ELA-1739-1 linux-6.1 security update (by )
ELA-1738-1 linux-5.10 security update (by )
[DLA 4609-1] imagemagick security update
ELA-1740-1 nginx security update (by )
ELA-1739-1 linux-6.1 security update (by )
Package : linux-6.1
Version : 6.1.174-1~deb9u1 (stretch), 6.1.174+1~deb10u1 (buster)
Related CVEs :
CVE-2026-43503
CVE-2026-46174
CVE-2026-46300
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.ELA-1739-1 linux-6.1 security update (by )
ELA-1738-1 linux-5.10 security update (by )
Package : linux-5.10
Version : 5.10.257-1~deb9u1 (stretch), 5.10.257+1~deb10u1 (buster)
Related CVEs :
CVE-2024-56584
CVE-2025-39748
CVE-2025-39764
CVE-2025-40219
CVE-2025-40261
CVE-2025-68206
CVE-2025-71274
CVE-2025-71292
CVE-2025-71304
CVE-2026-23100
CVE-2026-23112
CVE-2026-23227
CVE-2026-23242
CVE-2026-23243
CVE-2026-23245
CVE-2026-23253
CVE-2026-23273
CVE-2026-23274
CVE-2026-23277
CVE-2026-23279
CVE-2026-23281
CVE-2026-23286
CVE-2026-23289
CVE-2026-23290
CVE-2026-23291
CVE-2026-23293
CVE-2026-23298
CVE-2026-23300
CVE-2026-23303
CVE-2026-23304
CVE-2026-23307
CVE-2026-23312
CVE-2026-23318
CVE-2026-23336
CVE-2026-23339
CVE-2026-23351
CVE-2026-23352
CVE-2026-23356
CVE-2026-23357
CVE-2026-23362
CVE-2026-23365
CVE-2026-23367
CVE-2026-23368
CVE-2026-23372
CVE-2026-23379
CVE-2026-23381
CVE-2026-23382
CVE-2026-23388
CVE-2026-23391
CVE-2026-23395
CVE-2026-23396
CVE-2026-23397
CVE-2026-23398
CVE-2026-23420
CVE-2026-23434
CVE-2026-23439
CVE-2026-23446
CVE-2026-23452
CVE-2026-23455
CVE-2026-23456
CVE-2026-23457
CVE-2026-23458
CVE-2026-23460
CVE-2026-23462
CVE-2026-23463
CVE-2026-23474
CVE-2026-31391
CVE-2026-31393
CVE-2026-31396
CVE-2026-31399
CVE-2026-31400
CVE-2026-31402
CVE-2026-31403
CVE-2026-31405
CVE-2026-31411
CVE-2026-31415
CVE-2026-31416
CVE-2026-31417
CVE-2026-31418
CVE-2026-31421
CVE-2026-31422
CVE-2026-31423
CVE-2026-31424
CVE-2026-31425
CVE-2026-31427
CVE-2026-31428
CVE-2026-31447
CVE-2026-31450
CVE-2026-31452
CVE-2026-31454
CVE-2026-31455
CVE-2026-31466
CVE-2026-31469
CVE-2026-31473
CVE-2026-31485
CVE-2026-31494
CVE-2026-31495
CVE-2026-31497
CVE-2026-31498
CVE-2026-31504
CVE-2026-31507
CVE-2026-31508
CVE-2026-31509
CVE-2026-31510
CVE-2026-31512
CVE-2026-31515
CVE-2026-31518
CVE-2026-31523
CVE-2026-31524
CVE-2026-31545
CVE-2026-31546
CVE-2026-31550
CVE-2026-31552
CVE-2026-31555
CVE-2026-31570
CVE-2026-31628
CVE-2026-31649
CVE-2026-31651
CVE-2026-31658
CVE-2026-31659
CVE-2026-31660
CVE-2026-31661
CVE-2026-31662
CVE-2026-31665
CVE-2026-31667
CVE-2026-31668
CVE-2026-31670
CVE-2026-31671
CVE-2026-31672
CVE-2026-31674
CVE-2026-31679
CVE-2026-31680
CVE-2026-31682
CVE-2026-31683
CVE-2026-31720
CVE-2026-31721
CVE-2026-31726
CVE-2026-31728
CVE-2026-31737
CVE-2026-31738
CVE-2026-31747
CVE-2026-31748
CVE-2026-31749
CVE-2026-31751
CVE-2026-31752
CVE-2026-31758
CVE-2026-31759
CVE-2026-31761
CVE-2026-31762
CVE-2026-31763
CVE-2026-31770
CVE-2026-31773
CVE-2026-31778
CVE-2026-31780
CVE-2026-31781
CVE-2026-31786
CVE-2026-31787
CVE-2026-31788
CVE-2026-43011
CVE-2026-43014
CVE-2026-43015
CVE-2026-43020
CVE-2026-43024
CVE-2026-43026
CVE-2026-43027
CVE-2026-43028
CVE-2026-43030
CVE-2026-43032
CVE-2026-43035
CVE-2026-43037
CVE-2026-43038
CVE-2026-43040
CVE-2026-43041
CVE-2026-43043
CVE-2026-43047
CVE-2026-43050
CVE-2026-43051
CVE-2026-43060
CVE-2026-43061
CVE-2026-43062
CVE-2026-43066
CVE-2026-43068
CVE-2026-43069
CVE-2026-43077
CVE-2026-43078
CVE-2026-43124
CVE-2026-43130
CVE-2026-43132
CVE-2026-43134
CVE-2026-43135
CVE-2026-43136
CVE-2026-43139
CVE-2026-43140
CVE-2026-43141
CVE-2026-43147
CVE-2026-43149
CVE-2026-43152
CVE-2026-43156
CVE-2026-43158
CVE-2026-43159
CVE-2026-43163
CVE-2026-43168
CVE-2026-43171
CVE-2026-43180
CVE-2026-43183
CVE-2026-43184
CVE-2026-43187
CVE-2026-43190
CVE-2026-43194
CVE-2026-43196
CVE-2026-43202
CVE-2026-43203
CVE-2026-43206
CVE-2026-43207
CVE-2026-43209
CVE-2026-43211
CVE-2026-43218
CVE-2026-43223
CVE-2026-43226
CVE-2026-43227
CVE-2026-43230
CVE-2026-43231
CVE-2026-43232
CVE-2026-43233
CVE-2026-43236
CVE-2026-43241
CVE-2026-43242
CVE-2026-43246
CVE-2026-43251
CVE-2026-43255
CVE-2026-43257
CVE-2026-43261
CVE-2026-43264
CVE-2026-43266
CVE-2026-43268
CVE-2026-43269
CVE-2026-43270
CVE-2026-43273
CVE-2026-43277
CVE-2026-43283
CVE-2026-43287
CVE-2026-43289
CVE-2026-43295
CVE-2026-43296
CVE-2026-43314
CVE-2026-43316
CVE-2026-43327
CVE-2026-43328
CVE-2026-43334
CVE-2026-43336
CVE-2026-43339
CVE-2026-43340
CVE-2026-43342
CVE-2026-43343
CVE-2026-43355
CVE-2026-43357
CVE-2026-43363
CVE-2026-43370
CVE-2026-43373
CVE-2026-43381
CVE-2026-43382
CVE-2026-43383
CVE-2026-43386
CVE-2026-43387
CVE-2026-43407
CVE-2026-43411
CVE-2026-43420
CVE-2026-43424
CVE-2026-43425
CVE-2026-43426
CVE-2026-43427
CVE-2026-43428
CVE-2026-43429
CVE-2026-43430
CVE-2026-43432
CVE-2026-43437
CVE-2026-43439
CVE-2026-43445
CVE-2026-43449
CVE-2026-43450
CVE-2026-43451
CVE-2026-43452
CVE-2026-43453
CVE-2026-43458
CVE-2026-43459
CVE-2026-43466
CVE-2026-43472
CVE-2026-43475
CVE-2026-43480
CVE-2026-43503
CVE-2026-45848
CVE-2026-45852
CVE-2026-45856
CVE-2026-45857
CVE-2026-45860
CVE-2026-45862
CVE-2026-45866
CVE-2026-45867
CVE-2026-45868
CVE-2026-45869
CVE-2026-45870
CVE-2026-45871
CVE-2026-45873
CVE-2026-45875
CVE-2026-45879
CVE-2026-45883
CVE-2026-45885
CVE-2026-45890
CVE-2026-45899
CVE-2026-45904
CVE-2026-45912
CVE-2026-45914
CVE-2026-45915
CVE-2026-45916
CVE-2026-45919
CVE-2026-45920
CVE-2026-45923
CVE-2026-45936
CVE-2026-45941
CVE-2026-45948
CVE-2026-45954
CVE-2026-45956
CVE-2026-45958
CVE-2026-45960
CVE-2026-45964
CVE-2026-45965
CVE-2026-45968
CVE-2026-45970
CVE-2026-45974
CVE-2026-45978
CVE-2026-45981
CVE-2026-45983
CVE-2026-45984
CVE-2026-45985
CVE-2026-46028
CVE-2026-46174
CVE-2026-46300
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
This version additionally includes many more bug fixes from stable
updates 5.10.252-5.10.257.ELA-1738-1 linux-5.10 security update (by )
[SECURITY] [DLA 4609-1] imagemagick security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4609-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Bastien Roucari??s
May 30, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : imagemagick
Version : 8:6.9.11.60+dfsg-1.3+deb11u13
CVE ID : CVE-2026-33901 CVE-2026-42050 CVE-2026-42326 CVE-2026-45031
CVE-2026-45358 CVE-2026-45359 CVE-2026-45624 CVE-2026-45664
CVE-2026-46520 CVE-2026-46521 CVE-2026-46522 CVE-2026-46523
CVE-2026-46559 CVE-2026-46692 CVE-2026-46693 CVE-2026-47165
CVE-2026-47166
Multiple security vulnerabilities were discovered in imagemagick, a
software suite used for editing and manipulating digital images, which
could lead to denial of service, information disclosure or
potentially arbitrary code execution if malformed images are processed.
For Debian 11 bullseye, these problems have been fixed in version
8:6.9.11.60+dfsg-1.3+deb11u13.
We recommend that you upgrade your imagemagick packages.
For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
ELA-1740-1 nginx security update (by )
Package : nginx
Version : 1.10.3-1+deb9u10 (stretch), 1.14.2-2+deb10u7 (buster)
Related CVEs :
CVE-2025-53859
CVE-2026-1642
CVE-2026-9256
CVE-2026-27651
CVE-2026-27654
CVE-2026-27784
CVE-2026-28753
CVE-2026-32647
CVE-2026-42934
CVE-2026-42945
CVE-2026-42946
Multiple vulnerabilities were discoverd in Nginx, a high-performance web and
reverse proxy server, which could result in bypass of authorisation rules or
rate limits, denial of service or memory disclosure.
CVE-2025-53859
NGINX Open Source has a vulnerability in the ngx_mail_smtp_module that
might allow an unauthenticated attacker to over-read NGINX SMTP
authentication process memory; as a result, the server side may leak
arbitrary bytes sent in a request to the authentication server. This issue
happens during the NGINX SMTP authentication process and requires the
attacker to make preparations against the target system to extract the
leaked data. The issue affects NGINX only if (1) it is built with the
ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method
"none," and (3) the authentication server returns the "Auth-Wait" response
header.
CVE-2026-1642
A vulnerability exists in NGINX OSS when configured to proxy to upstream
Transport Layer Security (TLS) servers. An attacker with a
man-in-the-middle (MITM) position on the upstream server side—along with
conditions beyond the attacker's control—may be able to inject plain text
data into the response from an upstream proxied server.
CVE-2026-9256
NGINX Open Source has a vulnerability in the ngx_http_rewrite_module
module. This vulnerability exists when a rewrite directive uses a regex
pattern with distinct, overlapping Perl-Compatible Regular Expression
(PCRE) captures (for example, ^/((.*))$) and a replacement string that
references multiple such captures (for example, $1$2) in a redirect or
arguments context. An unauthenticated attacker along with conditions beyond
their control can exploit this vulnerability by sending crafted HTTP
requests. This may cause a heap buffer overflow in the NGINX worker process
leading to a restart. Additionally, attackers can execute code on systems
with Address Space Layout Randomization (ASLR) disabled or when the
attacker can bypass ASLR.
CVE-2026-27651
When the ngx_mail_auth_http_module module is enabled on NGINX Open Source,
undisclosed requests can cause worker processes to terminate. This issue
may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the
authentication server permits retry by returning the Auth-Wait response
header.
CVE-2026-27654
NGINX Open Source has a vulnerability in the ngx_http_dav_module module
that might allow an attacker to trigger a buffer overflow to the NGINX
worker process; this vulnerability may result in termination of the NGINX
worker process or modification of source or destination file names outside
the document root. This issue affects NGINX Open Source when the
configuration file uses DAV module MOVE or COPY methods, prefix location
(nonregular expression location configuration), and alias directives. The
integrity impact is constrained because the NGINX worker process user has
low privileges and does not have access to the entire system.
CVE-2026-27784
The 32-bit implementation of NGINX Open Source has a vulnerability in the
ngx_http_mp4_module module, which might allow an attacker to over-read or
over-write NGINX worker memory resulting in its termination, using a
specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source
if it is built with the ngx_http_mp4_module module and the mp4 directive is
used in the configuration file. Additionally, the attack is possible only
if an attacker can trigger the processing of a specially crafted MP4 file
with the ngx_http_mp4_module module.
CVE-2026-28753
NGINX Open Source has a vulnerability in the ngx_mail_smtp_module module
due to the improper handling of CRLF sequences in DNS responses. This
allows an attacker-controlled DNS server to inject arbitrary headers into
SMTP upstream requests, leading to potential request manipulation.
CVE-2026-32647
NGINX Open Source has a vulnerability in the ngx_http_mp4_module module,
which might allow an attacker to trigger a buffer over-read or over-write
to the NGINX worker memory resulting in its termination or possibly code
execution, using a specially crafted MP4 file. This issue affects NGINX
Open Source if it is built with the ngx_http_mp4_module module and the mp4
directive is used in the configuration file. Additionally, the attack is
possible only if an attacker can trigger the processing of a specially
crafted MP4 file with the ngx_http_mp4_module module.
CVE-2026-40701
NGINX Open Source has a vulnerability in the ngx_http_ssl_module module
when the ssl_verify_client directive is set to "on" or "optional," and the
ssl_ocsp directive is set to "on" or the leaf parameters are configured
with a resolver. With this configuration, an unauthenticated attacker can
send requests along with conditions beyond its control that may cause a
heap-use-after-free error in the NGINX worker process. This vulnerability
may result in limited modification of data or the NGINX worker process
restarting.
CVE-2026-42934
NGINX Open Source has a vulnerability in the ngx_http_charset_module
module. When charset, source_charset, and charset_map and proxy_pass with
disabled buffering ("off") directives are configured, unauthenticated
attackers can send requests that with conditions beyond the attackers'
control to cause a heap buffer over-read in the NGINX worker process,
leading to limited disclosure of memory or a restart.
CVE-2026-42945
NGINX Open Source has a vulnerability in the ngx_http_rewrite_module
module. This vulnerability exists when the rewrite directive is followed by
a rewrite, if, or set directive and an unnamed Perl-Compatible Regular
Expression (PCRE) capture (for example, $1, $2) with a replacement string
that includes a question mark (?). An unauthenticated attacker along with
conditions beyond its control can exploit this vulnerability by sending
crafted HTTP requests. This may cause a heap buffer overflow in the NGINX
worker process leading to a restart. Additionally, for systems with Address
Space Layout Randomization (ASLR) disabled, code execution is possible.
CVE-2026-42946
A vulnerability exists in the ngx_http_scgi_module and
ngx_http_uwsgi_module modules that may result in excessive memory
allocation or an over-read of data. When scgi_pass or uwsgi_pass is
configured, an unauthenticated attacker with man-in-the-middle (MITM)
ability to control responses from an upstream server may be able to read
the memory of the NGINX worker process or restart it.ELA-1740-1 nginx security update (by )
