[DSA 5915-1] vips security update
ELA-1415-1 nodejs security update
[SECURITY] [DSA 5915-1] vips security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5915-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 03, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : vips
CVE ID : CVE-2025-29769
A heap-based buffer overflow vulnerability was discovered in vips, an
fast image processing library designed with efficiency in mind, which
may result in denial of service (application crash) if a specially
crafted TIFF image file is processed.
For the stable distribution (bookworm), this problem has been fixed in
version 8.14.1-3+deb12u2.
We recommend that you upgrade your vips packages.
For the detailed security status of vips please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/vips
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
ELA-1415-1 nodejs security update
Package : nodejs
Version : 10.24.0~dfsg-1~deb10u6 (buster)
Related CVEs :
CVE-2025-47153
Node.js a popular server side javascript engine was affected by
a vulnerability on 32bits architecture.
Build processes for libuv and Node.js for 32-bit systems,
have an inconsistent off_t size (e.g., building on i386 Debian always uses
_FILE_OFFSET_BITS=64 for the libuv dynamic library,
but uses the _FILE_OFFSET_BITS global system default of 32 for nodejs),
leading to out-of-bounds access.
Following reverse dependencies were also rebuilt in order to fix the
vulnerability:
node-expat
node-iconv
node-leveldown
node-mapnik
node-modern-syslog
node-nodedbi
node-opencv
node-sqlite3
node-srs
node-stringprep
node-websocket
node-ws
node-zipfile
r-cran-v8ELA-1415-1 nodejs security update
