Chromium, PHP, WordPress, and more updates for Debian

Debian 10712 Published by Philipp Esselbach 0

Several security updates have been released for Debian GNU/Linux, including fixes for vulnerabilities in Chromium (DSA-6089-1), PHP 8.4 (DSA-6088-1), WordPress (DSA-6091-1), python-mechanize (DLA-4418-1), usbmuxd (DLA-4417-1), and Rails (DSA-6090-1).

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4418-1] python-mechanize security update
[DLA 4417-1] usbmuxd security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6089-1] chromium security update
[DSA 6090-1] rails security update

Debian GNU/Linux 13 (Trixie):
[DSA 6088-1] php8.4 security update
[DSA 6091-1] wordpress security update

PHP 8.5.1, PHP 8.4.16, 8.3.29, 8.2.30, 8.1.34 Debian packages released

Debian 10712 Published by Philipp Esselbach 0

Ondřej Surý has released updated PHP packages for Debian GNU/Linux users, including versions from 5.6 to 8.5, addressing security issues across multiple versions. The updates fix three vulnerabilities: command injection via proc_open, CVE-2024-1874; a cookie bypass attack related to CVE-2022-31629 and patched as CVE-2024-2756; and an issue with PHP's password verification function. To add the repository to your Debian installation, you can use a provided script that installs necessary dependencies and configures the repository. Further details on the packages and bug tracker are available at deb.sury.org.

Roundcube, Dropbear, MediaWiki updates for Debian

Debian 10712 Published by Philipp Esselbach 0

There are multiple security updates for Debian GNU/Linux distributions, including Roundcube, Dropbear, and MediaWiki. The Roundcube update, which is available for Debian 10 ELTS, 12, and 13, fixes two vulnerabilities: an information disclosure vulnerability in its HTML style sanitizer and a cross-site scripting (XSS) vulnerability via SVG's animate tag. The dropbear update for Debian 12 and 13 addresses a privilege escalation issue caused by incorrect permission handling in the Dropbear SSH server. The MediaWiki update for Debian 12 and 13 fixes multiple security issues, including XSS, information disclosure, missing rate limiting, and denial of service vulnerabilities.

ELA-1598-1 roundcube security update
[DSA 6087-1] roundcube security update
[DSA 6086-1] dropbear security update
[DSA 6085-1] mediawiki security update

Glib2.0, Webkit2GTK, Roundcube, C-Ares updates for Debian

Debian 10712 Published by Philipp Esselbach 0

Debian Security Advisories were issued to address several security vulnerabilities. The advisories include updates for packages such as webkit2gtk (multiple CVEs), c-ares (CVE-2025-62408), and roundcube (CVE-2025-68460 and CVE-2025-68461). Additionally, an update was released for the glib2.0 library due to multiple issues that could lead to denial of service or potentially arbitrary code execution (multiple CVEs). Users are recommended to upgrade their packages to address these vulnerabilities and protect against potential attacks.

Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1597-1 glib2.0 security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4414-1] webkit2gtk security update
[DLA 4415-1] roundcube security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6083-1] webkit2gtk security update

Debian GNU/Linux 13 (Trixie):
[DSA 6084-1] c-ares security update

Liquorix Linux Kernel 6.17-15 released

Debian 10712 Ubuntu 6936 Arch Linux 920 Published by Philipp Esselbach 0

Liquorix Kernel 6.17-15 has been released, enhancing the Linux desktop experience, particularly for gaming and multimedia tasks. It introduces Zen Interactive Tuning for improved responsiveness, optimized I/O and memory management, and high-resolution scheduling. Key features include support for BFQ for managing disk I/O, TCP BBR2 for better data transfer during congestion, and Compressed Swap for efficient memory use. Installation is straightforward via PPA for Debian, Ubuntu, or Arch Linux, and an installation script is available on their website for ease of use.

Glib2.0, Binwalk, Libgd2, Node-URL-Pause updates for Debian 11 LTS

Debian 10712 Published by Philipp Esselbach 0

Debian has released security updates for several packages to fix vulnerabilities that could lead to denial of service, memory corruption, or arbitrary code execution. The affected packages include glib2.0 (CVE-2025-4373, CVE-2025-7039, CVE-2025-13601, and others), binwalk (CVE-2022-4510), libgd2 (CVE-2021-38115, CVE-2021-40145, and CVE-2021-40812), and node-url-parse (CVE-2022-0639). All of these vulnerabilities have been fixed in the latest versions of the affected packages for Debian GNU/Linux 11 (Bullseye) LTS.

[DLA 4412-1] glib2.0 security update
[DLA 4410-1] binwalk security update
[DLA 4411-1] libgd2 security update
[DLA 4413-1] node-url-parse security update

Python-APT and Paramiko security update for Debian

Debian 10712 Published by Philipp Esselbach 0

Debian has released security advisories: DLA-4409-1 for paramiko and ELA-1596-1/DLA-4408-1 for python-apt. The paramiko advisory addresses a race condition that could allow unauthorized information disclosure, while the python-apt advisory fixes an issue where the package incorrectly handled deb822 configuration files, causing a denial of service.

Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1596-1 python-apt security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4409-1] paramiko security update
[DLA 4408-1] python-apt security update

Thunderbird, VLC Media Player, Ruby updates for Debian

Debian 10712 Published by Philipp Esselbach 0

Debian has released several security advisories to address vulnerabilities in various packages, including Thunderbird (DSA-6081-1), VLC media player (DSA-6082-1), ruby-sidekiq (DLA-4407-1), and ruby-git (DLA-4406-1). These updates fix multiple issues that could lead to arbitrary code execution or denial of service.

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4407-1] ruby-sidekiq security update
[DLA 4406-1] ruby-git security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6081-1] thunderbird security update
[DSA 6082-1] vlc security update

Kernel security update for Debian ELTS

Debian 10712 Published by Philipp Esselbach 0

The Linux kernel has been updated to version 5.10.247, fixing several bugs and vulnerabilities in the process. The update addresses multiple CVEs, including ones that could lead to privilege escalation, denial of service, or information leaks. This release includes additional bug fixes from stable updates 5.10.245-5.10.247. One notable remedy involves disabling the broken pktcdvd driver. The update is available for both Debian GNU/Linux 9 (version 5.10.247-1deb9u1) and 10 (version 5.10.247-1deb10u1) Extended LTS.

ELA-1595-1 linux-5.10 security update

Liquorix Linux Kernel 6.17-14 released

Debian 10712 Ubuntu 6936 Arch Linux 920 Published by Philipp Esselbach 0

Liquorix has released version 6.17-14 of their custom-built Linux kernel, which is designed to optimize desktop performance for multimedia and gaming workloads by tapping into underutilized capabilities. This kernel includes various improvements, such as interactive tuning, optimized I/O and memory management, and changes to CPUFreq control, aiming to balance responsiveness with stability. Liquorix 6.17-14 also features additional performance enhancements like high-resolution scheduling, real-time system handling, and support for Budget Fair Queue (BFQ) and TCP BBR2 Congestion Control. Users can easily deploy the kernel on Debian, Ubuntu, or Arch Linux using pre-built binary packages from their PPA or an automated installation script.

TzData, Kernel, Thunderbird, Chromium updates for Debian

Debian 10712 Published by Philipp Esselbach 0

The Debian project has issued several security advisories to update various packages. The first advisory, DLA-4403-1, updates the tzdata package to version 2025b-0+deb11u2, which includes the latest changes to the leap second list. Other advisories, including ELA-1594-1 for Debian 9 and 10 and DSA-6080-1 for Chromium, also address security issues in various packages. Additionally, updates for the Linux kernel (DLA-4404-1) and Thunderbird (DLA-4405-1) have been released to fix multiple vulnerabilities.

Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1594-1 tzdata new timezone database

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4403-1] tzdata new timezone database
[DLA 4404-1] linux security update
[DLA 4405-1] thunderbird security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6080-1] chromium security update

Libsoup, Libsndfile, Firefox ESR updates for Debian

Debian 10712 Published by Philipp Esselbach 0

Debian has released several security updates to address vulnerabilities in various packages, including libsndfile, firefox-esr, and libsoup2.4. The libsndfile vulnerability allows an attacker to trigger an out-of-bounds read that could cause a crash or memory leak, while the Firefox ESR update fixes multiple security issues that could lead to arbitrary code execution or privilege escalation. The libsoup2.4 package has several vulnerabilities, including integer overflows and denial-of-service flaws that can be exploited by sending specially crafted HTTP messages.

Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1593-1 libsoup2.4 security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4402-1] libsndfile security update
[DLA 4401-1] firefox-esr security update

LibSSH, Webkit2GTK, Rear, and more updates for Debian

Debian 10712 Published by Philipp Esselbach 0

Several security updates have been released for various Debian packages, including webkit2gtk, pdns-recursor, libpng1.6, and others, to address vulnerabilities such as sensitive system information exfiltration, denial-of-service attacks, and potentially arbitrary code execution. These updates include fixes for CVEs like CVE-2025-13947, CVE-2025-43421, and CVE-2025-4877, among others.

Debian GNU/Linux 9 (Stretch) Extended LTS:
ELA-1592-1 libssh security update

Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1591-1 libssh security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4399-1] webkit2gtk security update
[DLA 4400-1] rear security update

Debian GNU/Linux 12 (Bookworm):
[DSA 6079-1] ffmpeg security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6076-1] libpng1.6 security update
[DSA 6078-1] firefox-esr security update

Debian GNU/Linux 13 (Trixie):
[DSA 6077-1] pdns-recursor security update

Wordpress, Libsoup2.4, Webkit2GTK updates for Debian

Debian 10712 Published by Philipp Esselbach 0

Debian Security Advisories have been issued for several packages, including WordPress, libsoup2.4, and webkit2gtk, due to multiple security issues that could result in cross-site scripting or information disclosure. The issues were discovered in the oldstable (bookworm) and stable (trixie) distributions of Debian, with corresponding version updates available to fix the vulnerabilities. Users are recommended to upgrade their packages for WordPress, libsoup2.4, and webkit2gtk to ensure system security.

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4398-1] libsoup2.4 security update

Debian GNU/Linux 12 (Bookworm):
[DSA 6075-1] wordpress security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6074-1] webkit2gtk security update

Lasso security updates for Debian LTS

Debian 10712 Published by Philipp Esselbach 0

Debian has released security updates for the LASSO library, which implements Liberty Alliance and SAML protocols. The update addresses multiple vulnerabilities discovered by Keane O'Kelley that could lead to denial-of-service or arbitrary code execution. Affected Debian versions include Debian GNU/Linux 11 (Bullseye) LTS with version 2.6.1-3+deb11u1, as well as Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS with different version updates. Users are recommended to upgrade their LASSO packages to the latest secured version.

[DLA 4397-1] lasso security update
ELA-1590-1 lasso security update

Libpng1.6 and FFmpeg updates for Debian

Debian 10712 Published by Philipp Esselbach 0

Debian has released security updates for several packages: libpng1.6, ffmpeg, and their respective vulnerabilities. The libpng1.6 update fixes multiple vulnerabilities that allow information disclosure or denial of service via out-of-bounds reads, heap corruption, or buffer overflows. The ffmpeg update tackles a vulnerability that could lead to denial of service or arbitrary code execution when processing malformed files. Users are recommended to upgrade their packages to the latest versions for security patches: 1.6.37-3+deb11u1 for libpng1.6 and 7:7.1.3-0+deb13u1 for ffmpeg.

Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS:
ELA-1589-1 libpng1.6 security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4396-1] libpng1.6 security update

Debian GNU/Linux 13 (Trixie):
[DSA 6073-1] ffmpeg security update

Liquorix Linux Kernel 6.17-13 released

Debian 10712 Ubuntu 6936 Arch Linux 920 Published by Philipp Esselbach 0

Liquorix Linux kernel version 6.17-13 has been released, which is based on the stable Linux kernel 6.17.10 and designed to optimize desktop experiences for multimedia and gaming workloads. The new kernel has several important updates, like adjustments that make the system respond faster instead of saving power, better management of input/output and memory, and improved CPUFreq control for quicker responses when needed. Additionally, Liquorix 6.17-12 includes better scheduling for high-resolution tasks, a way to manage real-time processes, and support for Budget Fair Queue (BFQ) and TCP BBR2 Congestion Control The kernel can be easily installed on Debian, Ubuntu, or Arch Linux using a provided script or through their own PPA, making it a straightforward replacement for the standard kernel.

Krita security update for Debian 11 LTS

Debian 10712 Published by Philipp Esselbach 0

A security update has been released for Krita, an image manipulation program. The update fixes a vulnerability that could cause a heap-based buffer overflow when loading a manipulated TGA file in Krita. The issue was fixed in version 1:4.4.2+dfsg-1+deb11u1 of the package, which is available for Debian GNU/Linux 11 (Bullseye) LTS users.

[DLA 4395-1] krita security update

Libhtp, Webkit2GTK, Chromium, Unbound updates for Debian

Debian 10712 Published by Philipp Esselbach 0

Several security updates have been released for various Debian packages, including webkit2gtk, chromium, unbound, and libhtp. The updates address multiple vulnerabilities that could lead to denial of service, information disclosure, or arbitrary code execution.

Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1588-1 libhtp security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4394-1] webkit2gtk security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6072-1] chromium security update

Debian GNU/Linux 13 (Trixie):
[DSA 6071-1] unbound security update

Mod-Auth-Openidc, Webki2GTK, OpenVPN updates for Debian

Debian 10712 Published by Philipp Esselbach 0

The Debian project has released security updates for several packages, including libapache2-mod-auth-openidc, webkit2gtk, and openvpn. The updates fix vulnerabilities that could allow attackers to crash or exploit systems, with fixes available for various distributions, including Buster, Bookworm, and Trixie. Specific issues addressed in the updates include a denial-of-service vulnerability in mod_auth_openidc, multiple crashes and memory corruption bugs in WebKitGTK, and a flaw allowing bypass of source IP address validation in openvpn.

Debian GNU/Linux 10 (Buster) ELTS:
ELA-1587-1 libapache2-mod-auth-openidc security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6070-1] webkit2gtk security update
[DSA 6069-1] openvpn security update

Next Page

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...