Mbedtls and libwebsockets updates for Debian

Debian 10697 Published by Philipp Esselbach 0

Two security updates have been released for Debian systems: ELA-1579-1 mbedtls for Debian GNU/Linux 10 (Buster) ELTS and DLA-4373-1 libwebsockets for Debian GNU/Linux 11 (Buster) LTS. The mbedtls update fixes multiple vulnerabilities, including use-after-free issues, NULL pointer dereferences, and buffer underflows that could be exploited by attackers. The libwebsockets update addresses two specific security flaws: a use-after-free vulnerability in the WebSocket server implementation and a stack-based buffer overflow when handling DNS requests with crafted labels.

ELA-1579-1 mbedtls security update
[DLA 4373-1] libwebsockets security update

Thunderbird security update for Debian

Debian 10697 Published by Philipp Esselbach 0

Debian has released security updates for Thunderbird, which address multiple vulnerabilities that could lead to arbitrary code execution. The affected versions are 1:140.5.0esr-1deb11u1 for Debian GNU/Linux 11 (Bullseye) LTS and 1:140.5.0esr-1deb12u1 and 1:140.5.0esr-1~deb13u1 for Debian GNU/Linux 12 (Bookworm) and 13 (Trixie). Users are recommended to upgrade their Thunderbird packages to fix these security issues.

[DLA 4372-1] thunderbird security update
[DSA 6059-1] thunderbird security update

Lasso security update for Debian

Debian 10697 Published by Philipp Esselbach 0

A security update has been released for the lasso package, which implements Liberty Alliance and SAML protocols. The update fixes several vulnerabilities discovered by Keane O'Kelley that could result in denial of service or execution of arbitrary code. Users of Debian's bookworm distribution should upgrade to version 2.8.1-1+deb12u1, while users of the trixie stable distribution should upgrade to version 2.8.2-9+deb13u1.

[DSA 6058-1] lasso security update

Debian GNU/Linux 13.2 Trixie Live Images released

Debian 10697 Published by Philipp Esselbach 0

New Debian GNU/Linux 13.2 Trixie live images for popular desktop environments are now available, allowing users to test and experiment with different setups before making a final decision. The release includes six desktop environment options: GNOME 48.4, KDE Plasma 6.3.5, Xfce 4.20, Cinnamon 6.4.10, LXQt, and LXDE each offering unique features and customization options.

Debian GNU/Linux 13.2 released

Debian 10697 Published by Philipp Esselbach 0

Debian GNU/Linux 13.2 has been released as an updated stable version rather than a new major release. This point release brings security patches and bug fixes to resolve problems and close vulnerabilities in existing packages. The update primarily focuses on resolving security issues and patching bugs across various key packages, including Dovecot, Evolution Suite, GnuPG, and others.

Gst-Plugins-Base1.0 and Squid updates for Debian

Debian 10697 Published by Philipp Esselbach 0

Two security advisories have been issued for Debian GNU/Linux: one for gst-plugins-base1.0 for Debian 11 LTS and another for squid, a popular proxy server, for Debian 10 ELTS. The gst-plugins-base1.0 advisory fixes three denial-of-service vulnerabilities in the subparse plugin of the gst-plugins-base1.0 package. The squid advisory addresses five vulnerabilities, including a denial-of-service attack against Squid's Gopher gateway and a failure to redact HTTP authentication credentials, which could allow information disclosure. In both cases, users are advised to upgrade their packages to fix the issues.

[DLA 4371-1] gst-plugins-base1.0 security update
ELA-1578-1 squid security update

Liquorix Linux Kernel 6.17-9 released

Debian 10697 Ubuntu 6925 Arch Linux 918 Published by Philipp Esselbach 0

Liquorix Linux Kernel 6.17-9 has been released, offering improved performance and responsiveness for desktop users, particularly those engaged in multimedia and gaming workloads. The kernel features several notable improvements, including Zen Interactive Tuning, which prioritizes system speed over power savings, as well as optimized I/O and memory management. Additionally, Liquorix 6.17-9 has several technical upgrades, like better scheduling for high-resolution tasks, improved handling of real-time systems, and support for Budget Fair Queue (BFQ) and TCP BBR2 Congestion Control.

Gst-Plugins-Good1.0, LXD, Chromium, Keystone updates for Debian

Debian 10697 Published by Philipp Esselbach 0

Multiple security updates have been released for various Debian packages, including Firefox ESR, Chromium, gst-plugins-good1.0, Keystone, and LXD. These updates address vulnerabilities that could potentially lead to code execution, information disclosure, or privilege escalation if left unpatched.

Debian GNU/Linux 9 (Stretch) Extended LTS:
ELA-1577-1 gst-plugins-good1.0 security update

Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1576-1 gst-plugins-good1.0 security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4370-1] firefox-esr security update

Debian GNU/Linux 12 (Bookworm):
[DSA 6057-1] lxd security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6055-1] chromium security update
[DSA 6056-1] keystone security update

Firefox-ESR and Gst-Plugins-Good updates for Debian

Debian 10697 Published by Philipp Esselbach 0

Debian has released two security advisories to address vulnerabilities in popular software packages. The first advisory, DSA-6054-1, fixes multiple security issues in Mozilla Firefox for Debian GNU/Linux 12 (Bookworm) and Debian GNU/Linux 13 (Trixie), including versions 140.5.0esr-1deb12u1 and 140.5.0esr-1deb13u1, respectively. The second advisory, ELA-1576-1, updates the gst-plugins-good1.0 package to version 1.14.4-1+deb10u5 for Debian GNU/Linux 10 (Buster) Extended LTS, fixing vulnerabilities CVE-2025-47183 and CVE-2025-47219 that could lead to information disclosure.

[DSA 6054-1] firefox-esr security update
ELA-1576-1 gst-plugins-good1.0 security update

Libarchive, GIMP, Kernel, and more updates for Debian

Debian 10697 Published by Philipp Esselbach 0

Multiple security vulnerabilities have been identified in various Debian packages, including libarchive, dcmtk, gimp, geographiclib, squid, and the Linux kernel. The vulnerabilities range from integer overflows and double-free conditions to stack buffer overflows and information disclosures. Fixes for these issues are available in updated versions of the affected packages, which are recommended for installation to prevent potential security risks.

Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS:
ELA-1575-1 libarchive security update
ELA-1573-1 gimp security update
ELA-1572-1 geographiclib security update

Debian GNU/Linux 10 (Buster) ELTS:
ELA-1574-1 dcmtk security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4369-1] squid security update
[DLA 4368-1] libarchive security update

Debian GNU/Linux 12 (Bookworm):
[DSA 6053-1] linux security update

Debian GNU/Linux 13 (Trixie):
[DSA 6052-1] rust-sudo-rs security update

Incus and strongSwan updates for Debian

Debian 10697 Published by Philipp Esselbach 0

Debian has released security updates for two packages: Incus for Debian GNU/Linux 13 (Trixie) and strongSwan for Debian GNU/Linux 10 (Buster) Extended LTS. The Incus package, a system container and virtual machine manager, has been fixed to address a local privilege escalation vulnerability that allowed unprivileged users to access Incus through incus-user. The vulnerability was discovered in version 6.0.3 of the incus package and has been patched in version 6.0.4-2+deb13u2. Meanwhile, strongSwan has been updated to fix a buffer overflow bug that could lead to remote code execution through the eap-mschapv2 plugin.

[DSA 6051-1] incus security update
ELA-1571-1 strongswan security update

GDK-Pixbuf security update for Debian ELTS

Debian 10697 Published by Philipp Esselbach 0

Many GTK applications use the gdk-pixbuf library, which has a vulnerability, to load graphical assets. The issue occurs when processing maliciously crafted JPEG images during Base64 encoding, leading to a heap buffer overflow. This problem affects two versions of gdk-pixbuf: 2.36.5-2+deb9u4 for Debian GNU/Linux 9 (Stretch) ELTS and 2.38.1+dfsg-1+deb10u2 for Debian GNU/Linux 10 (Buster) ELTS. The related CVE is CVE-2025-7345.

ELA-1570-1 gdk-pixbuf security update

OpenJDK, Keystone, Swift, Chromium updates for Debian

Debian 10697 Published by Philipp Esselbach 0

Debian has released security advisories for several packages, including Keystone, Swift, Chromium, and OpenJDK-8. The Keystone vulnerability allows an unauthenticated attacker to obtain Keystone authorization, while Swift needs to be updated to work with the fixed version of Keystone. Chromium has been patched to fix four security issues that could lead to arbitrary code execution, denial of service, or information disclosure. Additionally, a security update for openjdk-8 has been released to address two vulnerabilities related to XML external entity injection attacks and certificate validation.

Debian GNU/Linux 9 (Stretch) Extended LTS:
ELA-1569-1 openjdk-8 security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4367-1] keystone security update
[DLA 4366-1] swift update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6050-1] chromium security update

Unbound update for Debian ELTS

Debian 10697 Published by Philipp Esselbach 0

Security updates have been released for both Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS to address a vulnerability in the Unbound DNS resolver. The vulnerability, known as CVE-2025-11411, allows attackers to poison the cache and hijack domains through NS RRSet injection. The fix for both updates scrubs unsolicited NS RRSets from DNS replies, preventing potential cache poisoning attacks. To disable this protection, users can set the "iter-scrub-promiscuous" configuration option in unbound.conf(5) to "no."

ELA-1568-1 unbound1.9 security update
ELA-1567-1 unbound security update

Unbound security update for Debian 11 LTS

Debian 10697 Published by Philipp Esselbach 0

A security update has been released for the unbound package in Debian 11 GNU/Linux (Bullseye) LTS. The vulnerability, discovered by researchers Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan, allows for cache poisoning via NS RRSet injection, which could lead to domain hijacking. The fix removes unsolicited NS RRSets from DNS replies, mitigating the potential effect of a malicious actor poisoning Unbound's cache.

[DLA 4365-1] unbound security update

Bind9 and GIMP updates for Debian

Debian 10697 Published by Philipp Esselbach 0

The Debian Project has released a security update for the bind9 package to fix three vulnerabilities, including resource exhaustion and cache poisoning attacks. The vulnerabilities were fixed in version 1:9.16.50-1~deb11u4, which is available for Debian GNU/Linux 11 (Bullseye) LTS. A separate security advisory was also released for the GIMP package in Debian GNU/Linux 12 (Bookworm) and 13 (Trixie), which contains a buffer overflow vulnerability that can result in denial of service or arbitrary code execution when opening malformed XWD images.

[DLA 4364-1] bind9 security update
[DSA 6049-1] gimp security update

Pure-FTPD, strongSwan, GIMP, and more updates for Debian

Debian 10697 Published by Philipp Esselbach 0

Multiple security updates have been released for Debian GNU/Linux to address vulnerabilities in various packages, including strongswan, wordpress, dcmtk, gimp, geographiclib, pure-ftpd, and ruby-rack. The vulnerabilities include issues that can let attackers run harmful code or get access to private information, such as buffer overflows, stored Cross-Site Scripting (XSS) attacks, and crashes of programs. The affected packages have been updated with new versions that fix the identified vulnerabilities, and users are advised to upgrade their packages as soon as possible. The security advisories provide detailed information about the vulnerabilities, including CVE IDs, affected versions, and recommended actions for users to take to ensure their systems remain secure.

Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1566-1 pure-ftpd security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4359-1] strongswan security update
[DLA 4358-1] wordpress security update
[DLA 4363-1] dcmtk security update
[DLA 4362-1] gimp security update
[DLA 4361-1] geographiclib security update
[DLA 4360-1] pure-ftpd security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6048-1] ruby-rack security update

Liquorix Linux Kernel 6.17-7 released

Debian 10697 Ubuntu 6925 Arch Linux 918 Published by Philipp Esselbach 0

Steven Barrett has released a new version of the Liquorix Linux kernel, 6.17-7. This custom kernel optimizes desktop, multimedia, and gaming workloads with performance enhancements that prioritize responsiveness, reduce latency, and maximize throughput. Key features include Zen Interactive Tuning technology, improved scheduling and block layer optimizations, as well as support for High Resolution Scheduling, Budget Fair Queue disk scheduler, TCP BBR2 Congestion Control, and Compressed Swap. Users can easily install the kernel by running a script available at liquorix.net/install-liquorix.sh using curl and bash commands.

Ruby-Rack update for Debian 11 LTS

Debian 10697 Published by Philipp Esselbach 0

A security update has been released for the ruby-rack package, which provides a modular Ruby web server interface. The update addresses multiple vulnerabilities, including issues with session restoration, parameter parsing, and memory exhaustion, as well as improper handling of headers that may allow proxy bypass. These problems have been fixed in version 2.1.4-3+deb11u4 for Debian GNU/Linux 11 (Bullseye) LTS.

[DLA 4357-1] ruby-rack security update

Git security update for Debian ELTS

Debian 10697 Published by Philipp Esselbach 0

A security update has been released for Git to address multiple vulnerabilities. The update fixes three specific issues, including CVE-2025-27613 and CVE-2025-48384, which can be exploited by cloning an untrusted repository and creating or overwriting files with write permission. Additionally, CVE-2025-46835 allows a maliciously named directory in a cloned repository to trick Git GUI into editing files and overwriting them. The update is available for both Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS.

ELA-1565-1 git security update

Previous Page

Next Page

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...