that you upgrade your gimp packages.
For the detailed security status of gimp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gimp
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DLA 4341-1] gegl security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4341-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
October 22, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : gegl
Version : 1:0.4.26-2+deb11u1
CVE ID : CVE-2021-45463 CVE-2025-10921
Debian Bug : 1002661 1116470
Multiple vulnerabilities were discovered in GEGL, a graph-based image
processing library, which could result in denial of service or the
execution of arbitrary code if malformed files or filenames are
processed.
CVE-2021-45463
load_cache allows shell expansion when a pathname in a constructed
command line is not escaped or filtered. This is caused by use of
the system library function for execution of the ImageMagick
convert fallback in magick-load.
CVE-2025-10921
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code
Execution Vulnerability.
For Debian 11 bullseye, these problems have been fixed in version
1:0.4.26-2+deb11u1.
We recommend that you upgrade your gegl packages.
For the detailed security status of gegl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gegl
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DSA 6030-1] intel-microcode security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6030-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
October 22, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : intel-microcode
CVE ID : CVE-2025-20053 CVE-2025-20109 CVE-2025-21090 CVE-2025-22839
CVE-2025-22840 CVE-2025-22889 CVE-2025-24305 CVE-2025-26403
CVE-2025-32086
Debian Bug : 1110983
This update ships updated CPU microcode for some types of Intel CPUs and
provides mitigations for security vulnerabilities which could result in
privilege escalation or denial of service.
For the oldstable distribution (bookworm), these problems have been fixed
in version 3.20250812.1~deb12u1.
For the stable distribution (trixie), these problems have been fixed in
version 3.20250812.1~deb13u1.
We recommend that you upgrade your intel-microcode packages.
For the detailed security status of intel-microcode please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/intel-microcode
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
ELA-1551-1 raptor2 security update
Package : raptor2
Version : 2.0.14-1+deb9u3 (stretch), 2.0.14-1.1~deb10u3 (buster)
Related CVEs :
CVE-2024-57822
CVE-2024-57823
Two issues have been found in raptor2, an RDF parser and serializer
utilities. One issue is related to a heap-based buffer over-read when
parsing triples. The other issue is related to an integer underflow when
normalizing an URI.ELA-1551-1 raptor2 security update
ELA-1550-1 gimp security update
Package : gimp
Version : 2.8.18-1+deb9u5 (stretch), 2.10.8-2+deb10u4 (buster)
Related CVEs :
CVE-2025-6035
CVE-2025-10922
CVE-2025-48797
CVE-2025-48798
Several vulnerabilities were discovered in GIMP, the GNU Image
Manipulation Program, which could result in denial of service or
potentially the execution of arbitrary code if malformed DICOM, TGA or
XCF images are opened, or when using the Despeckle plug-in on a very
large image.
CVE-2025-6035
An integer overflow vulnerability exists in the GIMP “Despeckle”
plug-in. The issue occurs due to unchecked multiplication of image
dimensions, such as width, height, and bytes-per-pixel (img_bpp),
which can result in allocating insufficient memory and
subsequently performing out-of-bounds writes. This issue could
lead to heap corruption, a potential denial of service (DoS), or
arbitrary code execution in certain scenarios.
CVE-2025-10922
ZDI-CAN-27863: GIMP DCM File Parsing Heap-based Buffer Overflow
Remote Code Execution Vulnerability
CVE-2025-48797
Flaw when processing certain TGA image files. If a user opens one
of these image files that has been specially crafted by an
attacker, GIMP can be tricked into making serious memory errors,
potentially leading to crashes and causing a heap buffer overflow.
CVE-2025-48798
Flaw when processing XCF image files. If a user opens one of these
image files that has been specially crafted by an attacker, GIMP
can be tricked into making serious memory errors, potentially
leading to crashes and causing use-after-free issues.ELA-1550-1 gimp security update
ELA-1549-1 gegl security update
Package : gegl
Version : 0.3.8-4+deb9u1 (stretch)
Related CVEs :
CVE-2018-10113
CVE-2018-10114
CVE-2021-45463
CVE-2025-10921
Multiple vulnerabilities were discovered in GEGL, a graph-based image
processing library, which could result in denial of service or the
execution of arbitrary code if malformed files or filenames are
processed.
CVE-2018-10113
The process function in operations/external/ppm-load.c has
unbounded memory allocation, leading to a denial of service
(application crash) upon allocation failure.
CVE-2018-10114
The gegl_buffer_iterate_read_simple function in
buffer/gegl-buffer-access.c allows remote attackers to cause a
denial of service (write access violation) or possibly have
unspecified other impact via a malformed PPM file, related to
improper restrictions on memory allocation in the
ppm_load_read_header function in operations/external/ppm-load.c.
CVE-2021-45463
load_cache allows shell expansion when a pathname in a constructed
command line is not escaped or filtered. This is caused by use of
the system library function for execution of the ImageMagick
convert fallback in magick-load.
CVE-2025-10921
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code
Execution Vulnerability.ELA-1549-1 gegl security update
ELA-1548-1 gegl security update
Package : gegl
Version : 0.4.12-2+deb10u1 (buster)
Related CVEs :
CVE-2021-45463
CVE-2025-10921
Multiple vulnerabilities were discovered in GEGL, a graph-based image
processing library, which could result in denial of service or the
execution of arbitrary code if malformed files or filenames are
processed.
CVE-2021-45463
load_cache allows shell expansion when a pathname in a constructed
command line is not escaped or filtered. This is caused by use of
the system library function for execution of the ImageMagick
convert fallback in magick-load.
CVE-2025-10921
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code
Execution Vulnerability.ELA-1548-1 gegl security update
