A new version of the Liquorix Linux Kernel, 6.17-1, has been released based on the Linux Kernel 6.17 series. This custom kernel is designed to optimize desktop, multimedia, and gaming workloads by improving system responsiveness, reducing latency, and maximizing throughput through various enhancements and tweaks. Important features of the kernel include Zen Interactive Tuning technology, better scheduling, an improved Block Layer, and support for High Resolution Scheduling, Budget Fair Queue, TCP BBR2 Congestion Control, and Compressed Swap.
Multiple Debian security advisories have been issued to address vulnerabilities in various packages, including Firefox ESR (CVE-2025-11708-CVE-2025-11714), Incus (CVE-2025-54286-CVE-2025-54293), sysstat (CVE-2022-39377 and CVE-2023-33204), svgpp (CVE-2021-44960), LXD (CVE-2025-54286-CVE-2025-54293), and the Linux kernel (multiple CVEs). The advisories recommend upgrading to fixed versions of these packages to address the vulnerabilities. The specific affected packages and their corresponding versions are firefox-esr 140.4.0esr-1deb11u1, incus 6.0.4-2+deb13u1, sysstat 12.5.2-2+deb11u1, svgpp 1.3.0+dfsg1-4+deb11u1, lxd 5.0.2-5+deb12u1 and 5.0.2+git20231211.1364ae4-9+deb13u1, and linux-5.10 5.10.244-1deb9u1 and 5.10.244-1~deb10u1.
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1544-1 linux-5.10 security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4335-1] firefox-esr security update
[DLA 4336-1] sysstat security update
[DLA 4337-1] svgpp security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6028-1] lxd security update
Debian GNU/Linux 13 (Trixie):
[DSA 6027-1] incus security update
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1544-1 linux-5.10 security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4335-1] firefox-esr security update
[DLA 4336-1] sysstat security update
[DLA 4337-1] svgpp security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6028-1] lxd security update
Debian GNU/Linux 13 (Trixie):
[DSA 6027-1] incus security update
Debian has released several security advisories to address vulnerabilities in various packages. The first advisory, DSA-6026-1 for both Debian GNU/Linux 12 (Bookworm) and 13 (Trixie), fixes a security issue in Chromium (CVE-2025-11756) that could lead to arbitrary code execution or information disclosure. The second advisory, ELA-1543-1 for Debian GNU/Linux 9 (Stritch) and 10 (Buster) ELTS, deals with several security problems in the Linux kernel, which could allow users to gain higher access rights The third advisory, DLA-4334-1 for Debian GNU/Linux 11 (Bullseye) LTS, fixes an authentication bypass vulnerability (CVE-2025-46801) in pgpool2, a connection pool server for PostgreSQL.
[DSA 6026-1] chromium security update
ELA-1543-1 linux-6.1 security update
[DLA 4334-1] pgpool2 security update
[DSA 6026-1] chromium security update
ELA-1543-1 linux-6.1 security update
[DLA 4334-1] pgpool2 security update
Several security updates have been released for Debian GNU/Linux Extended LTS, including updates to the intel-microcode package to mitigate against the Spectre variant 2 vulnerability and updates to the qemu, libxml2, and php-horde-css-parser packages to fix multiple security issues. The QEMU update removes the usage of the C (Credential) flag for the binfmt_misc registration, which could have allowed for privilege escalation when running suid/sgid binaries under qemu-user. Additionally, updates to the libxml2 and php-horde-css-parser packages fix vulnerabilities related to recursion evaluation and remote code execution via crafted input, respectively. Finally, a Firefox ESR update has been released for Debian 11 (Buster) LTS. The Firefox ESR update fixes several security issues that could potentially result in the execution of arbitrary code, memory disclosure, or cross-site scripting.
ELA-18-1 intel-microcode security update
ELA-1540-1 qemu security update
[DSA 6025-1] firefox-esr security update
ELA-1542-1 libxml2 security update
ELA-1541-1 php-horde-css-parser security update
ELA-18-1 intel-microcode security update
ELA-1540-1 qemu security update
[DSA 6025-1] firefox-esr security update
ELA-1542-1 libxml2 security update
ELA-1541-1 php-horde-css-parser security update
Debian has released several security updates for Debian GNU/Linux 11 (Bullseye) LTS, including DLA-4330-1 for ghostscript, which fixes multiple vulnerabilities that allow for remote code execution or null pointer dereferences. DLA-4332-1 addresses a database update for distro-info-data, adding Ubuntu 26.04 LTS and updating the end-of-life (EoL) date for Bookworm. In contrast to these routine updates, DLA-4331-1 removes the HTTPS Everywhere extension due to security concerns related to outdated rulesets that redirect users to malware sites. Furthermore, DLA-4333-1 fixes a vulnerability in php-horde-css-parser that could allow remote code execution via uncontrolled data input. Finally, a distro-info-data database update is also available for both Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS users.
[DLA 4330-1] ghostscript security update
[DLA 4332-1] distro-info-data database update
[DLA 4331-1] https-everywhere security update
[DLA 4333-1] php-horde-css-parser security update
ELA-1539-1 distro-info-data database update
[DLA 4330-1] ghostscript security update
[DLA 4332-1] distro-info-data database update
[DLA 4331-1] https-everywhere security update
[DLA 4333-1] php-horde-css-parser security update
ELA-1539-1 distro-info-data database update
Liquorix Linux Kernel 6.16-11, based on Linux Kernel 6.16.12, has been released. The kernel features Zen Interactive Tuning technology, scheduling improvements, optimized Block Layer tweaks, and CPUFreq settings adjustments to boost performance and prioritize responsiveness over power consumption. Additionally, it includes extra features such as High Resolution Scheduling, Budget Fair Queue disk scheduler, TCP BBR2 Congestion Control, and Compressed Swap with LZ4 compression for improved data transfer speed and reduced swap storage size. Users can easily install the kernel by running a provided script using curl and bash commands, making it suitable for a wide range of hardware as a drop-in replacement for standard distribution kernels.
Multiple vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service, or information leaks. For Debian GNU/Linux 11 (Bullseye) LTS, these problems have been fixed in versions linux-6.1, 6.1.153-1, and linux-5.10.244-1, which also include additional bug fixes from stable updates. Additionally, security updates for Debian 9, 10, and 11 have been released for the libfcgi package to fix an integer overflow vulnerability that could lead to a heap-based buffer overflow via crafted data to the IPC socket.
[DLA 4328-1] linux-6.1 security update
[DLA 4327-1] linux security update
[DLA 4329-1] libfcgi security update
ELA-1538-1 libfcgi security update
[DLA 4328-1] linux-6.1 security update
[DLA 4327-1] linux security update
[DLA 4329-1] libfcgi security update
ELA-1538-1 libfcgi security update
A security update was released for the Ghostscript package to eliminate multiple issues that could lead to denial of service or potentially execute arbitrary code. Ghostscript's processing of malformed document files revealed the problems. For Debian GNU/Linux 12 (Bookworm), the issue is fixed in version 10.0.0dfsg-11+deb12u8, while for Debian GNU/Linux 13 (Trixie), it is fixed in version 10.05.1dfsg-1+deb13u1.
[DSA 6024-1] ghostscript security update
[DSA 6024-1] ghostscript security update
Debian has issued two security advisories: DLA-4326-1 for Asterisk on Debian GNU/Linux 11 (Bullseye) LTS and DSA-6023-1 for Tiff on both Debian GNU/Linux 12 (Bookworm) and 13 (Trixie). The Asterisk advisory (DLA-4326-1) fixes two vulnerabilities, including a local privilege escalation vulnerability in the safe_asterisk script and a lack of session termination that can lead to resource exhaustion. The Tiff advisory (DSA-6023-1) fixes a denial-of-service or potentially arbitrary code execution vulnerability caused by missing input sanitizing in the libtiff library.
[DLA 4326-1] asterisk security update
[DSA 6023-1] tiff security update
[DLA 4326-1] asterisk security update
[DSA 6023-1] tiff security update
Several security updates were issued for Debian GNU/Linux, including updates for Redis (versions 3:3.2.6-3+deb9u17 for Debian 9, 5:6.0.16-1+deb11u8 for Debian 10, and 5:6.0.16-1+deb11u8 for Debian 11), Chromium (version 141.0.7390.65-1~deb12u1 for Debian 12), and Valkey (version 8.1.1+dfsg1-3+deb13u1 for Debian 13). The updates address multiple vulnerabilities, including CVE-2025-46817, CVE-2025-46819, and CVE-2025-49844, which could allow attackers to execute arbitrary code or create denial-of-service attacks. The Redis updates specifically fix issues with the Lua scripting interface that could lead to remote code execution or denial of service.
ELA-1537-1 redis security update
[DSA 6021-1] chromium security update
[DSA 6022-1] valkey security update
[DLA 4325-1] redis security update
ELA-1537-1 redis security update
[DSA 6021-1] chromium security update
[DSA 6022-1] valkey security update
[DLA 4325-1] redis security update
PHP 8.5.0 Release Candidate 1 (RC1) packages have been released by Ondřej Surý for Debian GNU/Linux versions 11 LTS, 12, and 13. The upcoming version includes various improvements, such as fixes for important bugs, better error handling, and enhanced functionality in modules like Curl, Exif, and Opcache. Additionally, several date and time functions have been updated to correctly handle string literals and other issues.
Debian has released security updates for several packages, including Redis and Python-Django. The Redis update addresses multiple vulnerabilities that could result in the execution of arbitrary code or denial of service and fixes these issues in version 5:7.0.15-1deb12u6 for Debian GNU/Linux 12 (Bookworm) and version 5:8.0.2-3+deb13u1 for iDebian GNU/Linux 13 (Trixie). The Python-Django update addresses two vulnerabilities, CVE-2025-59681 and CVE-2025-59682, which are potential SQL injection and partial directory-traversal issues that have been fixed in version 2:2.2.28-1deb11u9 for Debian GNU/Linux 11 (Bullseye) LTS, version 1:1.10.7-2+deb9u27 for Debian GNU/Linux 9 (Stretch) ELTS, and 1:1.11.29-1+deb10u16 for Debian GNU/Linux 10 (Buster) ELTS.
[DSA 6020-1] redis security update
[DLA 4324-1] python-django security update
ELA-1535-1 python-django security update
[DSA 6020-1] redis security update
[DLA 4324-1] python-django security update
ELA-1535-1 python-django security update
A security update has been released for Mosquitto, package version 1.5.7-1+deb10u2 on Debian GNU/Linux 10 (Buster) Extended LTS. The update addresses CVE-2024-10525, a vulnerability that can cause out-of-bounds memory access when a malicious broker sends a crafted SUBACK packet to a client using libmosquitto. This issue affects the mosquitto_sub and mosquitto_rr clients when they act in their on_subscribe callback.
ELA-1536-1 mosquitto security update
ELA-1536-1 mosquitto security update
A security update has been released for the Git package in Debian 11 (bullseye) to address three vulnerabilities: CVE-2025-27613, CVE-2025-46835, and CVE-2025-48384. The first two vulnerabilities allow an attacker to create and truncate files on the user's system by exploiting the Git GUI or history browser, while the third vulnerability causes a submodule to be checked out to an incorrect location when its path contains a trailing CR. The issues have been fixed in version 1:2.30.2-1+deb11u5 of the git package, and users are recommended to upgrade their packages.
[DLA 4323-1] git security update
[DLA 4323-1] git security update
The Debian project has issued two separate security advisories: DSA-6019-1 for the Dovecot email server on Debian GNU/Linux 13 (Trixie) and ELA-1534-1 for FreeIPA for Debian GNU/Linux 10 (Buster) Extended LTS, an integrated security information management solution. The Dovecot advisory addresses a flaw that could result in users being logged in as the wrong user in certain configurations, which has been fixed in version 1:2.4.1+dfsg1-6+deb13u1. The FreeIPA advisory lists six CVEs (Common Vulnerabilities and Exposures) that were found in the software, including vulnerabilities related to password exposure, arbitrary code execution, privilege escalation, and improper access to administrative credentials.
[DSA 6019-1] dovecot security update
ELA-1534-1 freeipa security update
[DSA 6019-1] dovecot security update
ELA-1534-1 freeipa security update
A security update has been released for log4cxx, a logging library for C++ compatible with the JAVA log4j framework. The update fixes two security problems: one lets an attacker add HTML or JavaScript to logs because it doesn't properly handle logger names in HTMLLayout (CVE-2025-54812), and the other allows non-printable characters in JSONLayout messages (CVE-2025 These issues have been fixed in version 0.11.0-2+deb11u1, which is available for Debian 11 (Bullseye) LTS users.
[SECURITY] [DLA 4322-1] log4cxx security update
[SECURITY] [DLA 4322-1] log4cxx security update
Steven Barrett has announced the release of Liquorix Linux Kernel 6.16-9, a custom kernel based on Linux Kernel 6.16.10, designed to optimize desktop, multimedia, and gaming workloads. This kernel boasts several key features, including Zen Interactive Tuning technology and various scheduling improvements that aim to improve system responsiveness and reduce latency. The kernel also includes extra performance-enhancing features such as High Resolution Scheduling, Budget Fair Queue, and TCP BBR2 Congestion Control, making it suitable for real-time systems and high-speed data transfer.
Debian has released three security advisories to address vulnerabilities in various packages. The first advisory (DSA-6018-1) fixes a buffer overflow vulnerability in gegl, a graph-based image processing library, which could lead to denial of service or arbitrary code execution. The second advisory (DSA-6017-1) addresses a denial-of-service vulnerability in HAProxy, a load-balancing reverse proxy, when parsing JSON numbers. A third advisory (DLA-4321-1) fixes an out-of-bounds read and write issue in OpenSSL, which could allow attackers to access sensitive information.
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4321-1] openssl security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6018-1] gegl security update
[DSA 6017-1] haproxy security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4321-1] openssl security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6018-1] gegl security update
[DSA 6017-1] haproxy security update
Two security updates have been released for Debian systems: ELA-1532-1 libjson-xs-perl for Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS and DSA-6016-1 chromium for Debian GNU/Linux 12 (Bookworm) and 13 (Trixie). The libjson-xs-perl update fixes a vulnerability (CVE-2025-40928) that could cause a denial-of-service attack or other unspecified impact when parsing crafted JSON data. Meanwhile, the Chromium update addresses multiple security issues (13 CVEs) that could lead to arbitrary code execution, denial of service, or information disclosure.
ELA-1532-1 libjson-xs-perl security update
[DSA 6016-1] chromium security update
ELA-1532-1 libjson-xs-perl security update
[DSA 6016-1] chromium security update
Ondřej Surý has released updated packages for PHP 8.4.13 and 8.3.26 specifically designed for Debian GNU/Linux 11 (Bullseye) LTS, 12 (Bookworm), and 13 (Trixie). The releases include crucial bug fixes that address long-standing problems, such as repeated file inclusion causing "Constant already defined" warnings and handling string literals larger than 2GB. These updates aim to enhance the reliability, security, and performance of web applications built using PHP by resolving potential UAF issues and memory leaks.
