[DLA 4650-1] giflib security update
[DLA 4649-1] libdbi-perl security update
[DLA 4651-1] python-urllib3 security update
ELA-1758-1 libdbi-perl security update
ELA-1757-1 giflib security update
[DSA 6370-1] incus security update
ELA-1759-1 ansible security update
[DLA 4653-1] openvpn security update
[DLA 4652-1] gdcm security update
ELA-1761-1 python-urllib3 security update
ELA-1760-1 yelp security update
[SECURITY] [DLA 4650-1] giflib security update
-------------------------------------------------------------------------
Debian LTS Advisory DLA-4650-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Tobias Frost
June 26, 2026 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : giflib
Version : 5.1.9-2+deb11u1 $bookworm_VERSION
CVE ID : CVE-2026-23868 CVE-2026-26740
Debian Bug : 1130495 1131368
Two vulnerabilties have been found in giflib, a package of portable
tools and library routines for working with GIF images, potentially
allowing Denial of Service.
CVE-2026-23868
Giflib contains a double-free vulnerability that is the result of a
shallow copy in GifMakeSavedImage and incorrect error handling. The
conditions needed to trigger this vulnerability are difficult but may
be possible.
CVE-2026-26740
A Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote
attacker to cause a denial of service via the EGifGCBToExtension
overwriting an existing Graphic Control Extension block without
validating its allocated size.
For Debian 11 bullseye, these problems have been fixed in version
5.1.9-2+deb11u1.
We recommend that you upgrade your giflib packages.
For the detailed security status of giflib please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/giflib
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DLA 4649-1] libdbi-perl security update
-------------------------------------------------------------------------
Debian LTS Advisory DLA-4649-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
June 26, 2026 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : libdbi-perl
Version : 1.643-3+deb11u1
CVE ID : CVE-2026-9698 CVE-2026-10879
Two vulnerabilities were discovered in libdbi-perl, the Perl Database
Interface (DBI), which may lead to denial of service or potentially
execution of arbitrary code.
CVE-2026-9698
Error messages that were returned when `RaiseError`, `PrintError` or
`HandleError` were set were written to a 200-byte buffer without a
length limit. Attackers that can influence the error text in an
application could therefore trigger a buffer overflow.
CVE-2026-10879
The preparse method expands SQL placeholder characters to numbered
binders of the form `:pN`, but only allocates three characters per
binder in the buffer, leading to an out-of-bounds write when the
statement has 10 or more binders.
For Debian 11 bullseye, these problems have been fixed in version
1.643-3+deb11u1.
We recommend that you upgrade your libdbi-perl packages.
For the detailed security status of libdbi-perl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libdbi-perl
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DLA 4651-1] python-urllib3 security update
-------------------------------------------------------------------------
Debian LTS Advisory DLA-4651-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
June 26, 2026 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : python-urllib3
Version : 1.26.5-1~exp1+deb11u4 1.26.12-1+deb12u4
CVE ID : CVE-2026-44431
Debian Bug : 1136653
It was discovered that python-urllib3, an HTTP library with thread-safe
connection pooling for Python, did not strip out sensitive headers (such
as `Authorization` or `Cookie`) during cross-origin redirects followed
from the low-level API, which could lead to information disclosure or
authorization bypass.
For Debian 11 bullseye, this problem has been fixed in version
1.26.5-1~exp1+deb11u4.
For Debian 12 bookworm, this problem has been fixed in version
1.26.12-1+deb12u4.
We recommend that you upgrade your python-urllib3 packages.
For the detailed security status of python-urllib3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-urllib3
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
ELA-1758-1 libdbi-perl security update (by )
Package : libdbi-perl
Version : 1.636-1+deb9u3 (stretch), 1.642-1+deb10u3 (buster)
Related CVEs :
CVE-2026-9698
CVE-2026-10879
CVE-2026-9698
Error messages that were returned when RaiseError, PrintError or
HandleError were set were written to a 200-byte buffer without a
length limit. Attackers that can influence the error text in an
application could therefore trigger a buffer overflow.
CVE-2026-10879
The preparse() method expands SQL placeholder characters within
prepared statements to numbered binders of the form :pN, but only
allocated three characters per binder in the buffer, leading to an
out-of-bounds write when the statement had 10 or more binders.
ELA-1758-1 libdbi-perl security update (by )
ELA-1757-1 giflib security update (by )
Package : giflib
Version : 5.1.4-0.4+deb9u2 (stretch), 5.1.4-3+deb10u2 (buster)
Related CVEs :
CVE-2026-23868
CVE-2026-26740
Two vulnerabilties have been found in giflib, a package of portable tools and library routines for working with GIF images, potentially allowing Denial of Service.
CVE-2026-23868
Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
CVE-2026-26740
A Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.ELA-1757-1 giflib security update (by )
[SECURITY] [DSA 6370-1] incus security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6370-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 26, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : incus
CVE ID : CVE-2026-48749 CVE-2026-48750 CVE-2026-48751 CVE-2026-48752
CVE-2026-48755 CVE-2026-48756 CVE-2026-48769 CVE-2026-55621
CVE-2026-55622
Multiple security issues were discovered in Incus, a system container
and virtual machine manager, which could result in a bypass of security
restrictions or the execution of arbitrary commands.
For the stable distribution (trixie), these problems have been fixed in
version 6.0.4-2+deb13u8.
We recommend that you upgrade your incus packages.
For the detailed security status of incus please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/incus
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
ELA-1759-1 ansible security update (by )
Package : ansible
Version : 2.7.7+dfsg-1+deb10u3 (buster)
Related CVEs :
CVE-2019-14858
CVE-2019-14905
CVE-2020-1737
CVE-2020-14330
CVE-2021-3583
CVE-2023-4237
CVE-2023-5115
CVE-2023-5764
CVE-2024-0690
CVE-2024-8775
CVE-2024-9902
CVE-2024-11079
Several flaws were found in ansible, a configuration management,
deployment, and task execution system.
CVE-2019-14858
When a module has an argument_spec with sub parameters
marked as no_log, passing an invalid parameter name
to the module will cause the task to fail before
the no_log options in the sub parameters are processed.
As a result, data in the sub parameter fields will
not be masked and will be displayed if Ansible is
run with increased verbosity and present in the module
invocation arguments for the task.
CVE-2019-14905
A vulnerability was found in Ansible Engine,
where in Ansible’s nxos_file_copy module can be used to
copy files to a flash or bootflash on NXOS devices.
Malicious code could craft the filename parameter
to perform OS command injections. This could result
in a loss of confidentiality of the system among other issues.
CVE-2020-1737
A flaw was found in Ansible when using the Extract-Zip function from the
win_unzip module as the extracted file(s) are not checked if they belong to
the destination folder. An attacker could take advantage of this flaw by
crafting an archive anywhere in the file system, using a path traversal.
CVE-2020-14330 (regression in previous fix)
A regression was found that caused the obfuscation of sensitive data
to also apply to dictionary keys. This could cause ansible playbook
runs to break if a password happened to substring match any of the
required dictionary keys that were returned by ansible tasks, e.g.
“changed”. This is fixed with this release.
CVE-2023-4237
When creating a new keypair, the ec2_key module prints out the private key
directly to the standard output. This flaw allows an attacker to fetch those
keys from the log files, compromising the system’s confidentiality,
integrity, and availability.
CVE-2023-5764
A template injection flaw was found in Ansible where a user’s controller
internal templating operations may remove the unsafe designation from
template data. This issue could allow an attacker to use a specially crafted
file to introduce templating injection when supplying templating data.
CVE-2024-0690
An information disclosure flaw was found in ansible-core due to a failure to
respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is
still included in the output in certain tasks, such as loop items. Depending
on the task, this issue may include sensitive information, such as decrypted
secret values.
CVE-2024-8775
A flaw was found in Ansible, where sensitive information stored in Ansible
Vault files can be exposed in plaintext during the execution of a playbook.
This occurs when using tasks such as include_vars to load vaulted variables
without setting the no_log: true parameter, resulting in sensitive data
being printed in the playbook output or logs. This can lead to the
unintentional disclosure of secrets like passwords or API keys, compromising
security and potentially allowing unauthorized access or actions.
CVE-2024-9902
The ansible-core user module can allow an unprivileged user to
silently create or replace the contents of any file on any system
path and take ownership of it when a privileged user executes the
user module against the unprivileged user’s home directory. If the
unprivileged user has traversal permissions on the directory
containing the exploited target file, they retain full control over
the contents of the file as its owner.
CVE-2024-11079
This vulnerability allows attackers to bypass unsafe content protections
using the hostvars object to reference and execute templated content. This
issue can lead to arbitrary code execution if remote data or module outputs
are improperly templated within playbooks.
ELA-1759-1 ansible security update (by )
[SECURITY] [DLA 4653-1] openvpn security update
-------------------------------------------------------------------------
Debian LTS Advisory DLA-4653-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Daniel Leidert
June 27, 2026 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : openvpn
Version : 2.5.1-3+deb11u3
CVE ID : CVE-2026-35058 CVE-2026-40215
Two security vulnerabilities were discovered in OpenVPN, a virtual
private network application.
CVE-2026-35058
Improper validation of packet length during tls-crypt-v2 key
extraction allows authenticated attackers to trigger a fatal
assertion and cause a denial of service via a specially crafted
packet.
CVE-2026-40215
A race condition allows remote attackers to potentially cause a server
crash or leak heap memory via a use-after-free triggered during TLS
session promotion.
For Debian 11 bullseye, these problems have been fixed in version
2.5.1-3+deb11u3.
We recommend that you upgrade your openvpn packages.
For the detailed security status of openvpn please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openvpn
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DLA 4652-1] gdcm security update
-------------------------------------------------------------------------
Debian LTS Advisory DLA-4652-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emmanuel Arias
June 26, 2026 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : gdcm
Version : 3.0.8-2+deb11u1
CVE ID : CVE-2024-22373 CVE-2024-22391 CVE-2024-25569 CVE-2025-11266
CVE-2025-48429 CVE-2025-52582 CVE-2025-53618 CVE-2025-53619
CVE-2026-3650
Debian Bug : 1070387 1122862 1123576 1123587 1123589 1132042
Multiple vulnerabilities were discovered in gdcm, a C++ library for working
with DICOM medical files:
CVE-2024-22373
An out-of-bounds write vulnerability exists in the
JPEG2000Codec::DecodeByStreamsCommon functionality. A specially crafted
DICOM file can lead to a heap buffer overflow. An attacker can provide a
malicious file to trigger this vulnerability.
CVE-2024-22391
A heap-based buffer overflow vulnerability exists in the
LookupTable::SetLUT functionality. A specially crafted malformed file can
lead to memory corruption. An attacker can provide a malicious file to
trigger this vulnerability.
CVE-2024-25569
An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes
functionality. A specially crafted DICOM file can lead to an out-of-bounds
read. An attacker can provide a malicious file to trigger this
vulnerability.
CVE-2025-11266
An out-of-bounds write vulnerability exists in the parsing of a malformed
DICOM file containing encapsulated PixelData fragments (compressed image
data stored as multiple fragments). This vulnerability leads to a
segmentation fault caused by an out-of-bounds memory access due to an
unsigned integer underflow in buffer indexing. It is exploitable via file
input: simply opening a crafted malicious DICOM file is sufficient to
trigger the crash, resulting in a denial-of-service condition.
CVE-2025-48429
An out-of-bounds read vulnerability exists in the
RLECodec::DecodeByStreams functionality. A specially crafted DICOM file
can lead to leaking heap data. An attacker can provide a malicious file to
trigger this vulnerability.
CVE-2025-52582
An out-of-bounds read vulnerability exists in the
Overlay::GrabOverlayFromPixelData functionality. A specially crafted DICOM
file can lead to an information leak. An attacker can provide a malicious
file to trigger this vulnerability.
CVE-2025-53618
An out-of-bounds read vulnerability exists in the
JPEGBITSCodec::InternalCode functionality. A specially crafted DICOM file
can lead to an information leak. An attacker can provide a malicious file
to trigger this vulnerability. The function grayscale_convert is called
based on the value of the malicious DICOM file specifying the intended
interpretation of the image pixel data.
CVE-2025-53619
An out-of-bounds read vulnerability exists in the
JPEGBITSCodec::InternalCode functionality. A specially crafted DICOM file
can lead to an information leak. An attacker can provide a malicious file
to trigger this vulnerability. The function null_convert is called based
on the value of the malicious DICOM file specifying the intended
interpretation of the image pixel data.
CVE-2026-3650
A memory leak exists when parsing malformed DICOM files with non-standard
VR types in file meta information. The vulnerability leads to vast memory
allocations and resource depletion, triggering a denial-of-service
condition. A maliciously crafted file can fill the heap in a single read
operation without properly releasing it.
For Debian 11 bullseye, these problems have been fixed in version
3.0.8-2+deb11u1.
We recommend that you upgrade your gdcm packages.
For the detailed security status of gdcm please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gdcm
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
ELA-1761-1 python-urllib3 security update (by )
Package : python-urllib3
Version : 1.19.1-1+deb9u5 (stretch), 1.24.1-1+deb10u6 (buster)
Related CVEs :
CVE-2026-44431
It was discovered that python-urllib3, did not strip out sensitive
headers (such as Authorization or Cookie) during cross-origin
redirects followed from the low-level API. The issue may lead to
information disclosure or authorization bypass.
The issue stems from an incomplete fix for CVE-2018-20060.ELA-1761-1 python-urllib3 security update (by )
ELA-1760-1 yelp security update (by )
Package : yelp
Version : 3.22.0-1+deb9u2 (stretch), 3.31.90-1+deb10u2 (buster)
A vulnerability was discovered in yelp, the GNOME help browser, that
allows a crafted help document to read files accessible to the user and
exfiltrate them to a remote server through resources loaded by the
embedded web view. When yelp is launched from a sandboxed application
(for example via the Flatpak OpenURI portal), this also enables a
sandbox escape.
The issue has not been assigned a CVE yet.ELA-1760-1 yelp security update (by )
