Debian GNU/Linux has issued two important security updates: DSA 5953-1 for catdoc on Debian 12 and ELA-1473-1 for python-tornado on Debian 10 ELTS.
CVE Identifiers: CVE-2024-48877, CVE-2024-52035, CVE-2024-54028
Debian Bug: 1107168
Catdoc, a tool for extracting text from MS-Office files, has been found to have several vulnerabilities that could lead to denial of service or arbitrary code execution if a maliciously crafted file is processed. The fixed version for the stable distribution (bookworm) is 1:0.95-6~deb12u1. Users are encouraged to upgrade their catdoc packages to ensure their systems are secure. Additional details can be found on the [security tracker page for catdoc](https://security-tracker.debian.org/tracker/catdoc).
CVE Identifier: CVE-2025-47287
In python-tornado, a widely used framework for building web applications in Python, a vulnerability was identified in its 'multipart/form-data' parser. When encountering specific errors, the parser logs a warning and continues to process the data, which can lead to a denial of service (DoS) attack by generating an excessive amount of logs. This issue is exacerbated by the synchronous nature of the logging subsystem. The update addresses this vulnerability, and users are advised to apply it to mitigate potential risks.
For both updates, users are urged to check the respective security advisories for more detailed instructions on applying the updates and to stay informed about security best practices in the Debian environment
Catdoc Security Update (DSA 5953-1)
Release Date: June 29, 2025CVE Identifiers: CVE-2024-48877, CVE-2024-52035, CVE-2024-54028
Debian Bug: 1107168
Catdoc, a tool for extracting text from MS-Office files, has been found to have several vulnerabilities that could lead to denial of service or arbitrary code execution if a maliciously crafted file is processed. The fixed version for the stable distribution (bookworm) is 1:0.95-6~deb12u1. Users are encouraged to upgrade their catdoc packages to ensure their systems are secure. Additional details can be found on the [security tracker page for catdoc](https://security-tracker.debian.org/tracker/catdoc).
Python-Tornado Security Update (ELA-1473-1)
Affected Version: 5.1.1-4+deb10u2 (buster)CVE Identifier: CVE-2025-47287
In python-tornado, a widely used framework for building web applications in Python, a vulnerability was identified in its 'multipart/form-data' parser. When encountering specific errors, the parser logs a warning and continues to process the data, which can lead to a denial of service (DoS) attack by generating an excessive amount of logs. This issue is exacerbated by the synchronous nature of the logging subsystem. The update addresses this vulnerability, and users are advised to apply it to mitigate potential risks.
For both updates, users are urged to check the respective security advisories for more detailed instructions on applying the updates and to stay informed about security best practices in the Debian environment
Catdoc and Python-Tornado updates for Debian
Debian GNU/Linux has received two security updates: [DSA 5953-1] catdoc for Debian 12 and ELA-1473-1 python-tornado for Debian 10 ELTS.
[DSA 5953-1] catdoc security update
ELA-1473-1 python-tornado security updateCatdoc and Python-Tornado updates for Debian @ Linux Compatible
