The Debian GNU/Linux 13.1 "Trixie" Live Images have been released, featuring various desktop environments. The images are available for download and include options for GNOME (48.3), KDE Plasma (6.3.5), Xfce (4.20), Cinnamon (6.4.10), MATE (1.26), LXQt (2.1.0), and LXDE (0.99.3). Each image is designed to provide a live version of the Debian operating system, allowing users to test and explore different desktop environments before installation.
An updated wireless-regdb package has been released for Debian GNU/Linux 11 (Bullseye) LTS. The updated version, 2025.07.10-1~deb11u1, includes changes to radio regulations in several countries.
[DLA 4293-1] wireless-regdb new upstream version
[DLA 4293-1] wireless-regdb new upstream version
Debian 13 Trixie has released its first point update, focusing on addressing security issues and resolving critical problems. The update includes various bug fixes and security updates for packages such as imagemagick, libcoap3, and postgresql-17, among others. Existing installations can be upgraded by pointing the package management system at one of Debian's many HTTP mirrors, while new installation images will soon be available at regular locations.
The Debian project has released Debian GNU/Linux 12.12, which focuses on addressing security concerns and bug fixes in the existing old stable distribution. The release includes numerous security updates and bug fixes across a wide range of packages, including Apache2, Botan, Expatriated Expat, Glibc, Libxml2, OpenSSL, PostgreSQL-15, and Python-Django. This update aims to enhance the stability and security of the system, with the Debian Installer also updated to incorporate these fixes for new installations.
Debian has released a security update for the Chromium package to address multiple vulnerabilities. These issues, identified by CVE IDs CVE-2025-9864 through CVE-2025-9867, could result in arbitrary code execution, denial of service, or information disclosure. The updates have been made available for both the Debian GNU/Linux 12 (Bookworm) and 13 (Trixie) distributions, with fixes included in versions 140.0.7339.80-1deb12u1 and 140.0.7339.80-1deb13u1, respectively.
[DSA 5993-1] chromium security update
[DSA 5993-1] chromium security update
Liquorix Linux Kernel 6.16-4, based on Kernel 6.16.5, has been released. Liquorix is a custom kernel designed for desktop, multimedia, and gaming workloads, offering improved responsiveness at the cost of throughput and power usage. It features various optimizations, including a different scheduler (bfq), improved virtual memory management, and enhanced CPUFreq settings to improve system performance under heavy loads. Liquorix also has special features like better scheduling, a more efficient way to manage resources, and compressed swap storage to use resources more effectively.
A security update has been released for ClamAV, an antivirus utility for Unix, to address two vulnerabilities: CVE-2025-20128 and CVE-2025-20260. The first vulnerability lets an attacker make a device stop working by taking advantage of the Object Linking and Embedding 2 (OLE2) decryption process in ClamAV. The second vulnerability allows an attacker to cause a buffer overflow, denial of service, or execution of arbitrary code on an affected device by exploiting the PDF scanning processes in ClamAV. Users are advised to upgrade their ClamAV packages to version 1.0.9+dfsg-1deb11u1 (for Debian GNU/Linux 11 LTS) or 1.0.9+dfsg-1deb9u1 (for Debian GNU/Linux 9 ELTS) or 1.0.9+dfsg-1~deb10u1 (for Debian GNU/Linux 10 ELTS).
[DLA 4292-1] clamav security update
ELA-1511-1 clamav security update
[DLA 4292-1] clamav security update
ELA-1511-1 clamav security update
A security update has been released for the node-cipher-base package in Debian GNU/Linux 11 (Bullseye) LTS. The issue was caused by incomplete type checks when validating input and has been fixed in version 1.0.4-4+deb11u1. This update addresses a vulnerability identified as CVE-2025-9287.
[DLA 4291-1] node-cipher-base security update
[DLA 4291-1] node-cipher-base security update
Two new security updates are available for Debian GNU/Linux 11 (Bullseye) LTS to address vulnerabilities in the python-eventlet and python-h2 packages. The first update, DLA-4289-1, fixes a vulnerability in eventlet that allows attackers to bypass front-end security controls and launch targeted attacks against active site users. The second update, DLA-4290-1, addresses an HTTP/2 request splitting vulnerability in python-h2 that enables attackers to manipulate request boundaries and bypass security controls.
[DLA 4289-1] python-eventlet security update
[DLA 4290-1] python-h2 security update
[DLA 4289-1] python-eventlet security update
[DLA 4290-1] python-h2 security update
Two security advisories have been issued for Debian GNU/Linux 11 (Bullseye) LTS, one for ruby-saml and another for libsndfile. The ruby-saml advisory fixes a Denial of Service (DoS) vulnerability caused by large SAML responses, which has been resolved in version 1.11.0-1+deb11u3. The libsndfile advisory addresses two vulnerabilities: CVE-2022-33065, which allows for DoS or unspecified impacts through signed integers overflow, and CVE-2024-50612, which causes memory corruption due to an out-of-bounds read in a specially crafted input file. It is recommended that users upgrade their packages to the latest versions (ruby-saml 1.11.0-1+deb11u3 and libsndfile 1.0.31-2+deb11u1) to resolve these security issues.
[DLA 4288-1] ruby-saml security update
[DLA-4287-1] libsndfile security update
[DLA 4288-1] ruby-saml security update
[DLA-4287-1] libsndfile security update
Two Debian 11 (Bullseye) LTS advisories have been issued to address security vulnerabilities. DLA-4079-2 fixes a regression in openvpn by allowing "\n" and "\r" characters in control channel messages and recommends upgrading to version 2.5.1-3+deb11u2. DLA-4286-1 addresses an uncontrolled recursion vulnerability (CVE-2025-48924) in the libcommons-lang3-java package by updating it to version 3.11-1+deb11u1. This vulnerability could lead to a StackOverflowError on very long inputs, and users are recommended to upgrade their packages. Additionally, an update for libcommons-lang-java has been released for both Debian 9 (Stretch) and 10 (Buster) ELTS.
[DLA 4079-2] openvpn regression update
[DLA 4286-1] libcommons-lang3-java security update
ELA-1510-1 libcommons-lang-java security update
[DLA 4079-2] openvpn regression update
[DLA 4286-1] libcommons-lang3-java security update
ELA-1510-1 libcommons-lang-java security update
Debian has issued multiple security updates to mitigate vulnerabilities in a range of packages. The mbedtls package for Debian 11 LTS has been updated from version 2.16.9-0.1+deb11u2 to 2.16.9-0.1+deb11u3. This update addresses an incomplete fix from the previous version that permitted use-after-free vulnerabilities in specific scenarios. Furthermore, the firebird4.0 for Debian 13 and apache2 packages for Debian 9 ELTS have been upgraded to versions 4.0.5.3140.ds6-17+deb13u1 and 2.4.25-3+deb9u21 (stretch), respectively. These updates address several vulnerabilities that could lead to denial of service or authentication bypass.
[DLA 4274-2] mbedtls security update
[DSA 5992-1] firebird4.0 security update
ELA-1509-1 apache2 security update
[DLA 4274-2] mbedtls security update
[DSA 5992-1] firebird4.0 security update
ELA-1509-1 apache2 security update
Debian has released several security updates to address vulnerabilities in various packages. LibXML2 (DSA 5990-1) for Debian 12 and 13 has been updated to fix a flaw that could lead to a heap use-after-free, while Node.js (DSA 5991-1) for Debian 12 has multiple vulnerabilities fixed, including denial of service, HTTP request smuggling, and privilege escalation. Additionally, UDisks2 (ELA-1508-1) for Debian 9 and 10 ELTS has an out-of-bounds read vulnerability fixed that may result in local privilege escalation. OpenSSH (ELA-1324-1) for Debian 9 and 10 ELTS has a machine-in-the-middle attack vulnerability fixed when the VerifyHostKeyDNS option is enabled, along with an information leak mitigation.
[DSA 5990-1] libxml2 security update
[DSA 5991-1] nodejs security update
ELA-1508-1 udisks2 security update
ELA-1324-1 openssh security update
[DSA 5990-1] libxml2 security update
[DSA 5991-1] nodejs security update
ELA-1508-1 udisks2 security update
ELA-1324-1 openssh security update
Liquorix is a kernel replacement designed for desktop, multimedia, and gaming workloads, built with optimized configurations and sources for improved performance, and has been updated to the latest Linux kernel, 6.16.4. It features various tuning options and settings, including Zen Interactive Tuning, PDS/BMQ CPU Scheduler, High Resolution Scheduling, and Compressed Swap, among others. The Liquorix kernel is available for installation on Debian, Ubuntu, and Arch Linux systems through a simple install script or binary builds from the project's GitHub repository.
Debian Security Advisory DSA-5989-1 for Debian GNU/Linux 12 and 13 and Debian LTS advisories DLA 4285-1 and DLA 4284-1 for Debian GNU/Linux 11 LTS were issued to address security vulnerabilities in various packages. The udisks2 package was found to have an out-of-bounds read vulnerability (CVE-2025-8067) that could lead to denial of service or local privilege escalation, which has been fixed in versions 2.9.4-4+deb12u2 and 2.10.1-12.1+deb13u1 for the Bookworm and
Trixie distributions, respectively, as well as in version 2.9.2-2+deb11u3 for Debian 11 Bullseye. Additionally, an issue was found in golang-github-gin-contrib-cors (CVE-2019-25211) that could allow an attacker to circumvent CORS restrictions due to improper wildcard handling, which has been fixed in version 1.3.1-1+deb11u1 for Debian 11 Bullseye. It is recommended to upgrade the affected packages to fix these security vulnerabilities and prevent potential attacks.
[DSA 5989-1] udisks2 security update
[DLA 4285-1] golang-github-gin-contrib-cors security
[DLA 4284-1] udisks2 security update
Trixie distributions, respectively, as well as in version 2.9.2-2+deb11u3 for Debian 11 Bullseye. Additionally, an issue was found in golang-github-gin-contrib-cors (CVE-2019-25211) that could allow an attacker to circumvent CORS restrictions due to improper wildcard handling, which has been fixed in version 1.3.1-1+deb11u1 for Debian 11 Bullseye. It is recommended to upgrade the affected packages to fix these security vulnerabilities and prevent potential attacks.
[DSA 5989-1] udisks2 security update
[DLA 4285-1] golang-github-gin-contrib-cors security
[DLA 4284-1] udisks2 security update
Debian has released two security advisories: DSA-5988-1 for Chromium for Debian 12 (Bookworm) and 13 (Trixie) and DSA-5987-1 for Unbound for Debian 12 (Bookworm). The Chromium update fixes a vulnerability that could result in the execution of arbitrary code, denial of service, or information disclosure (CVE-2025-9478). The unbound update addresses multiple vulnerabilities, including denial of service and cache poisoning via the "rebirthday attack" (CVE-2024-8508, CVE-2024-33655, CVE-2025-5994). Users are recommended to upgrade their Chromium and unbound packages to fix these security issues.
[SECURITY] [DSA 5988-1] chromium security update
[SECURITY] [DSA 5987-1] unbound security update
[SECURITY] [DSA 5988-1] chromium security update
[SECURITY] [DSA 5987-1] unbound security update
A security update has been released for the node-cipher-base package in both Debian GNU/Linux 12 and 13. The vulnerability, identified as CVE-2025-9287, was discovered by Nikita Skorovoda and affects the Node cipher-base due to incomplete type checks. To fix this issue, users are advised to upgrade their node-cipher-base packages to version 1.0.4-6+deb12u1 for the oldstable distribution (Bookworm) or version 1.0.4-6+deb13u1 for the stable distribution (Trixie).
[DSA 5986-1] node-cipher-base security update
[DSA 5986-1] node-cipher-base security update
Multiple security updates have been released for Debian GNU/Linux, including fixes for vulnerabilities in FFmpeg, luajit, and Firebird database. The FFmpeg update addresses several CVEs that could lead to denial of service or arbitrary code execution if malformed files are processed. The luajit update resolves multiple issues that could result in denial of service, including type confusion, out-of-bounds reads, and stack-buffer overflows. Additionally, a security update has been released for the Firebird database, which fixes an XDR message parsing NULL pointer dereference issue (CVE-2025-54989).
Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1507-1 luajit security update
ELA-1506-1 firebird3.0 security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4283-1] luajit security update
Debian GNU/Linux 12 (Bookworm):
[DSA 5985-1] ffmpeg security update
Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1507-1 luajit security update
ELA-1506-1 firebird3.0 security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4283-1] luajit security update
Debian GNU/Linux 12 (Bookworm):
[DSA 5985-1] ffmpeg security update
Multiple security updates have been released for Debian GNU/Linux systems, including iperf3, unbound, and firebird3.0, to address vulnerabilities such as heap buffer overflows, shell code injection, and denial of service attacks via specially timed DNS queries and answers. The affected versions include 3.9-1+deb11u3deb9u1 for iperf3 and 1.9.0-2+deb10u2deb9u6 for unbound, both for Debian 9 (Stretch) ELTS; 1.9.0-2+deb10u6 for unbound on Debian 10 (Buster) ELTS; and 3.0.7.33374.ds4-2+deb11u1 for firebird3.0 on Debian 11 (Bullseye) LTS:
ELA-1505-1 iperf3 security update
ELA-1504-1 unbound1.9 security update
ELA-1503-1 unbound security update
[DLA 4282-1] firebird3.0 security update
ELA-1505-1 iperf3 security update
ELA-1504-1 unbound1.9 security update
ELA-1503-1 unbound security update
[DLA 4282-1] firebird3.0 security update
Liquorix Kernel 6.16-2, a custom kernel replacement designed for desktop, multimedia, and gaming workloads, featuring several major optimizations and tweaks compared to standard kernel configurations, has been released based on the latest Linux Kernel 6.16.3. Some important features are Zen Interactive Tuning, Budget Fair Queue, Hard Kernel Preemption, and TCP BBR2 Congestion Control, which are designed to make the system respond faster and work better in different situations. The Liquorix kernel is available for installation on Debian, Ubuntu, and Arch Linux systems through a simple install script or binary builds from the project's GitHub repository.
