Intel-Microcode, QEMU, Firefox, LibXML, Horde updates for Debian

Debian 10695 Published by Philipp Esselbach 0

Several security updates have been released for Debian GNU/Linux Extended LTS, including updates to the intel-microcode package to mitigate against the Spectre variant 2 vulnerability and updates to the qemu, libxml2, and php-horde-css-parser packages to fix multiple security issues. The QEMU update removes the usage of the C (Credential) flag for the binfmt_misc registration, which could have allowed for privilege escalation when running suid/sgid binaries under qemu-user. Additionally, updates to the libxml2 and php-horde-css-parser packages fix vulnerabilities related to recursion evaluation and remote code execution via crafted input, respectively. Finally, a Firefox ESR update has been released for Debian 11 (Buster) LTS. The Firefox ESR update fixes several security issues that could potentially result in the execution of arbitrary code, memory disclosure, or cross-site scripting.

ELA-18-1 intel-microcode security update
ELA-1540-1 qemu security update
[DSA 6025-1] firefox-esr security update
ELA-1542-1 libxml2 security update
ELA-1541-1 php-horde-css-parser security update

Ghostscript, Distro-Info, HTTPS-Everywhere, Horde updates for Debian

Debian 10695 Published by Philipp Esselbach 0

Debian has released several security updates for Debian GNU/Linux 11 (Bullseye) LTS, including DLA-4330-1 for ghostscript, which fixes multiple vulnerabilities that allow for remote code execution or null pointer dereferences. DLA-4332-1 addresses a database update for distro-info-data, adding Ubuntu 26.04 LTS and updating the end-of-life (EoL) date for Bookworm. In contrast to these routine updates, DLA-4331-1 removes the HTTPS Everywhere extension due to security concerns related to outdated rulesets that redirect users to malware sites. Furthermore, DLA-4333-1 fixes a vulnerability in php-horde-css-parser that could allow remote code execution via uncontrolled data input. Finally, a distro-info-data database update is also available for both Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS users.

[DLA 4330-1] ghostscript security update
[DLA 4332-1] distro-info-data database update
[DLA 4331-1] https-everywhere security update
[DLA 4333-1] php-horde-css-parser security update
ELA-1539-1 distro-info-data database update

Liquorix Linux Kernel 6.16-11 released

Debian 10695 Ubuntu 6924 Arch Linux 917 Published by Philipp Esselbach 0

Liquorix Linux Kernel 6.16-11, based on Linux Kernel 6.16.12, has been released. The kernel features Zen Interactive Tuning technology, scheduling improvements, optimized Block Layer tweaks, and CPUFreq settings adjustments to boost performance and prioritize responsiveness over power consumption. Additionally, it includes extra features such as High Resolution Scheduling, Budget Fair Queue disk scheduler, TCP BBR2 Congestion Control, and Compressed Swap with LZ4 compression for improved data transfer speed and reduced swap storage size. Users can easily install the kernel by running a provided script using curl and bash commands, making it suitable for a wide range of hardware as a drop-in replacement for standard distribution kernels.

Linux Kernel and Libfcgi updates for Debian

Debian 10695 Published by Philipp Esselbach 0

Multiple vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service, or information leaks. For Debian GNU/Linux 11 (Bullseye) LTS, these problems have been fixed in versions linux-6.1, 6.1.153-1, and linux-5.10.244-1, which also include additional bug fixes from stable updates. Additionally, security updates for Debian 9, 10, and 11 have been released for the libfcgi package to fix an integer overflow vulnerability that could lead to a heap-based buffer overflow via crafted data to the IPC socket.

[DLA 4328-1] linux-6.1 security update
[DLA 4327-1] linux security update
[DLA 4329-1] libfcgi security update
ELA-1538-1 libfcgi security update

Ghostscript security update for Debian

Debian 10695 Published by Philipp Esselbach 0

A security update was released for the Ghostscript package to eliminate multiple issues that could lead to denial of service or potentially execute arbitrary code. Ghostscript's processing of malformed document files revealed the problems. For Debian GNU/Linux 12 (Bookworm), the issue is fixed in version 10.0.0dfsg-11+deb12u8, while for Debian GNU/Linux 13 (Trixie), it is fixed in version 10.05.1dfsg-1+deb13u1.

[DSA 6024-1] ghostscript security update

Asterisk and Tiff updates for Debian

Debian 10695 Published by Philipp Esselbach 0

Debian has issued two security advisories: DLA-4326-1 for Asterisk on Debian GNU/Linux 11 (Bullseye) LTS and DSA-6023-1 for Tiff on both Debian GNU/Linux 12 (Bookworm) and 13 (Trixie). The Asterisk advisory (DLA-4326-1) fixes two vulnerabilities, including a local privilege escalation vulnerability in the safe_asterisk script and a lack of session termination that can lead to resource exhaustion. The Tiff advisory (DSA-6023-1) fixes a denial-of-service or potentially arbitrary code execution vulnerability caused by missing input sanitizing in the libtiff library.

[DLA 4326-1] asterisk security update
[DSA 6023-1] tiff security update

Redis, Chromium, Valkey updates for Debian

Debian 10695 Published by Philipp Esselbach 0

Several security updates were issued for Debian GNU/Linux, including updates for Redis (versions 3:3.2.6-3+deb9u17 for Debian 9, 5:6.0.16-1+deb11u8 for Debian 10, and 5:6.0.16-1+deb11u8 for Debian 11), Chromium (version 141.0.7390.65-1~deb12u1 for Debian 12), and Valkey (version 8.1.1+dfsg1-3+deb13u1 for Debian 13). The updates address multiple vulnerabilities, including CVE-2025-46817, CVE-2025-46819, and CVE-2025-49844, which could allow attackers to execute arbitrary code or create denial-of-service attacks. The Redis updates specifically fix issues with the Lua scripting interface that could lead to remote code execution or denial of service.

ELA-1537-1 redis security update
[DSA 6021-1] chromium security update
[DSA 6022-1] valkey security update
[DLA 4325-1] redis security update

PHP 8.5.0 RC1 Debian packages released

Debian 10695 Published by Philipp Esselbach 0

PHP 8.5.0 Release Candidate 1 (RC1) packages have been released by Ondřej Surý for Debian GNU/Linux versions 11 LTS, 12, and 13. The upcoming version includes various improvements, such as fixes for important bugs, better error handling, and enhanced functionality in modules like Curl, Exif, and Opcache. Additionally, several date and time functions have been updated to correctly handle string literals and other issues.

Redis and Python-Django updates for Debian

Debian 10695 Published by Philipp Esselbach 0

Debian has released security updates for several packages, including Redis and Python-Django. The Redis update addresses multiple vulnerabilities that could result in the execution of arbitrary code or denial of service and fixes these issues in version 5:7.0.15-1deb12u6 for Debian GNU/Linux 12 (Bookworm) and version 5:8.0.2-3+deb13u1 for iDebian GNU/Linux 13 (Trixie). The Python-Django update addresses two vulnerabilities, CVE-2025-59681 and CVE-2025-59682, which are potential SQL injection and partial directory-traversal issues that have been fixed in version 2:2.2.28-1deb11u9 for Debian GNU/Linux 11 (Bullseye) LTS, version 1:1.10.7-2+deb9u27 for Debian GNU/Linux 9 (Stretch) ELTS, and 1:1.11.29-1+deb10u16 for Debian GNU/Linux 10 (Buster) ELTS.

[DSA 6020-1] redis security update
[DLA 4324-1] python-django security update
ELA-1535-1 python-django security update

Mosquitto security update for Debian 10 ELTS

Debian 10695 Published by Philipp Esselbach 0

A security update has been released for Mosquitto, package version 1.5.7-1+deb10u2 on Debian GNU/Linux 10 (Buster) Extended LTS. The update addresses CVE-2024-10525, a vulnerability that can cause out-of-bounds memory access when a malicious broker sends a crafted SUBACK packet to a client using libmosquitto. This issue affects the mosquitto_sub and mosquitto_rr clients when they act in their on_subscribe callback.

ELA-1536-1 mosquitto security update

GIT Security Update for Debian 11 LTS

Debian 10695 Published by Philipp Esselbach 0

A security update has been released for the Git package in Debian 11 (bullseye) to address three vulnerabilities: CVE-2025-27613, CVE-2025-46835, and CVE-2025-48384. The first two vulnerabilities allow an attacker to create and truncate files on the user's system by exploiting the Git GUI or history browser, while the third vulnerability causes a submodule to be checked out to an incorrect location when its path contains a trailing CR. The issues have been fixed in version 1:2.30.2-1+deb11u5 of the git package, and users are recommended to upgrade their packages.

[DLA 4323-1] git security update

Dovecot and FreeIPA updates for Debian

Debian 10695 Published by Philipp Esselbach 0

The Debian project has issued two separate security advisories: DSA-6019-1 for the Dovecot email server on Debian GNU/Linux 13 (Trixie) and ELA-1534-1 for FreeIPA for Debian GNU/Linux 10 (Buster) Extended LTS, an integrated security information management solution. The Dovecot advisory addresses a flaw that could result in users being logged in as the wrong user in certain configurations, which has been fixed in version 1:2.4.1+dfsg1-6+deb13u1. The FreeIPA advisory lists six CVEs (Common Vulnerabilities and Exposures) that were found in the software, including vulnerabilities related to password exposure, arbitrary code execution, privilege escalation, and improper access to administrative credentials.

[DSA 6019-1] dovecot security update
ELA-1534-1 freeipa security update

Log4cxx security update for Debian 11 LTS

Debian 10695 Published by Philipp Esselbach 0

A security update has been released for log4cxx, a logging library for C++ compatible with the JAVA log4j framework. The update fixes two security problems: one lets an attacker add HTML or JavaScript to logs because it doesn't properly handle logger names in HTMLLayout (CVE-2025-54812), and the other allows non-printable characters in JSONLayout messages (CVE-2025 These issues have been fixed in version 0.11.0-2+deb11u1, which is available for Debian 11 (Bullseye) LTS users.

[SECURITY] [DLA 4322-1] log4cxx security update

Liquorix Linux Kernel 6.16-9 released

Debian 10695 Ubuntu 6924 Arch Linux 917 Published by Philipp Esselbach 0

Steven Barrett has announced the release of Liquorix Linux Kernel 6.16-9, a custom kernel based on Linux Kernel 6.16.10, designed to optimize desktop, multimedia, and gaming workloads. This kernel boasts several key features, including Zen Interactive Tuning technology and various scheduling improvements that aim to improve system responsiveness and reduce latency. The kernel also includes extra performance-enhancing features such as High Resolution Scheduling, Budget Fair Queue, and TCP BBR2 Congestion Control, making it suitable for real-time systems and high-speed data transfer. 

OpenSSL, Gegl, HaProxy updates for Debian

Debian 10695 Published by Philipp Esselbach 0

Debian has released three security advisories to address vulnerabilities in various packages. The first advisory (DSA-6018-1) fixes a buffer overflow vulnerability in gegl, a graph-based image processing library, which could lead to denial of service or arbitrary code execution. The second advisory (DSA-6017-1) addresses a denial-of-service vulnerability in HAProxy, a load-balancing reverse proxy, when parsing JSON numbers. A third advisory (DLA-4321-1) fixes an out-of-bounds read and write issue in OpenSSL, which could allow attackers to access sensitive information.

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4321-1] openssl security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6018-1] gegl security update
[DSA 6017-1] haproxy security update

LibJSON-XS-Perl and Chromium updates for Debian

Debian 10695 Published by Philipp Esselbach 0

Two security updates have been released for Debian systems: ELA-1532-1 libjson-xs-perl for Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS and DSA-6016-1 chromium for Debian GNU/Linux 12 (Bookworm) and 13 (Trixie). The libjson-xs-perl update fixes a vulnerability (CVE-2025-40928) that could cause a denial-of-service attack or other unspecified impact when parsing crafted JSON data. Meanwhile, the Chromium update addresses multiple security issues (13 CVEs) that could lead to arbitrary code execution, denial of service, or information disclosure.

ELA-1532-1 libjson-xs-perl security update
[DSA 6016-1] chromium security update

PHP 8.4.13 and 8.3.26 Debian packages released

Debian 10695 Published by Philipp Esselbach 0

Ondřej Surý has released updated packages for PHP 8.4.13 and 8.3.26 specifically designed for Debian GNU/Linux 11 (Bullseye) LTS, 12 (Bookworm), and 13 (Trixie). The releases include crucial bug fixes that address long-standing problems, such as repeated file inclusion causing "Constant already defined" warnings and handling string literals larger than 2GB. These updates aim to enhance the reliability, security, and performance of web applications built using PHP by resolving potential UAF issues and memory leaks.

Open-VM-Tools, Tiff, OpenSSL, and more updates for Debian

Debian 10695 Published by Philipp Esselbach 0

Multiple security updates have been released for Debian GNU/Linux 9, 10, and 11, addressing vulnerabilities in several packages. The updates include fixes for open-vm-tools (CVE-2025-41244), tiff (CVE-2024-13978 and CVE-2025-9900), openssl (CVE-2025-9230, CVE-2025-9231, and CVE-2025-9232), modsecurity-apache (CVE-2025-54571), libcpanel-json-xs-perl (CVE-2025-40928), and libjson-xs-perl (CVE-2025-40928). These vulnerabilities could potentially allow for local privilege escalation, denial of service, or arbitrary code execution.

Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1531-1 tiff security update
ELA-1532-1 libjson-xs-pelr security update

Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1529-1 modsecurity-apache security update
ELA-1533-1 libcpanel-json-xs-perl security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4316-1] open-vm-tools security update
[DSA 6015-1] openssl security update

TIFF, U-Boot, Libcommons-Lang-Java, and more updates for Debian

Debian 10695 Published by Philipp Esselbach 0

Multiple security advisories have been issued for Debian GNU/Linux 9 (Stretch) ELTS, 10 (Buster) ELTS, and 11 (Bullseye) LTS for various packages, including tiff, u-boot, libcommons-lang-java, and others. The advisories address vulnerabilities such as null pointer dereferences, integer buffer overflows, and uncontrolled recursion that could lead to denial-of-service or arbitrary code execution attacks. Affected versions of the packages have been fixed in new releases, and users are recommended to upgrade their packages to mitigate these security risks.

Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1510-2 libcommons-lang-java regression update
ELA-1530-1 libcommons-lang3-java security update
ELA-1528-1 wireless-regdb upstream version update

Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1529-1 modsecurity-apache security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4315-1] tiff security update
[DLA 4320-1] u-boot security update
[DLA 4262-2] libcommons-lang-java regression update
[DLA 4319-1] libxml2 security update
[DLA 4318-1] libcpanel-json-xs-perl security update
[DLA 4317-1] libjson-xs-perl security update
[DLA 4286-2] libcommons-lang3-java regression update

Firefox-ESR and Python-Internetarchive updates for Debian 11 LTS

Debian 10695 Published by Philipp Esselbach 0

Two security advisories have been issued for Debian GNU/Linux 11 (Bullseye) LTS. The first advisory, DLA-4305-2, affects the Firefox ESR package and recommends upgrading to version 140.3.1esr-1~deb11u1 to fix connection errors with some sites. The second advisory, DLA-4314-1, affects the Python Internet Archive package and recommends upgrading to version 1.9.9-1+deb11u1 to address a directory traversal vulnerability (CVE-2025-58438) in the File.download() method.

[DLA 4305-2] firefox-esr regression update
[DLA 4314-1] python-internetarchive security update

Previous Page

Next Page

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...