XanMod has dropped new kernel versions 6.19.12 and 6.18.22 LTS/RT for Debian-based distributions that prioritize heavy workload performance over standard stability. These builds include specific optimizations like LLVM ThinLTO and Google's Multigenerational LRU framework to squeeze better throughput out of the hardware. Power users need to exercise caution since NVIDIA drivers and other DKMS modules often break without a manual update following these kernel jumps. Adding the official repository is the safest route to get everything working, provided you install the build dependencies first to avoid compilation headaches later.
A batch of Debian security advisories addresses serious vulnerabilities in popular packages including inetutils and webkit2gtk alongside a version upgrade for clamav. Specific flaws allow attackers to escalate privileges or cause process crashes through malicious network inputs and crafted web content. Memory corruption risks within libyaml-syck-perl and the gdk-pixbuf image loader also require immediate attention from system administrators. Upgrading these packages is essential because leaving them unpatched exposes systems to potential remote code execution or denial of service attacks.
Debian GNU/Linux 9 (Stretch) ELTS:
ELA-1680-1 clamav new upstream version
Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS:
ELA-1679-1 libyaml-syck-perl security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4527-1] inetutils security update
[DLA 4528-1] webkit2gtk security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6206-1] gdk-pixbuf security update
Debian GNU/Linux 9 (Stretch) ELTS:
ELA-1680-1 clamav new upstream version
Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS:
ELA-1679-1 libyaml-syck-perl security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4527-1] inetutils security update
[DLA 4528-1] webkit2gtk security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6206-1] gdk-pixbuf security update
Debian security teams have released urgent updates for firefox-esr, chromium, and libyaml-syck-perl across several distributions. Firefox users need to install the new version to stop flaws that might enable arbitrary code execution through browser exploits. Across stable distributions, Chromium requires a massive patch covering dozens of CVEs designed to prevent denial of service attacks or data leaks. The perl library update fixes critical memory issues where missing terminators could allow attackers to read adjacent variables unexpectedly.
Debian GNU/Linux 10 (Buster) ELTS:
ELA-1679-1 libyaml-syck-perl security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4526-1] firefox-esr security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6205-1] chromium security update
Debian GNU/Linux 10 (Buster) ELTS:
ELA-1679-1 libyaml-syck-perl security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4526-1] firefox-esr security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6205-1] chromium security update
Debian released security patches for PostgreSQL to fix four vulnerabilities involving memory disclosure and arbitrary code execution risks within the database engine. A separate advisory targets an OpenSSH GSSAPI Key Exchange flaw that enables remote code execution or denial of service if the setting remains active. Administrators should also upgrade libyaml-syck-perl because the package contains high-severity heap buffer overflows and memory corruption bugs discovered within its YAML emitter functions. Finally, BIND9 users need to apply patches for cache poisoning vulnerabilities that might let attackers inject forged data into name server caches on older distributions like buster.
Debian GNU/Linux 10 (Buster) ELTS:
ELA-1678-1 bind9 security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4524-1] postgresql-13 security update
[DLA 4525-1] libyaml-syck-perl security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6204-1] openssh security update
Debian GNU/Linux 10 (Buster) ELTS:
ELA-1678-1 bind9 security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4524-1] postgresql-13 security update
[DLA 4525-1] libyaml-syck-perl security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6204-1] openssh security update
Debian released security advisories regarding critical flaws found within both the tiff library and Firefox ESR browser software. The first update patches a heap overflow vulnerability that could lead to denial of service or code execution, while the second addresses multiple issues with similar severe consequences for users. Separate Debian GNU/Linux ELTS updates also exist for older PostgreSQL versions to resolve memory disclosure bugs and arbitrary code execution risks in database extensions. System administrators are strongly advised to apply these package upgrades immediately to secure their infrastructure against potential exploitation.
[DSA 6303-1] tiff security update
[DSA 6202-1] firefox-esr security update
ELA-1676-1 postgresql-11 security update
ELA-1677-1 postgresql-9.6 security update
[DSA 6303-1] tiff security update
[DSA 6202-1] firefox-esr security update
ELA-1676-1 postgresql-11 security update
ELA-1677-1 postgresql-9.6 security update
Recent security updates address critical vulnerabilities within the python-tornado framework and the OpenSSL toolkit used across Debian distributions. Tornado users must update to mitigate denial of service risks via multipart body limits while also resolving cookie injection flaws found in CVE-2026-35536. Meanwhile, the OpenSSL advisory warns that unpatched installations face severe risks ranging from information leaks to potential remote code execution exploits. Immediate upgrades are necessary for stable and oldstable releases to close these security gaps effectively.
ELA-1672-1 python-tornado security update
[DSA 6201-1] openssl security update
ELA-1672-1 python-tornado security update
[DSA 6201-1] openssl security update
Debian released advisory DSA-6197-2 concerning a regression within the dovecot package. While attempting to backport a fix for CVE-2025-59032, developers accidentally introduced errors that disrupt authentication against managesieved servers in Bookworm. System administrators are urged to upgrade their installations specifically to version 1:2.3.19.1+dfsg1-2.1+deb12u3 which contains the necessary correction.
[DSA 6197-2] dovecot regression update
[DSA 6197-2] dovecot regression update
Debian has released four new advisories targeting Valkey, Dovecot, Tor, and Apache Traffic Server. The Valkey patch fixes two issues regarding data manipulation or denial of service but the Dovecot update addresses a much longer list containing SQL injection flaws. System administrators are urged to upgrade packages on both stable and oldstable distributions because the risks include timing side channel attacks. The remaining updates address anonymity tools facing potential denial of service alongside proxy server vulnerabilities that allow for HTTP request smuggling.
[DSA 6198-1] valkey security update
[DSA 6197-1] dovecot security update
[DSA 6200-1] tor security update
[DSA 6199-1] trafficserver security update
[DSA 6198-1] valkey security update
[DSA 6197-1] dovecot security update
[DSA 6200-1] tor security update
[DSA 6199-1] trafficserver security update
Liquorix Kernel 6.19-8 swaps four millisecond timeslices for two to make the system feel snappier during heavy loads without manual configuration. Split lock detection is disabled by default while tweaks to the Ondemand governor allow CPU frequency to ramp up faster when applications launch. Gamers and audio pros will appreciate the focus on responsiveness even if it means higher power consumption on laptops. The install script makes getting this kernel easy but users should expect reduced battery life as part of the deal for better frame times.
Debian security teams have issued updates for the libxml-parser-perl package that resolve buffer overflow vulnerabilities found across several older distributions like bullseye and buster. Specifically, these patches handle heap corruption risks which appear when parsing XML files with deep nesting structures or handling UTF8 layers incorrectly. A separate advisory targets roundcube webmail software where multiple flaws including cross-site scripting and access control bypasses exist in current stable releases for bookworm and trixie.
Debian GNU/Linux 9 (Stretch) and 10 (Buster) LTS:
ELA-1675-1 libxml-parser-perl security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4522-1] libxml-parser-perl security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6196-1] roundcube security update
Debian GNU/Linux 9 (Stretch) and 10 (Buster) LTS:
ELA-1675-1 libxml-parser-perl security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4522-1] libxml-parser-perl security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6196-1] roundcube security update
Several Debian security advisories were released recently to address critical vulnerabilities across a range of software packages. The libpng1.6 library requires immediate attention on stretch and buster systems because use-after-free errors could allow attackers to run arbitrary code. Flaws in other tools like pyasn1, inetutils, and python-tornado present different dangers including denial of service or privilege escalation risks that need addressing.
Debian GNU/Linux 9 (Stretch) 9 ELTS:
ELA-1674-1 libpng1.6 security update
Debian GNU/Linux 10 (Buster) 10 ELTS:
ELA-1673-1 libpng1.6 security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6194-1] pyasn1 security update
[DSA 6193-1] inetutils security update
[DSA 6195-1] python-tornado security update
Debian GNU/Linux 9 (Stretch) 9 ELTS:
ELA-1674-1 libpng1.6 security update
Debian GNU/Linux 10 (Buster) 10 ELTS:
ELA-1673-1 libpng1.6 security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6194-1] pyasn1 security update
[DSA 6193-1] inetutils security update
[DSA 6195-1] python-tornado security update
The latest Liquorix Kernel 6.19-7 update targets gamers and creators by prioritizing responsiveness over raw throughput for background tasks. Technical tweaks include switching block layer schedulers to kyber while tightening CPU frequency thresholds to ensure cores ramp up faster during spikes. Getting this kernel installed is simple via a provided script for Debian or Ubuntu systems though users must accept that split lock detection turns off to reduce overhead. Enthusiasts chasing lower frame time deviations will likely appreciate the aggressive preemption settings even if they introduce some stability risks.
XanMod has released new kernel versions targeting Debian-based distributions with aggressive performance tuning for heavy workloads and gaming scenarios. These builds include advanced schedulers and network optimizations like BBRv3 to reduce latency, though they demand specific hardware instruction set support to function correctly. Users must install external dependencies for DKMS modules before updating or risk breaking proprietary drivers like NVIDIA during the transition process. While the performance gains are noticeable, this path remains best suited for enthusiasts willing to troubleshoot potential compatibility issues rather than those needing guaranteed enterprise stability.
Debian released two security advisories on that address serious flaws in both Chromium on Debian GNU/Linux 12 (Bookworm) and 13 (Trixie) as well as the libpng1.6 library on Debian GNU/Linux 11 (Bullseye) LTS. The update for Chromium fixes over twenty vulnerabilities which could potentially lead to arbitrary code execution or denial of service attacks depending on how they are exploited.
[DSA 6192-1] chromium security update
[DLA 4521-1] libpng1.6 security update
[DSA 6192-1] chromium security update
[DLA 4521-1] libpng1.6 security update
Debian released security updates for python-tornado and the GStreamer media plugins used across multiple distributions. The tornado update blocks attacks involving cookie injection and denial of service via multipart bodies. Meanwhile the GStreamer plugins address serious flaws where opening a malformed file could lead to code execution on the host machine.
Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS:
ELA-1672-1 python-tornado security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4520-1] python-tornado security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6191-1] gst-plugins-ugly1.0 security update
[DSA 6190-1] gst-plugins-bad1.0 security update
Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS:
ELA-1672-1 python-tornado security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4520-1] python-tornado security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6191-1] gst-plugins-ugly1.0 security update
[DSA 6190-1] gst-plugins-bad1.0 security update
Debian released three security advisories targeting vulnerabilities found in libpng1.6, lxd, and netty. These flaws pose significant risks including privilege escalation or denial of service attacks against users running older distributions. The Netty advisory highlights distinct threats such as SMTP command injection which could allow attackers to forge emails from trusted servers. Users should upgrade their packages now using the specific version numbers provided for their respective Debian releases.
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4519-1] netty security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6189-1] libpng1.6 security update
[DSA 6188-1] lxd security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4519-1] netty security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6189-1] libpng1.6 security update
[DSA 6188-1] lxd security update
Debian released security advisories for asterisk, phpseclib, and roundcube to address critical flaws. The asterisk update addresses several severe flaws including XSS vulnerabilities in the status page and privilege escalation risks within core dumper files. Crucially, the phpseclib package receives essential updates for TLS certificate confusion and timing attacks while roundcube patches numerous flaws involving SSRF and HTML sanitization bypasses.
Debian GNU/Linux 10 (Buster) ELTS:
ELA-1671-1 phpseclib security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4515-1] asterisk security update
[DLA 4518-1] phpseclib security update
[DLA 4517-1] roundcube security update
Debian GNU/Linux 10 (Buster) ELTS:
ELA-1671-1 phpseclib security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4515-1] asterisk security update
[DLA 4518-1] phpseclib security update
[DLA 4517-1] roundcube security update
Debian released multiple security advisories addressing critical vulnerabilities within several key software packages on Linux systems. GStreamer plugins suffered from integer overflows that could lead to code execution if a user opens a malicious media file on their system. Other affected tools like Incus and nodejs face risks involving side channel attacks while PHP libraries are susceptible to timing attacks on their cryptographic functions. Users running Debian stable distributions should apply the recommended updates immediately to prevent potential system compromise or data loss from these exploits.
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended:
ELA-1669-1 gst-plugins-base1.0 security update
ELA-1670-1 gst-plugins-ugly1.0 security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4514-1] gst-plugins-base1.0 security update
[DLA 4516-1] gst-plugins-ugly1.0 security update
Debian GNU/Linux 12 (Stretch) and 13 (Trixie):
[DSA 6187-1] php-phpseclib3 security update
[DSA 6186-1] php-phpseclib security update
[DSA 6185-1] phpseclib security update
Debian GNU/Linux 13 (Trixie):
[DSA 6184-1] incus security update
[DSA 6183-1] nodejs security update
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended:
ELA-1669-1 gst-plugins-base1.0 security update
ELA-1670-1 gst-plugins-ugly1.0 security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4514-1] gst-plugins-base1.0 security update
[DLA 4516-1] gst-plugins-ugly1.0 security update
Debian GNU/Linux 12 (Stretch) and 13 (Trixie):
[DSA 6187-1] php-phpseclib3 security update
[DSA 6186-1] php-phpseclib security update
[DSA 6185-1] phpseclib security update
Debian GNU/Linux 13 (Trixie):
[DSA 6184-1] incus security update
[DSA 6183-1] nodejs security update
The new Liquorix Kernel 6.19 release is built for gamers and audio pros who need low latency instead of maximum power efficiency. Technical tweaks reduce the PDS scheduling timeslice to 2 ms while turning off split lock detection to prevent unnecessary slowdowns on specific setups. Expect a hit to battery life because the system will aggressively preempt tasks to keep frame times consistent under load. Installing this kernel means using a curl command instead of your usual package manager, which makes creating a backup of your current boot setup a mandatory step.
Security advisories for Debian have identified serious vulnerabilities affecting both the gvfs virtual filesystem and the libxml-parser-perl module used in older distributions. Researchers at Codean Labs found that attackers could exploit FTP bounce mechanisms to probe client networks or inject commands via flawed CRLF validation within gvfs. A separate risk involves a heap-based buffer overflow in the Perl parser when handling deeply nested XML elements which impacts bookworm and trixie versions.
Debian GNU/Linux 9 (Stretch) ELTS:
ELA-1668-1 gvfs security update
Debian GNU/Linux 10 (Buster) ELTS:
ELA-1667-1 gvfs security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4513-1] gvfs security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6182-1] libxml-parser-perl security update
Debian GNU/Linux 9 (Stretch) ELTS:
ELA-1668-1 gvfs security update
Debian GNU/Linux 10 (Buster) ELTS:
ELA-1667-1 gvfs security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4513-1] gvfs security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6182-1] libxml-parser-perl security update
