Debian Security Advisories were issued to address several security vulnerabilities. The advisories include updates for packages such as webkit2gtk (multiple CVEs), c-ares (CVE-2025-62408), and roundcube (CVE-2025-68460 and CVE-2025-68461). Additionally, an update was released for the glib2.0 library due to multiple issues that could lead to denial of service or potentially arbitrary code execution (multiple CVEs). Users are recommended to upgrade their packages to address these vulnerabilities and protect against potential attacks.
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1597-1 glib2.0 security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4414-1] webkit2gtk security update
[DLA 4415-1] roundcube security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6083-1] webkit2gtk security update
Debian GNU/Linux 13 (Trixie):
[DSA 6084-1] c-ares security update
Liquorix Kernel 6.17-15 has been released, enhancing the Linux desktop experience, particularly for gaming and multimedia tasks. It introduces Zen Interactive Tuning for improved responsiveness, optimized I/O and memory management, and high-resolution scheduling. Key features include support for BFQ for managing disk I/O, TCP BBR2 for better data transfer during congestion, and Compressed Swap for efficient memory use. Installation is straightforward via PPA for Debian, Ubuntu, or Arch Linux, and an installation script is available on their website for ease of use.
Debian has released security updates for several packages to fix vulnerabilities that could lead to denial of service, memory corruption, or arbitrary code execution. The affected packages include glib2.0 (CVE-2025-4373, CVE-2025-7039, CVE-2025-13601, and others), binwalk (CVE-2022-4510), libgd2 (CVE-2021-38115, CVE-2021-40145, and CVE-2021-40812), and node-url-parse (CVE-2022-0639). All of these vulnerabilities have been fixed in the latest versions of the affected packages for Debian GNU/Linux 11 (Bullseye) LTS.
[DLA 4412-1] glib2.0 security update
[DLA 4410-1] binwalk security update
[DLA 4411-1] libgd2 security update
[DLA 4413-1] node-url-parse security update
Debian has released security advisories: DLA-4409-1 for paramiko and ELA-1596-1/DLA-4408-1 for python-apt. The paramiko advisory addresses a race condition that could allow unauthorized information disclosure, while the python-apt advisory fixes an issue where the package incorrectly handled deb822 configuration files, causing a denial of service.
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1596-1 python-apt security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4409-1] paramiko security update
[DLA 4408-1] python-apt security update
Debian has released several security advisories to address vulnerabilities in various packages, including Thunderbird (DSA-6081-1), VLC media player (DSA-6082-1), ruby-sidekiq (DLA-4407-1), and ruby-git (DLA-4406-1). These updates fix multiple issues that could lead to arbitrary code execution or denial of service.
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4407-1] ruby-sidekiq security update
[DLA 4406-1] ruby-git security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6081-1] thunderbird security update
[DSA 6082-1] vlc security update
The Linux kernel has been updated to version 5.10.247, fixing several bugs and vulnerabilities in the process. The update addresses multiple CVEs, including ones that could lead to privilege escalation, denial of service, or information leaks. This release includes additional bug fixes from stable updates 5.10.245-5.10.247. One notable remedy involves disabling the broken pktcdvd driver. The update is available for both Debian GNU/Linux 9 (version 5.10.247-1deb9u1) and 10 (version 5.10.247-1deb10u1) Extended LTS.
ELA-1595-1 linux-5.10 security update
Liquorix has released version 6.17-14 of their custom-built Linux kernel, which is designed to optimize desktop performance for multimedia and gaming workloads by tapping into underutilized capabilities. This kernel includes various improvements, such as interactive tuning, optimized I/O and memory management, and changes to CPUFreq control, aiming to balance responsiveness with stability. Liquorix 6.17-14 also features additional performance enhancements like high-resolution scheduling, real-time system handling, and support for Budget Fair Queue (BFQ) and TCP BBR2 Congestion Control. Users can easily deploy the kernel on Debian, Ubuntu, or Arch Linux using pre-built binary packages from their PPA or an automated installation script.
The Debian project has issued several security advisories to update various packages. The first advisory, DLA-4403-1, updates the tzdata package to version 2025b-0+deb11u2, which includes the latest changes to the leap second list. Other advisories, including ELA-1594-1 for Debian 9 and 10 and DSA-6080-1 for Chromium, also address security issues in various packages. Additionally, updates for the Linux kernel (DLA-4404-1) and Thunderbird (DLA-4405-1) have been released to fix multiple vulnerabilities.
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1594-1 tzdata new timezone database
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4403-1] tzdata new timezone database
[DLA 4404-1] linux security update
[DLA 4405-1] thunderbird security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6080-1] chromium security update
Debian has released several security updates to address vulnerabilities in various packages, including libsndfile, firefox-esr, and libsoup2.4. The libsndfile vulnerability allows an attacker to trigger an out-of-bounds read that could cause a crash or memory leak, while the Firefox ESR update fixes multiple security issues that could lead to arbitrary code execution or privilege escalation. The libsoup2.4 package has several vulnerabilities, including integer overflows and denial-of-service flaws that can be exploited by sending specially crafted HTTP messages.
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1593-1 libsoup2.4 security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4402-1] libsndfile security update
[DLA 4401-1] firefox-esr security update
Several security updates have been released for various Debian packages, including webkit2gtk, pdns-recursor, libpng1.6, and others, to address vulnerabilities such as sensitive system information exfiltration, denial-of-service attacks, and potentially arbitrary code execution. These updates include fixes for CVEs like CVE-2025-13947, CVE-2025-43421, and CVE-2025-4877, among others.
Debian GNU/Linux 9 (Stretch) Extended LTS:
ELA-1592-1 libssh security update
Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1591-1 libssh security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4399-1] webkit2gtk security update
[DLA 4400-1] rear security update
Debian GNU/Linux 12 (Bookworm):
[DSA 6079-1] ffmpeg security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6076-1] libpng1.6 security update
[DSA 6078-1] firefox-esr security update
Debian GNU/Linux 13 (Trixie):
[DSA 6077-1] pdns-recursor security update
Debian Security Advisories have been issued for several packages, including WordPress, libsoup2.4, and webkit2gtk, due to multiple security issues that could result in cross-site scripting or information disclosure. The issues were discovered in the oldstable (bookworm) and stable (trixie) distributions of Debian, with corresponding version updates available to fix the vulnerabilities. Users are recommended to upgrade their packages for WordPress, libsoup2.4, and webkit2gtk to ensure system security.
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4398-1] libsoup2.4 security update
Debian GNU/Linux 12 (Bookworm):
[DSA 6075-1] wordpress security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6074-1] webkit2gtk security update
Debian has released security updates for the LASSO library, which implements Liberty Alliance and SAML protocols. The update addresses multiple vulnerabilities discovered by Keane O'Kelley that could lead to denial-of-service or arbitrary code execution. Affected Debian versions include Debian GNU/Linux 11 (Bullseye) LTS with version 2.6.1-3+deb11u1, as well as Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS with different version updates. Users are recommended to upgrade their LASSO packages to the latest secured version.
[DLA 4397-1] lasso security update
ELA-1590-1 lasso security update
Debian has released security updates for several packages: libpng1.6, ffmpeg, and their respective vulnerabilities. The libpng1.6 update fixes multiple vulnerabilities that allow information disclosure or denial of service via out-of-bounds reads, heap corruption, or buffer overflows. The ffmpeg update tackles a vulnerability that could lead to denial of service or arbitrary code execution when processing malformed files. Users are recommended to upgrade their packages to the latest versions for security patches: 1.6.37-3+deb11u1 for libpng1.6 and 7:7.1.3-0+deb13u1 for ffmpeg.
Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS:
ELA-1589-1 libpng1.6 security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4396-1] libpng1.6 security update
Debian GNU/Linux 13 (Trixie):
[DSA 6073-1] ffmpeg security update
Liquorix Linux kernel version 6.17-13 has been released, which is based on the stable Linux kernel 6.17.10 and designed to optimize desktop experiences for multimedia and gaming workloads. The new kernel has several important updates, like adjustments that make the system respond faster instead of saving power, better management of input/output and memory, and improved CPUFreq control for quicker responses when needed. Additionally, Liquorix 6.17-12 includes better scheduling for high-resolution tasks, a way to manage real-time processes, and support for Budget Fair Queue (BFQ) and TCP BBR2 Congestion Control The kernel can be easily installed on Debian, Ubuntu, or Arch Linux using a provided script or through their own PPA, making it a straightforward replacement for the standard kernel.
A security update has been released for Krita, an image manipulation program. The update fixes a vulnerability that could cause a heap-based buffer overflow when loading a manipulated TGA file in Krita. The issue was fixed in version 1:4.4.2+dfsg-1+deb11u1 of the package, which is available for Debian GNU/Linux 11 (Bullseye) LTS users.
[DLA 4395-1] krita security update
Several security updates have been released for various Debian packages, including webkit2gtk, chromium, unbound, and libhtp. The updates address multiple vulnerabilities that could lead to denial of service, information disclosure, or arbitrary code execution.
Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1588-1 libhtp security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4394-1] webkit2gtk security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6072-1] chromium security update
Debian GNU/Linux 13 (Trixie):
[DSA 6071-1] unbound security update
The Debian project has released security updates for several packages, including libapache2-mod-auth-openidc, webkit2gtk, and openvpn. The updates fix vulnerabilities that could allow attackers to crash or exploit systems, with fixes available for various distributions, including Buster, Bookworm, and Trixie. Specific issues addressed in the updates include a denial-of-service vulnerability in mod_auth_openidc, multiple crashes and memory corruption bugs in WebKitGTK, and a flaw allowing bypass of source IP address validation in openvpn.
Debian GNU/Linux 10 (Buster) ELTS:
ELA-1587-1 libapache2-mod-auth-openidc security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6070-1] webkit2gtk security update
[DSA 6069-1] openvpn security update
Debian has released security updates for several packages, including mako (version 1.1.3+ds1-2+deb11u1) for Debian GNU/Linux 11 LTS, as well as xen (versions 4.17.5 and 4.20.2) and containerd (versions 1.6.20 and 1.7.24) for both Debian GNU/Linux 12 and 13. The updates address various security vulnerabilities, including denial of service attacks and privilege escalation, which could result in memory disclosure or other issues.
[DLA 4393-1] mako security update
[DSA 6068-1] xen security update
[DSA 6067-1] containerd security update
Liquorix Linux kernel version 6.17-12 has been released, which is based on the stable Linux kernel 6.17.10 and designed to optimize desktop experiences for multimedia and gaming workloads. The new kernel has several important updates, like adjustments that make the system respond faster instead of saving power, better management of input/output and memory, and improved CPUFreq control for quicker responses when needed. Additionally, Liquorix 6.17-12 includes better scheduling for high-resolution tasks, a way to manage real-time processes, and support for Budget Fair Queue (BFQ) and TCP BBR2 Congestion Control The kernel can be easily installed on Debian, Ubuntu, or Arch Linux using a provided script or through their own PPA, making it a straightforward replacement for the standard kernel.
Steven Barrett has released the Liquorix Linux kernel 6.17-11. The kernel features Zen Interactive Tuning, which adjusts system settings to prioritize responsiveness over power-saving, as well as optimized I/O and memory management. There are also improvements for better performance, like more precise scheduling, better handling of real-time tasks, and support for Budget Fair Queue (BFQ Users can easily install the kernel using a provided script or by downloading binary builds from Liquorix's PPA repository, which supports Debian, Ubuntu, and Arch Linux distributions.
