Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1501-1 mariadb-10.3 security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4297-1] imagemagick security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 5996-1] chromium security update
Debian GNU/Linux 13 (Trixie):
[DSA 5995-1] hsqldb1.8.0 security update
[SECURITY] [DSA 5995-1] hsqldb1.8.0 security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5995-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 10, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : hsqldb1.8.0
CVE ID : CVE-2023-1183
Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL
database engine, allowed the execution of spurious scripting commands in
.script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally
used to record the commands input by the database admin to output such a
script. In combination with LibreOffice, an attacker could craft an odb
containing a "database/script" file which itself contained a SCRIPT command
where the contents of the file could be written to a new file whose location
was determined by the attacker.
For the stable distribution (trixie), this problem has been fixed in
version 1.8.0.10+dfsg-12.1+deb13u1.
We recommend that you upgrade your hsqldb1.8.0 packages.
For the detailed security status of hsqldb1.8.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/hsqldb1.8.0
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[SECURITY] [DSA 5996-1] chromium security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5996-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
September 10, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium
CVE ID : CVE-2025-10200 CVE-2025-10201
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
For the oldstable distribution (bookworm), these problems have been fixed
in version 140.0.7339.127-1~deb12u1.
For the stable distribution (trixie), these problems have been fixed in
version 140.0.7339.127-1~deb13u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[SECURITY] [DLA 4297-1] imagemagick security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4297-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Bastien Roucari??s
September 10, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : imagemagick
Version : 8:6.9.11.60+dfsg-1.3+deb11u6
CVE ID : CVE-2025-53014 CVE-2025-53019 CVE-2025-53101 CVE-2025-55154
CVE-2025-55212 CVE-2025-55298 CVE-2025-57803 CVE-2025-57807
Debian Bug : 1109339 1111103 1111586 1111587 1112469 1114520
Multiple vulnerabilities were fixed in imagemagick an image manipulation
software suite.
CVE-2025-53014
A heap buffer overflow was found in the `InterpretImageFilename`
function. The issue stems from an off-by-one error that causes
out-of-bounds memory access when processing format strings
containing consecutive percent signs (`%%`).
CVE-2025-53019
ImageMagick's `magick stream` command, specifying multiple
consecutive `%d` format specifiers in a filename template
caused a memory leak
CVE-2025-53101
ImageMagick's `magick mogrify` command, specifying
multiple consecutive `%d` format specifiers in a filename
template caused internal pointer arithmetic to generate
an address below the beginning of the stack buffer,
resulting in a stack overflow through `vsnprintf()`.
CVE-2025-55154
The magnified size calculations in ReadOneMNGIMage
(in coders/png.c) are unsafe and can overflow,
leading to memory corruption.
CVE-2025-55212
passing a geometry string containing only a colon (":")
to montage -geometry leads GetGeometry() to set width/height
to 0. Later, ThumbnailImage() divides by these zero dimensions,
triggering a crash (SIGFPE/abort)
CVE-2025-55298
A format string bug vulnerability exists in InterpretImageFilename
function where user input is directly passed to FormatLocaleString
without proper sanitization. An attacker can overwrite arbitrary
memory regions, enabling a wide range of attacks from heap
overflow to remote code execution.
CVE-2025-57803
A 32-bit integer overflow in the BMP encoder???s scanline-stride
computation collapses bytes_per_line (stride) to a tiny
value while the per-row writer still emits 3 ?? width bytes
for 24-bpp images. The row base pointer advances using the
(overflowed) stride, so the first row immediately writes
past its slot and into adjacent heap memory with
attacker-controlled bytes.
CVE-2025-57807
A security problem was found in SeekBlob(), which permits
advancing the stream offset beyond the current end without
increasing capacity, and WriteBlob(), which then expands by
quantum + length (amortized) instead of offset + length,
and copies to data + offset. When offset ??? extent, the
copy targets memory beyond the allocation, producing a
deterministic heap write on 64-bit builds. No 2??????
arithmetic wrap, external delegates, or policy settings
are required.
For Debian 11 bullseye, these problems have been fixed in version
8:6.9.11.60+dfsg-1.3+deb11u6.
We recommend that you upgrade your imagemagick packages.
For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
ELA-1501-1 mariadb-10.3 security update
Package : mariadb-10.3
Version : 1:10.3.39-0+deb10u4 (buster)
Related CVEs :
CVE-2023-52968
CVE-2023-52969
CVE-2023-52970
Multiple vulnerabilities were fixed in MariaDB 10.3, a popular database engine.
CVE-2023-52968
A Denial Of Service (DoS) was found in MariaDB. MariaDB server may call
fix_fields_if_needed under mysql_derived_prepare when derived is not yet
prepared, leading to a find_field_in_table crash.
CVE-2023-52969
MariaDB may crash with an empty backtrace log. This may be related
to make_aggr_tables_info and optimize_stage2.
CVE-2023-52968
MariaDB may crash in Item_direct_view_ref::derived_field_transformer_for_where.ELA-1501-1 mariadb-10.3 security update
