Rails and Freetype updates for Debian 12

Debian 10363 Published by

Debian GNU/Linux 12 (Bookworm) has been updated with two security updates: [DSA 5881-1] addressing vulnerabilities in Rails and [DSA 5880-1] concerning Freetype.

[DSA 5881-1] rails security update
[DSA 5880-1] freetype security update




[SECURITY] [DSA 5881-1] rails security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5881-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 17, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : rails
CVE ID : CVE-2023-28362 CVE-2023-38037 CVE-2024-26144 CVE-2024-28103
CVE-2024-41128 CVE-2024-47887 CVE-2024-47888 CVE-2024-47889
CVE-2024-54133

Multiple security issues were discovered in the Rails web framework
which could result cross-site scripting, information disclosure, denial
of service or bypass of content security policies.

For the stable distribution (bookworm), these problems have been fixed in
version 2:6.1.7.10+dfsg-1~deb12u1.

We recommend that you upgrade your rails packages.

For the detailed security status of rails please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/rails

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[SECURITY] [DSA 5880-1] freetype security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5880-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
March 17, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : freetype
CVE ID : CVE-2025-27363

An out-of-bounds write vulnerability when attempting to parse font
subglyph structures related to TrueType GX and variable font files was
discovered in FreeType, which may result in the execution of arbitrary
code when processing specially crafted fonts.

For the stable distribution (bookworm), this problem has been fixed in
version 2.12.1+dfsg-5+deb12u4.

We recommend that you upgrade your freetype packages.

For the detailed security status of freetype please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/freetype

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

X.Org X Server, RESTEasy, FreeType, PlantUML updates for Ubuntu

Zed 0.177.10 released

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...