PHPUnit, Sudo, Debian-Security-Support updates for Debian 11 LTS

Debian 10928 Published by Philipp Esselbach 0

Debian has released three security advisories for Debian GNU/Linux 11 (Bullseye) LTS to address vulnerabilities in various packages. The first advisory, DLA-4470-1, fixes a vulnerability in phpunit that could allow remote code execution if malicious .coverage files are present prior to test execution. The second advisory, DLA-4472-1, addresses multiple vulnerabilities in sudo, including issues with escaping control characters in log messages and output. The third advisory, DLA-4471-1, updates debian-security-support to mark the end of security support for certain packages and declare limited security support for others.

[DLA 4470-1] phpunit security update
[DLA 4472-1] sudo security update
[DLA 4471-1] debian-security-support update

OpenJDK, Tomcat, Alsa-Lib, Chromium updates for Debian

Debian 10928 Published by Philipp Esselbach 0

Debian has released several security updates for various packages, including openjdk-25, tomcat9, xrdp, alsa-lib, chromium, and multiple Tomcat versions (10, 11). These updates address vulnerabilities that could lead to code execution, denial of service, or information disclosure. The openjdk-25 update fixes several vulnerabilities that may result in incorrect certificate validation or other attacks, while the tomcat9 update corrects flaws that can lead to a bypass of security constraints or denial of service. Users are advised to upgrade their packages as soon as possible and follow the instructions provided by Debian for applying the updates to their system.

Debian GNU/Linux 10 (Bullseye) Extended LTS:
ELA-1636-1 xrdp security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4468-1] tomcat9 security update
[DLA 4469-1] alsa-lib security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6122-1] chromium security update
[DSA 6120-1] tomcat10 security update

Debian GNU/Linux 13 (Trixie):
[DSA 6119-1] openjdk-25 security update
[DSA 6121-1] tomcat11 security update

Thunderbird and Containerd updates for Debian

Debian 10928 Published by Philipp Esselbach 0

Two security update have been released for Debian GNU/Linux 11 (Bullseye) LTS. The first update, DLA-4466-1, addresses a security issue in Thunderbird that could result in information disclosure and has been fixed with version 1:140.7.1esr-1~deb11u1. The second update, DLA-4467-1, fixes multiple vulnerabilities in containerd, including overly broad default permission issues and a bug in CRI Attach implementation that can exhaust host memory. Both advisories recommend upgrading the respective packages to fix the security issues.

[DLA 4466-1] thunderbird security update
[DLA 4467-1] containerd security update

ClamAV, Tomcat9, Thunderbird updates for Debian

Debian 10928 Published by Philipp Esselbach 0

Debian has released several security updates to address vulnerabilities in various packages, including ClamAV, Tomcat9, and Thunderbird. The ClamAV update brings the package up to version 1.4.3+dfsg-1~deb11u1 on Debian GNU/Linux 11 (Bullseye) LTS, extending upstream support. Meanwhile, the Tomcat9 regression update (ELA-1615-2) for Debian GNU/Linux 10 (Bullseye) ELTS, restores missing classes in the tomcat9-jasper-el.jar and tomcat9-embed-el.jar files due to toolchain changes between version 9.0.31 and 9.0.107. The Thunderbird security update (DSA-6118-1) fixes a security issue that could result in information disclosure, available both Debian GNU/Linux 12 (Bookworm) and 13 (Trixie).

[DLA 4465-1] clamav new upstream version
ELA-1615-2 tomcat9 regression update
[DSA 6118-1] thunderbird security update

Xrdp security update for Debian 11 LTS

Debian 10928 Published by Philipp Esselbach 0

A security update is available for the xrdp package, which contains an unauthenticated stack-based buffer overflow vulnerability. If exploited, this could allow remote attackers to execute arbitrary code on the target system. The issue has been fixed in version 0.9.21.1-1~deb11u3, and users are recommended to upgrade their xrdp packages for Debian GNU/Linux 11 (Bullseye) LTS. Further information about the update can be found on the Debian LTS security advisories page or the security tracker page for xrdp.

[DLA 4464-1] xrdp security update

ModSecurity, Pyasn1, Python Tornado updates for Debian

Debian 10928 Published by Philipp Esselbach 0

Several Debian LTS advisories were released covering vulnerabilities in the web application firewall ModSecurity, the ASN.1 library pyasn1, and the asynchronous web framework Tornado. The modsecurity‑apache update addresses CVE-2025-54571 by preventing attackers from overriding HTTP response Content-Type headers, while the pyasn1 updates fix a denial‑of‑service flaw that can exhaust memory when parsing malformed OID/RELATIVE-OID values (CVE-2026-23490). The python-tornado advisories cover three CVEs, CVE-2025-67724, CVE-2025-67725, and CVE-2025-67726, which expose issues such as XSS, header injection, and quadratic performance attacks that can lead to denial of service. All affected packages have been upgraded to patched versions, and users are urged to install the latest releases promptly.

Debian GNU/Linux 9 (Stretch) Extended LTS:
ELA-1633-1 modsecurity-apache security update

Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1634-1 pyasn1 security update

Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1635-1 python-tornado security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4463-1] pyasn1 security update

Ceph, Libsodium, Pillow, and more updates for Debian

Debian 10928 Published by Philipp Esselbach 0

Multiple security issues have been found in various Debian packages, including python-django (SQL injection and directory traversal vulnerabilities), pillow (path traversal vulnerability and decompression bomb), python-tornado (XSS and DoS vulnerabilities due to unescaped HTTP headers), ceph (file system compromise and DoS attack), and libsodium (mishandling of elliptic curve points). These issues have been fixed in updated versions of each package. Users are recommended to upgrade their packages to the latest versions to address these security vulnerabilities.

Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1632-1 ceph security update

Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1631-1 libsodium security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4462-1] pillow security update
[DLA 4461-1] python-tornado security update
[DLA 4460-1] ceph security update

Debian GNU/Linux 13 (Trixie):
[DSA 6117-1] python-django security update

Liquorix Linux Kernel 6.18‑9 released

Debian 10928 Ubuntu 7099 Arch Linux 964 Published by Philipp Esselbach 0

The new Liquorix Kernel 6.18-9, based on Kernel 6.18.8, has been released, promising a snappier desktop experience with lower frame-time jitter in games and smoother video work. The kernel sacrifices some power efficiency for improved interactivity, making it suitable for users who spend more time in browsers or games rather than spreadsheets. To install the new kernel safely, users can run a provided script that pulls pre-built packages and updates GRUB, allowing them to verify the new entry before rebooting into "hyper-responsive" mode. The kernel includes various changes under the hood, including scheduler tweaks, memory reclamation, CPUFreq adjustments, and more aggressive preemptive handling of interactive tasks.

Chromium security update for Debian

Debian 10928 Published by Philipp Esselbach 0

A security issue has been discovered in Chromium that could lead to arbitrary code execution, denial of service, or information disclosure. The problem has been fixed in Debian GNU/Linux 12 (Bookworm) and 13 (Trixie) distributions in versions 144.0.7559.109-1deb12u1 and 144.0.7559.109-1deb13u1, respectively. Users are recommended to upgrade their Chromium packages to fix the issue.

[DSA 6116-1] chromium security update

XanMod Kernel 6.18.8 and 6.12.68 LTS released

Debian 10928 Ubuntu 7099 Published by Philipp Esselbach 0

XanMod 6.18.8 brings LLVM ThinLTO, BBRv3 and an optional PREEMPT_RT build to Debian‑based machines, delivering noticeably smoother I/O and scheduler performance on everyday hardware. This step‑by‑step guide shows how to add the repository, import the signing key, install the kernel and pull in just the DKMS toolchain you actually need. It also warns about the most common module breakages – NVIDIA, VirtualBox and older NVIDIA drivers – and gives quick fixes that saved me from a black screen. Keep a fallback kernel handy, reboot, and verify with uname -r to make sure you’re running the new 6.18.8‑xanmod1 kernel.

Libmatio security update for Debian

Debian 10928 Published by Philipp Esselbach 0

The Debian LTS project has released an update for the libmatio library, a MAT File I/O Library. This update addresses multiple vulnerabilities found in various versions of the library, including CVE-2022-1515, CVE-2025-2338, and CVE-2025-50343. These vulnerabilities could potentially lead to Denial of Service (DoS) or remote code execution if libmatio is embedded in services that accept user-supplied .mat files. Debian 11 users are advised to upgrade their libmatio packages to version 1.5.19-2+deb11u1 to fix these issues.

[DLA 4459-1] libmatio security update

Python-Django, DCMTK, EDK2, and more updates for Debian

Debian 10928 Published by Philipp Esselbach 0

Several security updates have been released for Debian GNU/Linux, including DCMTK, Apache Log4j2, EDK II, Python-Django, GIMP, and pyasn1. The updates address multiple vulnerabilities, such as denial-of-service attacks, buffer overflows, and SQL injection, which could potentially lead to arbitrary code execution or data compromise.

Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1627-1 python-django security update

Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1630-1 dcmtk security update
ELA-1629-1 apache-log4j2 security update
ELA-1628-1 edk2 security update

Debian GNU/Linux 11 (Buster) LTS:
[DLA 4458-1] python-django security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6115-1] gimp security update
[DSA 6114-1] pyasn1 security update

OpenSSL security update for Debian 12 and 13

Debian 10928 Published by Philipp Esselbach 0

Debian has released an update for OpenSSL to address multiple vulnerabilities that could lead to denial of service, information leaks, or remote code execution. These issues have been fixed in versions 3.0.18-1deb12u2 for Debian GNU/Linux 12 (Bookworm) and 3.5.4-1deb13u2 for Debian GNU/Linux 13 (Trixie). To resolve these security problems, it's recommended that you upgrade your openssl packages to the latest version.

[SECURITY] [DSA 6113-1] openssl security update

Apache, ImageMagick, OpenJDK updates for Debian

Debian 10928 Published by Philipp Esselbach 0

Multiple security updates have been released for Debian GNU/Linux for various packages, including openjdk-11, openjdk-17, imagemagick, and apache2. The updates address several vulnerabilities that could result in incorrect certificate validation, CRLF injection, man-in-the-middle attacks, denial of service, or potentially the execution of arbitrary code.

Debian GNU/Linux 9 (Stretch) Extended LTS:
ELA-1626-1 apache2 security update

Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1624-1 imagemagick security update

Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1623-1 openjdk-11 security update
ELA-1625-1 apache2 security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4457-1] openjdk-11 security update
[DLA 4456-1] openjdk-17 security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6111-1] imagemagick security update

Debian GNU/Linux 13 (Trixie):
[DSA 6112-1] openjdk-21 security update

Ineturils, Taglib, Zvbi, and more updates for Debian

Debian 10928 Published by Philipp Esselbach 0

Multiple Debian packages have been updated to address security vulnerabilities, including inetutils, openjdk-17, libuev, php7.3, taglib, zvbi, and python3.9. These updates fix issues such as authentication bypass problems, incorrect certificate validation, integer overflows, heap buffer overflows, and header injection attacks. The affected packages are listed with their versions and CVE IDs, along with recommendations to upgrade to the latest versions.

Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1619-1 inetutils security update
ELA-1621-1 taglib security update
ELA-1620-1 zvbi security update

Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1622-1 php7.3 security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4454-1] libuev security update
[DLA 4455-1] python3.9 security update

Debian GNU/Linux 12 (Bookworm):
[DSA 6110-1] openjdk-17 security update

XanMod Linux Kernel 6.18.7 released

Debian 10928 Ubuntu 7099 Published by Philipp Esselbach 0

A new version of the XanMod kernel for Debian and Ubuntu has been released. This kernel adds LLVM ThinLTO, aggressive x86_64 scheduling and networking upgrades like BBRv3 that can noticeably speed heavy I/O or compilation workloads. The kernel may break DKMS‑based drivers (NVIDIA, OpenZFS, VirtualBox/VMware), so keep the old kernel handy and be ready to reinstall or revert if needed. Install it by adding the XanMod repo, pulling in linux-xanmod and its headers, then rebooting and selecting the new entry.

PHP, ImageMagick, Shapelib, and more updates for Debian

Debian 10928 Published by Philipp Esselbach 0

The Debian project has issued multiple security advisories for Debian GNU/Linux 11 (Bullseye) LTS, including updates for php7.4, imagemagick, shapelib, taglib, zvbi, apache2, and inetutils. Each advisory reports on specific vulnerabilities found in the respective packages, including issues related to memory overflow, null pointer dereference, denial of service, and authentication bypass.

[DLA 4447-1] php7.4 security update
[DLA 4448-1] imagemagick security update
[DLA 4451-1] shapelib security update
[DLA 4450-1] taglib security update
[DLA 4449-1] zvbi security update
[DLA 4452-1] apache2 security update
[DLA 4453-1] inetutils security update

Liquorix Linux Kernel 6.18‑8 released

Debian 10928 Ubuntu 7099 Arch Linux 964 Published by Philipp Esselbach 0

Liquorix Kernel 6.18‑8 swaps the default scheduler for Kyber/BFQ, tightens CPU timeslices to 2 ms and enables aggressive preemption, giving desktops a noticeably snappier feel at the cost of a bit more power draw. The one‑liner install script simply adds the Liquirx repo, pulls the proper .deb (or AUR) package and updates GRUB—just save the script first, glance at it, then run it with sudo. Expect minor side effects like higher fan speed on laptops, possible firmware or driver rebuilds for older GPUs/NVIDIA cards, and a small learning curve if you use systemd‑boot instead of GRUB

Liquorix Linux Kernel 6.18-7 released

Debian 10928 Ubuntu 7099 Arch Linux 964 Published by Philipp Esselbach 0

Steven Barrett has released Liquorix Linux Kernel 6.18-7, which fixes a performance issue affecting Project-C and includes several notable improvements for optimizing the desktop experience. The kernel features interactive tuning to prioritize responsiveness over power saving, optimized I/O and memory management, and adjusted CPUFreq control parameters for faster responsiveness when needed. Additionally, Liquorix 6.18-7 includes high-resolution scheduling, real-time system handling, and other technical enhancements, such as Budget Fair Queue support and Compressed Swap via zswap. The kernel is designed to be easily deployable on Debian, Ubuntu, or Arch Linux systems, with binary builds available through the Liquorix PPA for straightforward installation.

Python-Urllib3, Osslsigncode, Incus updates for Debian

Debian 10928 Published by Philipp Esselbach 0

Debian has released several security updates, including DLA-4426-2 for osslsigncode and DLA-4446-1/ELA-1618-1 for python-urllib3. The updates fix vulnerabilities CVE-2023-36377 in osslsigncode and CVE-2026-21441 in python-urllib3, which could lead to denial-of-service attacks. Additionally, Debian Security Advisory DSA-6109-1 addresses two security issues in Incus, a system container.

Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1618-1 python-urllib3 security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4426-2] osslsigncode regression update
[DLA 4446-1] python-urllib3 security update

Debian GNU/Linux 13 (Trixie):
[DSA 6109-1] incus security update

Previous Page

Next Page

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...