ELA-1450-1 krb5 security update
ELA-1448-1 python-django security update
ELA-1449-1 libfile-find-rule-perl security update
ELA-1436-1 gimp security update
ELA-1450-1 krb5 security update
Package : krb5
Version : 1.12.1+dfsg-19+deb8u11 (jessie), 1.15-1+deb9u8 (stretch), 1.17-3+deb10u9 (buster)
Related CVEs :
CVE-2025-3576
A Vulnerability in the MIT Kerberos implementation
allows GSSAPI-protected messages using RC4-HMAC-MD5
to be spoofed due to weaknesses in the MD5 checksum design.
If RC4 is preferred over stronger encryption types,
an attacker could exploit MD5 collisions to forge message
integrity codes. This may lead to unauthorized
message tampering.
In order to fix CVE-2025-3576, vulnerable cryptographic
algorithms for tickets need to be disabled explicitly
with the new allow_rc4 or allow_des3 variables.
According to the vulnerability report “Kerberos” RC4-HMAC broken
in practice: spoofing PACs with MD5 collisions", disabling
this cryptographic algorithm may break some older
authentication systems, and administrators should test carefully.
Because of the risk of breaking certain configurations, the
new allow_rc4 or allow_des3 are being treated as having a
default value of ’true’ for updates to older Debian releases.
This leaves the 3DES and RC4 algorithms enabled, but administrators
are strongly encouraged to disable them after verifying
compatibility in their environments.ELA-1450-1 krb5 security update
ELA-1448-1 python-django security update
Package : python-django
Version : 1.7.11-1+deb8u20 (jessie)
Related CVEs :
CVE-2025-32873
CVE-2024-24680
CVE-2023-36053
A number of vulnerabilities were discovered in Django, a popular Python-based
web development framework:
CVE-2025-32873: Prevent an issue where the strip_tags() function in
django.utils.html was vulnerable to a potential denial-of-service (DoS)
attack when processing inputs containing large sequences of incomplete HTML
tags. The template filter |striptags was similarly vulnerable, as it is
built on top of strip_tags().
CVE-2024-24680: Prevent an issue where the |intcomma template filter was
subject to a potential denial-of-service attack when used with very long
input strings.
CVE-2023-36053: Prevent an potential denial-of-service issue in the
EmailValidator and URLValidator classes that could have been exploited
via a very large number of domain name labels containing emails and/or
URLs.
ELA-1448-1 python-django security update
ELA-1449-1 libfile-find-rule-perl security update
Package : libfile-find-rule-perl
Version : 0.34-1+deb11u1~deb9u1 (stretch), 0.34-1+deb11u1~deb10u1 (buster)
Related CVEs :
CVE-2011-10007
Arbitrary code execution with crafted file names was fixed in libfile-find-rule-perl, a module to search for files based on rules.ELA-1449-1 libfile-find-rule-perl security update
ELA-1436-1 gimp security update
Package : gimp
Version : 2.8.18-1+deb9u4 (stretch), 2.10.8-2+deb10u3 (buster)
Related CVEs :
CVE-2025-5473
ICO file parsing integer overflow has been fixed in GIMP, the GNU Image Manipulation Program.ELA-1436-1 gimp security update
