Debian 12 Bookworm

Debian 12 — ksmtp — multiple vulnerabilities (2 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — ksmtp — multiple vulnerabilities (2 CVEs) — patch and remediation guide

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2020-15954 CVE-2021-38373 Upstream summary: KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use. Table of contents […]

Read more
Debian 12 — rauc — multiple vulnerabilities (2 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — rauc — multiple vulnerabilities (2 CVEs) — patch and remediation guide

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2020-25860 CVE-2026-34155 Upstream summary: The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update […]

Read more
Debian 12 — corosync — multiple vulnerabilities (4 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — corosync — multiple vulnerabilities (4 CVEs) — patch and remediation guide

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2018-1084 CVE-2025-30472 CVE-2026-35091 CVE-2026-35092 Upstream summary: corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. Table of contents Symptom & Impact Environment & Reproduction Root […]

Read more
Debian 12 — lhasa — vulnerability — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — lhasa — vulnerability — patch and remediation guide

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2016-2347 Upstream summary: Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. Table of […]

Read more
Debian 12 — gst-rtsp-server1.0 — multiple vulnerabilities (2 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — gst-rtsp-server1.0 — multiple vulnerabilities (2 CVEs) — patch and remediation guide

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2020-6095 CVE-2024-44331 Upstream summary: An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null […]

Read more
Debian 12 — mediaelement — vulnerability — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — mediaelement — vulnerability — patch and remediation guide

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2016-4567 Upstream summary: Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or […]

Read more
Debian 12 — cpp-httplib — multiple vulnerabilities (16 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — cpp-httplib — multiple vulnerabilities (16 CVEs) — patch and remediation guide

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2023-26130 CVE-2025-0825 CVE-2025-46728 CVE-2025-53628 CVE-2025-53629 CVE-2025-66570 CVE-2025-66577 CVE-2026-21428  +8 more Upstream summary: Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input […]

Read more
Debian 12 — iptraf-ng — vulnerability — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — iptraf-ng — vulnerability — patch and remediation guide

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2024-52949 Upstream summary: iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the strcpy function consistently fails to control the size, and it is consequently possible to overflow […]

Read more
Debian 12 — pam-u2f — multiple vulnerabilities (4 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — pam-u2f — multiple vulnerabilities (4 CVEs) — patch and remediation guide

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2019-12209 CVE-2019-12210 CVE-2021-31924 CVE-2025-23013 Upstream summary: Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify […]

Read more
CHAT