Debian 12 Bookworm

Debian 12 — ikiwiki — multiple vulnerabilities (18 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — ikiwiki — multiple vulnerabilities (18 CVEs) — patch and remediation guide

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2008-0165 CVE-2008-0169 CVE-2008-0808 CVE-2008-0809 CVE-2009-2944 CVE-2010-1195 CVE-2010-1673 CVE-2011-0428  +10 more Upstream summary: Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, […]

Read more
Debian 12 — feh — multiple vulnerabilities (4 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — feh — multiple vulnerabilities (4 CVEs) — patch and remediation guide

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2010-2246 CVE-2011-0702 CVE-2011-1031 CVE-2017-7875 Upstream summary: feh before 1.8, when the –wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a […]

Read more
Debian 12 — node-cached-path-relative — multiple vulnerabilities (2 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — node-cached-path-relative — multiple vulnerabilities (2 CVEs) — patch and remediation guide

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2018-16472 CVE-2021-23518 Upstream summary: A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS […]

Read more
Debian 12 — qpid-proton — multiple vulnerabilities (2 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — qpid-proton — multiple vulnerabilities (2 CVEs) — patch and remediation guide

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2018-17187 CVE-2019-0223 Upstream summary: The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(…)' methods. Unless a verification mode […]

Read more
Debian 12 — giflib — multiple vulnerabilities (17 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — giflib — multiple vulnerabilities (17 CVEs) — patch and remediation guide

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2005-2974 CVE-2005-3350 CVE-2015-7555 CVE-2016-3177 CVE-2016-3977 CVE-2018-11489 CVE-2018-11490 CVE-2019-15133  +9 more Upstream summary: libungif library before 4.1.0 allows attackers to cause a denial of service via a crafted GIF […]

Read more
Debian 12 — php-cas — multiple vulnerabilities (4 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — php-cas — multiple vulnerabilities (4 CVEs) — patch and remediation guide

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2012-5583 CVE-2014-4172 CVE-2017-1000071 CVE-2022-39369 Upstream summary: phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName […]

Read more
Debian 12 — pycryptodome — multiple vulnerabilities (2 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — pycryptodome — multiple vulnerabilities (2 CVEs) — patch and remediation guide

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2018-6594 CVE-2023-52323 Upstream summary: lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does […]

Read more
Debian 12 — shiro — multiple vulnerabilities (17 CVEs) — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — shiro — multiple vulnerabilities (17 CVEs) — patch and remediation guide

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2014-0074 CVE-2016-4437 CVE-2016-6802 CVE-2019-12422 CVE-2020-11989 CVE-2020-13933 CVE-2020-17510 CVE-2020-1957  +9 more Upstream summary: Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote […]

Read more
Debian 12 — libmodule-scandeps-perl — vulnerability — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — libmodule-scandeps-perl — vulnerability — patch and remediation guide

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2024-10224 Table of contents Symptom & Impact Environment & Reproduction Root Cause Analysis Quick Triage Step-by-Step Diagnosis Solution – Primary Fix Solution – Alternative Approaches Verification & Acceptance […]

Read more
Debian 12 — pdf.js — vulnerability — patch and remediation guide — diagnosis and fix on Debian 12

Debian 12 — pdf.js — vulnerability — patch and remediation guide

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2015-4495 Upstream summary: The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same […]

Read more
CHAT