ELA-1545-1 imagemagick security update
[DLA 4340-1] libphp-adodb security update
[DSA 6029-1] ark security update
ELA-1546-1 libphp-adodb security update
ELA-1545-1 imagemagick security update
Package : imagemagick
Version : 8:6.9.7.4+dfsg-11+deb9u23 (stretch), 8:6.9.10.23+dfsg-2.1+deb10u12 (buster)
Related CVEs :
CVE-2025-62171
An integer overflow vulnerability was discovered in the ReadBMP() function
of the BMP decoder within ImageMagick.
Although CVE-2025-57803 was issued to address this flaw,
the proposed fix is incomplete and fails to prevent exploitation in
certain scenarios. Specifically, the patch introduces a BMPOverflowCheck()
function in some code path, but it is invoked only after the overflow
has already occurred—rendering in some case.
This oversight allows a specially crafted 58-byte BMP file to trigger
AddressSanitizer crashes, potentially leading to denial-of-service (DoS) conditions.
This new issue was affected CVE-2025-62171.ELA-1545-1 imagemagick security update
[SECURITY] [DLA 4340-1] libphp-adodb security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4340-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Bastien Roucari??s
October 20, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : libphp-adodb
Version : 5.20.19-1+deb11u3
CVE ID : CVE-2025-54119
Debian Bug : 1110464
libphp-adodb, a class library that provides abstractions for performing queries and managing databases,
was affected by a vulnerability.
Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL
statements when the code using ADOdb connects to a sqlite3 or sqlite database and calls the
metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name.
For Debian 11 bullseye, this problem has been fixed in version
5.20.19-1+deb11u3.
We recommend that you upgrade your libphp-adodb packages.
For the detailed security status of libphp-adodb please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libphp-adodb
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DSA 6029-1] ark security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6029-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 20, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : ark
CVE ID : CVE-2024-57966
It was discovered that insecure path handling in the Ark archive utility
could result in overwriting a user's files.
For the oldstable distribution (bookworm), this problem has been fixed
in version 4:22.12.3-1+deb12u1.
We recommend that you upgrade your ark packages.
For the detailed security status of ark please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ark
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
ELA-1546-1 libphp-adodb security update
Package : libphp-adodb
Version : 5.20.9-1+deb9u3 (stretch), 5.20.14-1+deb10u3 (buster)
Related CVEs :
CVE-2025-54119
Improper escaping of a query parameter may allow an attacker to execute arbitrary
SQL statements (SQL injection) when the code using ADOdb connects to a sqlite3 or sqlite database
and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name.ELA-1546-1 libphp-adodb security update
