Three packages have been affected by newly discovered vulnerabilities: nova, ca-certificates, and chromium. The nova vulnerability allows for data destruction on the host system due to unsafe image resize operations, while the chromium security issues result in potential code execution or information disclosure. Additionally, the ca-certificates package has been updated with new certificate authorities and removed expired ones to ensure secure SSL connections. Other packages, such as pillow, also have vulnerabilities that need to be addressed through upgrades.
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1649-1 gimp security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4486-1] nova security update
[DLA 4485-1] ca-certificates CA certificates update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6146-1] chromium security update
Debian GNU/Linux 13 (Trixie):
[DSA 6147-1] pillow security update
The newest XanMod kernels (6.19.3, 6.18.13, 6.18.13-rt, and LTS 6.12.74) have been released for 64-bit Debian-based systems, offering several performance tweaks, including LLVM's ThinLTO and polyhedral optimizations in the 6.19 series. However, users may experience issues with certain drivers, such as NVIDIA's proprietary driver version 560.28, which can cause the system to panic after booting into XanMod 6.19.3. To install the new kernel on Debian/Ubuntu systems, you need to trust the XanMod signing key and add a repository line to your sources.list file. If you rely on external modules like NVIDIA or OpenZFS with ZFS DKMS package, make sure to update their source trees before rebooting and reinstall any necessary packages after the kernel upgrade from version 6.18.x or earlier.
The Liquorix 6.18-14 kernel has been released for Linux users, promising lower latency, a snappier desktop feel, and better frame-time consistency in games. This new kernel is designed to improve "interactive" performance by swapping the default scheduler, reducing CPU timeslice, and enabling background hugepage reclaim among other changes. If you regularly engage in gaming, video production, or run virtual machines that require low latency, installing Liquorix may be worth it as it can provide extra responsiveness and improved playback.
Debian has released multiple security advisories to address vulnerabilities in various packages. The affected packages include nova, inetutils, libvpx, gegl, and python-django, which have been fixed in versions 2:26.2.2-1deb12u4, 2:2.6-3+deb13u2, 1.15.0-2.1+deb13u1, 1:0.4.62-2+deb13u2, and 2:2.2.28-1deb11u12, respectively. These updates are recommended to prevent potential Denial of Service attacks, SQL injection, and other security risks. Users can refer to the Debian Security Tracker pages for detailed security information about each package.
Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS:
ELA-1648-1 python-django security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4484-1] python-django security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6145-1] nova security update
[DSA 6143-1] libvpx security update
[DSA 6142-1] gegl security update
Debian GNU/Linux 13 (Trixie):
[DSA 6144-1] inetutils security update
The first XanMod kernel, version 6.19.2, has been released based on the latest 6.19 Kernel series with several enhancements and new features, including webcam support for select AMD Strix Halo-based laptops. To install it on Debian-based systems, start by adding the official repository and grabbing its signing key to prevent warnings from apt. After updating the package list, you'll need to pull in the kernel and headers, as well as build tools like dkms and clang if you plan to rebuild external modules, such as NVIDIA drivers or VirtualBox. With these steps complete, your system should be running smoothly on XanMod 6.19.2, although it's always a good idea to verify the kernel version and have backup plans in case of unexpected issues.
Debian has released several security updates, including patches for GnuTLS, which fixes a denial-of-service vulnerability caused by processing specially crafted certificates containing name constraints. Additionally, Debian has updated its GIMP packages to fix multiple vulnerabilities that could lead to denial-of-service or arbitrary code execution if malformed PSD, PSP, or ICO files are opened. The Linux kernel package has also been updated to address numerous vulnerabilities that may lead to privilege escalation, denial of service, or information leaks. Users are recommended to upgrade their Debian packages to the latest versions to ensure they have the necessary security patches installed.
[DSA 6140-1] gnutls28 security update
[DSA 6139-1] gimp security update
[DSA 6141-1] linux security update
[DLA 4483-1] gimp security update
The Liquorix Kernel 6.18-13 offers improved performance and reduced latency for desktop users and gamers through tweaks such as swapping the default scheduler and adjusting CPU settings. To install this kernel on Debian, Ubuntu, and Arch Linux systems, download the official script using curl and follow its instructions to pull the necessary .deb files from Liquorix's repository. The new kernel replaces the mq-deadline scheduler with Kyber for multiqueue devices and BFQ for single-queue drives, resulting in faster performance during tasks like video encoding and gaming. After installation and a reboot, users can verify that the new kernel is active by checking the system's output from commands like uname -r and /sys/block/sda/queue/scheduler.
The XanMod kernels 6.18.12 and 6.12.73 LTS offer improved performance, including faster compile times and higher throughput for I/O-intensive containers, due to ThinLTO compilation and block layer runqueue changes. To install these kernels on Debian-based systems, users need to import the signing key, add a source list entry, update apt, and install the linux-xanmod-x64v3 meta-package. This process can be simplified into a single flow of fetching the key, writing the repo line, updating apt, installing the kernel package, and rebooting. After installation, users can verify that the new kernel is active by checking /proc/version or uname -r, and ensure their graphics stack has re-initialized correctly using glxinfo | grep OpenGL.
Several security updates have been released for Debian systems, including updates for Roundcube webmail and libpng image library. These updates address multiple vulnerabilities that could lead to information disclosure or denial-of-service attacks, including issues with HTML sanitization and buffer overflows. The updates are available for various Debian versions, including Bullseye, Bookworm, and Trixie, and users are advised to upgrade their packages as soon as possible. Additionally, a security update has been released for Ceph distributed storage and file system, which fixed an issue with SSL certificate checking in the Python bindings.
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1647-1 libpng1.6 security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4480-1] roundcube security update
[DLA 4481-1] libpng1.6 security update
[DLA 4482-1] ceph security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6137-1] roundcube security update
[DSA 6138-1] libpng1.6 security update
Important security updates have been released for Wireshark, a network traffic analyzer. The updates address multiple vulnerabilities that could allow denial of service via packet injection or crafted capture files, including crashes and infinite loops in various dissectors. Affected versions include 2.6.20-0+deb10u9~deb9u2 for Debian GNU/Linux 9 (Stretch) ELTS, 10 (Buster), and 12 (Bullseye).
ELA-1646-1 wireshark security update
[DLA 4479-1] wireshark security update
The new Liquorix Kernel 6.18-12 offers improved low-latency power for Debian, Ubuntu, and Arch systems without sacrificing stability. It drops support for BTF module loading to achieve faster boot times on older hardware and lower input latency with a built-in scheduler swap to Kyber or BFQ. Users can install the kernel quickly using an official script that auto-detects their system type, or build their own packages with Docker for a more transparent workflow. The Liquorix kernel features various low-latency improvements such as Zen Interactive Tuning and High-Resolution 1000 Hz Tick, making it ideal for gaming and real-time tasks.
A security update for Debian GNU/Linux 12 (Bookworm) was issued for the python-django library due to multiple vulnerabilities found in Django, a Python web development framework. The issues could lead to denial of service, information disclosure, directory traversal or SQL injection.
[DSA 6136-1] python-django security update
Ondřej Surý has released updated PHP packages for Debian users, including PHP 8.5.3 and 8.4.18, which offer improved performance, bug fixes, and security patches over Debian's native PHP stack. By adding Surý's repository to their system, users can access the latest PHP versions without having to wait months for official updates or turn their system into a "Frankenstein build." To install these packages, users need to ensure their host can speak HTTPS to apt and then run a series of commands to fetch the signing key, add the repository source, and refresh the package index. With Surý's repository in place, users can easily upgrade to the latest PHP versions using standard apt-get commands and stay ahead of security issues without extensive maintenance efforts.
Xanmod Kernel 6.12.71 is now available, based on the latest Linux LTS kernel that features a range of targeted fixes including improvements for virtual-socket tests, asynchronous I/O, and VLAN packet handling in tunnels. This updated kernel offers stability and performance enhancements, and can be installed on Debian, Ubuntu, or derivative systems. A step-by-step guide will walk you through the process of installing the Xanmod LTS kernel, explaining each command and how to avoid common issues with DKMS modules.
A security update has been released for the Chromium package in Debian to fix several vulnerabilities. The issues discovered could allow attackers to execute arbitrary code, cause a denial of service, or disclose sensitive information. Versions 145.0.7632.75-1deb12u1 and 145.0.7632.75-1deb13u1 have been released for the oldstable and stable distributions respectively.
[DSA 6135-1] chromium security update
A new version of the Liquorix Kernel 6.18-11 has been released, bringing low-latency tweaks, latency-driven improvements, and an optional Docker build pipeline to Debian, Ubuntu, and Arch systems. For most users, the official install script can be used to easily install a drop-in replacement kernel with reduced input latency without any manual configuration. Power users who prefer a transparent build chain can use Docker to compile their own packages from source, allowing for customization of signing and packaging options. The Liquorix kernel brings several low-latency features, including Zen Interactive Tuning, Background Hugepage Reclaim, and High-Resolution 1000 Hz Tick, making it a great solution for gaming, audio production, and other interactive workloads.
Several security updates have been released for various Debian packages, including ClamAV and Linux kernel versions 5.10 and 6.1. These updates address multiple vulnerabilities that could lead to privilege escalation, denial of service, or information leaks. Additionally, a security update has been issued for PDNS Recursor due to two vulnerabilities that can cause denial of service when processing malformed zone files. Users are advised to upgrade their packages to the latest versions available in order to stay secure.
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1644-1 linux-5.10 security update
ELA-1643-1 linux-6.1 security update
Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1645-1 clamav new upstream version
Debian GNU/Linux 13 (Trixie):
[DSA 6134-1] pdns-recursor security update
Debian has released several security advisories to address vulnerabilities in various packages, including HAProxy, PostgreSQL, and Nginx. The advisory for HAProxy (DSA-6130-1) warns that an attacker can cause a denial-of-service attack by sending specially crafted data, and recommends upgrading to version 3.0.11-1+deb13u2. Meanwhile, multiple security issues were discovered in PostgreSQL (CVEs 2026-2003-2006), which may result in memory disclosure or code execution, and the advisory recommends updating to version 17.8-0+deb13u1 for the stable distribution or 15.16-0+deb12u1 for the oldstable distribution. Nginx has also been updated (DSA-6131-1) to fix a vulnerability that made it possible for an attacker to inject malicious code into upstream TLS servers, and users are recommended to upgrade to version 1.22.1-9+deb12u4 or 1.26.3-3+deb13u2.
[DSA 6130-1] haproxy security update
[DSA 6133-1] postgresql-17 security update
[DSA 6132-1] postgresql-15 security update
[DSA 6131-1] nginx security update
The XanMod kernel offers improved performance with its block-layer runqueue tweaks and revamped scheduler, resulting in smoother multitasking. It also includes aggressive x86_64 optimizations from LLVM's ThinLTO for better I/O boosts. For low-latency workloads like audio production, robotics, or gaming, the linux-xanmod-rt package is available, which ships a PREEMPT_RT-enabled kernel based on 6.18 with deterministic scheduling. The XanMod kernel is compatible with various drivers, including NVIDIA and VirtualBox, although some may require reinstalling under new headers to work properly.
Debian has released two security updates for the Linux kernel: DLA-4476-1 and DLA-4475-1. These updates, which address multiple vulnerabilities in the Linux kernel, affect Debian GNU/Linux 11 (Bullseye) LTS and may lead to privilege escalation, denial of service, or information leaks if left unpatched. The vulnerabilities were fixed in versions 6.1.162-1~deb11u1 for DLA-4476-1 and 5.10.249-1 for DLA-4475-1, which also include fixes for several reported bugs.
[DLA 4476-1] linux-6.1 security update
[DLA 4475-1] linux security update
