Firefox-ESR and Gst-Plugins-Good updates for Debian

Debian 10928 Published by Philipp Esselbach 0

Debian has released two security advisories to address vulnerabilities in popular software packages. The first advisory, DSA-6054-1, fixes multiple security issues in Mozilla Firefox for Debian GNU/Linux 12 (Bookworm) and Debian GNU/Linux 13 (Trixie), including versions 140.5.0esr-1deb12u1 and 140.5.0esr-1deb13u1, respectively. The second advisory, ELA-1576-1, updates the gst-plugins-good1.0 package to version 1.14.4-1+deb10u5 for Debian GNU/Linux 10 (Buster) Extended LTS, fixing vulnerabilities CVE-2025-47183 and CVE-2025-47219 that could lead to information disclosure.

[DSA 6054-1] firefox-esr security update
ELA-1576-1 gst-plugins-good1.0 security update

Libarchive, GIMP, Kernel, and more updates for Debian

Debian 10928 Published by Philipp Esselbach 0

Multiple security vulnerabilities have been identified in various Debian packages, including libarchive, dcmtk, gimp, geographiclib, squid, and the Linux kernel. The vulnerabilities range from integer overflows and double-free conditions to stack buffer overflows and information disclosures. Fixes for these issues are available in updated versions of the affected packages, which are recommended for installation to prevent potential security risks.

Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS:
ELA-1575-1 libarchive security update
ELA-1573-1 gimp security update
ELA-1572-1 geographiclib security update

Debian GNU/Linux 10 (Buster) ELTS:
ELA-1574-1 dcmtk security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4369-1] squid security update
[DLA 4368-1] libarchive security update

Debian GNU/Linux 12 (Bookworm):
[DSA 6053-1] linux security update

Debian GNU/Linux 13 (Trixie):
[DSA 6052-1] rust-sudo-rs security update

Incus and strongSwan updates for Debian

Debian 10928 Published by Philipp Esselbach 0

Debian has released security updates for two packages: Incus for Debian GNU/Linux 13 (Trixie) and strongSwan for Debian GNU/Linux 10 (Buster) Extended LTS. The Incus package, a system container and virtual machine manager, has been fixed to address a local privilege escalation vulnerability that allowed unprivileged users to access Incus through incus-user. The vulnerability was discovered in version 6.0.3 of the incus package and has been patched in version 6.0.4-2+deb13u2. Meanwhile, strongSwan has been updated to fix a buffer overflow bug that could lead to remote code execution through the eap-mschapv2 plugin.

[DSA 6051-1] incus security update
ELA-1571-1 strongswan security update

GDK-Pixbuf security update for Debian ELTS

Debian 10928 Published by Philipp Esselbach 0

Many GTK applications use the gdk-pixbuf library, which has a vulnerability, to load graphical assets. The issue occurs when processing maliciously crafted JPEG images during Base64 encoding, leading to a heap buffer overflow. This problem affects two versions of gdk-pixbuf: 2.36.5-2+deb9u4 for Debian GNU/Linux 9 (Stretch) ELTS and 2.38.1+dfsg-1+deb10u2 for Debian GNU/Linux 10 (Buster) ELTS. The related CVE is CVE-2025-7345.

ELA-1570-1 gdk-pixbuf security update

OpenJDK, Keystone, Swift, Chromium updates for Debian

Debian 10928 Published by Philipp Esselbach 0

Debian has released security advisories for several packages, including Keystone, Swift, Chromium, and OpenJDK-8. The Keystone vulnerability allows an unauthenticated attacker to obtain Keystone authorization, while Swift needs to be updated to work with the fixed version of Keystone. Chromium has been patched to fix four security issues that could lead to arbitrary code execution, denial of service, or information disclosure. Additionally, a security update for openjdk-8 has been released to address two vulnerabilities related to XML external entity injection attacks and certificate validation.

Debian GNU/Linux 9 (Stretch) Extended LTS:
ELA-1569-1 openjdk-8 security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4367-1] keystone security update
[DLA 4366-1] swift update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6050-1] chromium security update

Unbound update for Debian ELTS

Debian 10928 Published by Philipp Esselbach 0

Security updates have been released for both Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS to address a vulnerability in the Unbound DNS resolver. The vulnerability, known as CVE-2025-11411, allows attackers to poison the cache and hijack domains through NS RRSet injection. The fix for both updates scrubs unsolicited NS RRSets from DNS replies, preventing potential cache poisoning attacks. To disable this protection, users can set the "iter-scrub-promiscuous" configuration option in unbound.conf(5) to "no."

ELA-1568-1 unbound1.9 security update
ELA-1567-1 unbound security update

Unbound security update for Debian 11 LTS

Debian 10928 Published by Philipp Esselbach 0

A security update has been released for the unbound package in Debian 11 GNU/Linux (Bullseye) LTS. The vulnerability, discovered by researchers Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan, allows for cache poisoning via NS RRSet injection, which could lead to domain hijacking. The fix removes unsolicited NS RRSets from DNS replies, mitigating the potential effect of a malicious actor poisoning Unbound's cache.

[DLA 4365-1] unbound security update

Bind9 and GIMP updates for Debian

Debian 10928 Published by Philipp Esselbach 0

The Debian Project has released a security update for the bind9 package to fix three vulnerabilities, including resource exhaustion and cache poisoning attacks. The vulnerabilities were fixed in version 1:9.16.50-1~deb11u4, which is available for Debian GNU/Linux 11 (Bullseye) LTS. A separate security advisory was also released for the GIMP package in Debian GNU/Linux 12 (Bookworm) and 13 (Trixie), which contains a buffer overflow vulnerability that can result in denial of service or arbitrary code execution when opening malformed XWD images.

[DLA 4364-1] bind9 security update
[DSA 6049-1] gimp security update

Pure-FTPD, strongSwan, GIMP, and more updates for Debian

Debian 10928 Published by Philipp Esselbach 0

Multiple security updates have been released for Debian GNU/Linux to address vulnerabilities in various packages, including strongswan, wordpress, dcmtk, gimp, geographiclib, pure-ftpd, and ruby-rack. The vulnerabilities include issues that can let attackers run harmful code or get access to private information, such as buffer overflows, stored Cross-Site Scripting (XSS) attacks, and crashes of programs. The affected packages have been updated with new versions that fix the identified vulnerabilities, and users are advised to upgrade their packages as soon as possible. The security advisories provide detailed information about the vulnerabilities, including CVE IDs, affected versions, and recommended actions for users to take to ensure their systems remain secure.

Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1566-1 pure-ftpd security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4359-1] strongswan security update
[DLA 4358-1] wordpress security update
[DLA 4363-1] dcmtk security update
[DLA 4362-1] gimp security update
[DLA 4361-1] geographiclib security update
[DLA 4360-1] pure-ftpd security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6048-1] ruby-rack security update

Liquorix Linux Kernel 6.17-7 released

Debian 10928 Ubuntu 7099 Arch Linux 964 Published by Philipp Esselbach 0

Steven Barrett has released a new version of the Liquorix Linux kernel, 6.17-7. This custom kernel optimizes desktop, multimedia, and gaming workloads with performance enhancements that prioritize responsiveness, reduce latency, and maximize throughput. Key features include Zen Interactive Tuning technology, improved scheduling and block layer optimizations, as well as support for High Resolution Scheduling, Budget Fair Queue disk scheduler, TCP BBR2 Congestion Control, and Compressed Swap. Users can easily install the kernel by running a script available at liquorix.net/install-liquorix.sh using curl and bash commands.

Ruby-Rack update for Debian 11 LTS

Debian 10928 Published by Philipp Esselbach 0

A security update has been released for the ruby-rack package, which provides a modular Ruby web server interface. The update addresses multiple vulnerabilities, including issues with session restoration, parameter parsing, and memory exhaustion, as well as improper handling of headers that may allow proxy bypass. These problems have been fixed in version 2.1.4-3+deb11u4 for Debian GNU/Linux 11 (Bullseye) LTS.

[DLA 4357-1] ruby-rack security update

Git security update for Debian ELTS

Debian 10928 Published by Philipp Esselbach 0

A security update has been released for Git to address multiple vulnerabilities. The update fixes three specific issues, including CVE-2025-27613 and CVE-2025-48384, which can be exploited by cloning an untrusted repository and creating or overwriting files with write permission. Additionally, CVE-2025-46835 allows a maliciously named directory in a cloned repository to trick Git GUI into editing files and overwriting them. The update is available for both Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS.

ELA-1565-1 git security update

PyPy3, MediaWiki, Ublock-Origin updates for Debian

Debian 10928 Published by Philipp Esselbach 0

Debian has released three security updates: DLA-4354-1 for pypy3, DLA-4355-1 for mediawiki, and DLA-4356-1 for ublock-origin. The PyPy3 update fixes several security issues, including ReDoS (denial of service) vulnerabilities in the tarfile module, email module, and http.cookies module, among others. The MediaWiki update addresses multiple vulnerabilities that could lead to information disclosure, denial of service, or privilege escalation, affecting various extensions such as OATHAuth, ConfirmEdit, and VisualEditor. The uBlock Origin update improves user experience and ad/malware filter capabilities and fixes a bug in the Filter lists page, recommending an upgrade for Debian GNU/Linux 11 (Bullseye) LTS users.

[DLA 4354-1] pypy3 security update
[DLA 4355-1] mediawiki security update
[DLA 4356-1] ublock-origin security update

OpenSSL, Ghostscript, Chromium, Squid, QEMU updates for Debian

Debian 10928 Published by Philipp Esselbach 0

Multiple security updates have been released for Debian GNU/Linux, including patches for OpenSSL, Ghostscript, Chromium, Squid, and QEMU. The updates address various vulnerabilities, such as out-of-bounds reads and writes, denial of service attacks, information disclosure, and privilege escalation. The affected packages include OpenSSL 1.0, Ghostscript 9.26a and 9.27, Chromium 142.0.7444.59, Squid 5.7 and 6.13, and QEMU 2.8.

Debian GNU/Linux 9 (Stretch) Extended LTS:
ELA-1563-1 openssl1.0 security update
ELA-1564-1 qemu security update

Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1562-1 ghostscript security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6046-1] chromium security update
[DSA 6047-1] squid security update

Liquorix Linux Kernel 6.17-6 released

Debian 10928 Ubuntu 7099 Arch Linux 964 Published by Philipp Esselbach 0

Steven Barrett has released Liquorix Linux Kernel 6.17-6, which enhances system responsiveness and performance for desktop, multimedia, and gaming workloads. This custom kernel boasts several key features, such as Zen Interactive Tuning technology, scheduling improvements, and optimized Block Layer tweaks to enhance memory management and minimize latency. Additionally, Liquorix kernel 6.17-6 includes extra features like High Resolution Scheduling, Budget Fair Queue, TCP BBR2 Congestion Control, and Compressed Swap to further boost performance. Users can easily install the kernel using a provided script, and binary builds are available for popular Debian-based distributions and Ubuntu through the Liquorix PPA.

Xorg-Server, OpenSSL, Pdns-Recursor, Intel-Microcode updates for Debian

Debian 10928 Published by Philipp Esselbach 0

Several Debian Security Advisories have been released to address vulnerabilities in various packages, including xorg-server, openssl, pdns-recursor, and intel-microcode. The advisories recommend upgrading the affected packages to their latest versions, which can be found on the security tracker page for each package. For example, the xorg-server vulnerability has been fixed in version 2:21.1.7-3+deb12u11 (bookworm) and 2:21.1.16-1.3+deb13u1 (trixie).

Debian GNU/Linux 9 (Stretch) Extended LTS:
ELA-1559-1 openssl security update

Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1561-1 xorg-server security update
ELA-1560-1 intel-microcode security update

Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1558-1 openssl security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4353-1] xorg-server security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6044-1] xorg-server security update

Debian GNU/Linux 13 (Trixie):
[DSA 6045-1] pdns-recursor security update

Webkit2GTK, Python, GIMP security update for Debian

Debian 10928 Published by Philipp Esselbach 0

Multiple Debian Security Advisories have been released to address various vulnerabilities. The advisories include DSA-6042-1 for webkit2gtk on Debian 12 and 13, which fixes multiple issues, including potential crashes and access to sensor information without user consent; DLA-4352-1 for python-authlib on Debian 11 LTS, a library with vulnerabilities that could allow policy bypass or privilege escalation; and DSA-6043-1 for gimp on Debian 12, the GNU Image Manipulation Program, which has several vulnerabilities that could result in denial of service or arbitrary code execution. Additionally, an Extended LTS Advisory (ELA) has been released to address multiple vulnerabilities in Python-pip on Debian 9 and 10 ELTS, including directory traversal, Unicode separator handling issues, Mercurial VCS URL configuration option injection, and symbolic link checking problems.

[DSA 6042-1] webkit2gtk security update
[DLA 4352-1] python-authlib security update
[DSA 6043-1] gimp security update
ELA-1557-1 python-pip security update

PHP 8.5.0 RC3, PHP 8.4.14, and 8.3.27 Debian packages released

Debian 10928 Published by Philipp Esselbach 0

Ondřej Surý has released PHP 8.5.0 RC3, PHP 8.4.14, and PHP 8.3.27 packages for Debian GNU/Linux 11 LTS, 12, and 13. The updates include improvements to core functionality, DOM parsing, FPM performance, Opcache optimization, OpenSSL security, and other areas of functionality. The packages address numerous bugs and fixes issues such as resource closing on shutdown, incorrect namespace checks in the getNamedItemNS() function, and memory leaks triggered by imagefttext() calls. 

Thunderbird and strongSwan updates for Debian

Debian 10928 Published by Philipp Esselbach 0

Debian has issued security updates for two packages, Thunderbird and strongSwan. For Debian 11 GNU/Linux (Bullseye) LTS, the Thunderbird update fixes multiple security issues that could result in arbitrary code execution and is available in version 1:140.4.0esr-1~deb11u1. Meanwhile, the strongSwan update for both Debian GNU/Linux 12 (Bookworm) and 13 (Trixie) fixes a buffer overflow bug in the eap-mschapv2 plugin discovered by Xu Biang, which can cause an integer underflow or heap-based buffer overflow potentially exploitable for remote code execution.

[DLA 4351-1] thunderbird security update
[DSA 6041-1] strongswan security update

Liquorix Linux Kernel 6.17-5 released

Debian 10928 Ubuntu 7099 Arch Linux 964 Published by Philipp Esselbach 0

Steven Barrett has released two new versions of the Liquorix Linux kernel, based on Linux kernel 6.17.5, which aim to enhance user experience and system performance. The Liquorix kernel has several upgrades, like Zen Interactive Tuning technology, better scheduling, an improved Block Layer, and CPUFreq changes, all meant to make the system more responsive and efficient. Additionally, the kernel includes features such as High Resolution Scheduling, Budget Fair Queue, TCP BBR2 Congestion Control, and Compressed Swap with LZ4 compression, further boosting performance.

Previous Page

Next Page

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...