NSS, PostgreSQL, Mapserver, and more updates for Debian

Debian 10927 Published by Philipp Esselbach 0

Debian administrators should pay close attention to the security advisories, which cover several important software packages. These updates address serious vulnerabilities found across chromium, nss, postgresql-13, luanti, opam, gimp, mapserver, and tiff that could easily let attackers run malicious code or crash entire systems. Each notice lists the exact patched versions needed for oldstable, stable, and extended support releases so maintainers can quickly roll out the fixes without guessing.

Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS:
ELA-1684-1 nss security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4524-2] postgresql-13 regression update
[DLA 4537-1] mapserver security update
[DLA 4536-1] tiff security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6214-1] chromium security update
[DSA 6216-1] opam security update
[DSA 6215-1] gimp security update

Debian GNU/Linux 13 (Trixie):
[DSA 6217-1] luanti security update

OpenSSH and Thunderbird updates for Debian 11 LTS

Debian 10927 Published by Philipp Esselbach 0

Debian LTS released two security advisories addressing vulnerabilities in OpenSSH and Thunderbird software packages. An OpenSSH flaw discovered by Jeremy Brown permits remote denial of service or arbitrary code execution when GSSAPI Key Exchange is enabled. Separate security issues found within Thunderbird carry similar risks that allow attackers to run code if left unpatched. Debian 11 bullseye users are strongly advised to upgrade their packages immediately to resolve these critical security issues.

[DLA 4535-1] openssh security update
[DLA 4534-1] thunderbird security update

Liquorix Linux Kernel 6.19-9 released

Debian 10927 Ubuntu 7099 Arch Linux 964 Published by Philipp Esselbach 0

The Liquorix Kernel 6.19-9 release brings a dmemcg v6 patch set to improve memory management for low VRAM systems while maintaining high responsiveness. Aggressive scheduler tweaks like reduced timeslices and faster CPU frequency scaling ensure lower latency during gaming or media production tasks. Users should note that these performance gains come with higher power usage since split lock detection is disabled by default in this build. Installation on Debian or Ubuntu requires running the provided curl script or accessing the dedicated PPA repository for binary packages.

Systemd, Python, LXD, Incus updates for Debian

Debian 10927 Published by Philipp Esselbach 0

Debian administrators should note that four security advisories regarding critical updates for systemd and python3.9 among other packages. Local users might exploit systemd flaws to gain root access through improper D-Bus validation or stack overflows. Although the python3.9 update reverts previous changes that broke backward compatibility, it successfully fixes a use-after-free vulnerability triggered during memory allocation failures when decompressor instances are reused. LXD and Incus container managers require upgrades too since security flaws in these tools could allow restriction bypasses or privilege escalation attacks.

[DLA 4533-1] systemd security update
[DLA 4532-1] python3.9 regression and security update
[DSA 6213-1] lxd security update
[DSA 6212-1] incus security update

GDK-Pixbuf, GST-Plugins, ImageMagick, Thunderbird updates for Debian

Debian 10927 Published by Philipp Esselbach 0

Debian released urgent security updates for multiple packages including Thunderbird and ImageMagick. The gdk-pixbuf library requires immediate attention because a validation error in its JPEG loader could lead to arbitrary code execution or denial of service. Other affected tools like gst-plugins-bad1.0 contain bugs that may allow attackers to process malformed media files for system compromise. Administrators should apply these fixes right away to secure their environments against exploitation.

Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS:
ELA-1683-1 gdk-pixbuf security update
ELA-1682-1 gst-plugins-bad1.0 security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4531-1] gdk-pixbuf security update

Debian GNU/Linux 12 (Bookworm):
[DSA 6210-1] imagemagick security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6211-1] thunderbird security update

XanMod Kernel 7.0 released

Debian 10927 Ubuntu 7099 Published by Philipp Esselbach 0

The latest XanMod kernel based on Linux 7.0 is finally out and brings specific optimizations for heavy workloads instead of just chasing clock speeds. People should exercise caution since drivers from vendors like NVIDIA or VirtualBox might not support this version and could break after a reboot. Getting it running involves adding the custom repository and making sure essential build tools exist so external modules can compile without errors. Keeping a copy of the old kernel in the boot menu is wise practice because things do not always go smoothly during major updates.

Bind, Gst-Plugins-Bad, Xdg-Dbus-Proxy updates for Debian

Debian 10927 Published by Philipp Esselbach 0

Debian issued three security advisories covering critical flaws found within bind9, xdg-dbus-proxy, and gst-plugins-bad1.0 software packages. For BIND resolvers performing DNSSEC validation, a vulnerability exists where malicious zones trigger excessive CPU usage unless users upgrade to version 1:9.16.50-1~deb11u5. The xdg-dbus-proxy update resolves a parsing error that previously allowed attackers to bypass eavesdrop restrictions and leak data. Finally GStreamer users need to update gst-plugins-bad1.0 because malformed media files could lead to denial of service or arbitrary code execution vulnerabilities.

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4529-1] bind9 security update
[DLA 4530-1] gst-plugins-bad1.0 security update

Debian GNU/Linux 13 (Trixie):
[DSA 6209-1] xdg-dbus-proxy security update

FFmpeg, Flatpak, Mediawiki updates for Debian

Debian 10927 Published by Philipp Esselbach 0

Recent Debian security advisories highlight critical updates for MediaWiki, Flatpak, and FFmpeg that address multiple vulnerabilities discovered in these tools. While the MediaWiki patch fixes issues regarding information disclosure and permission checks across oldstable and stable distributions, Flatpak requires an upgrade to prevent sandbox escapes or arbitrary host deletions. The most extensive list of flaws appears within the FFmpeg advisory, which covers buffer overflows and integer errors capable of triggering denial of service attacks remotely. System administrators are strongly urged to apply these specific package versions immediately to maintain security posture against disclosed exploits.

Debian GNU/Linux 10 (Buster) ELTS:
ELA-1681-1 ffmpeg security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6208-1] mediawiki security update

Debian GNU/Linux 13 (Trixie):
[DSA 6207-1] flatpak security update

XanMod Kernel 6.19.12 and 6.18.22 LTS/RT released

Debian 10927 Ubuntu 7099 Published by Philipp Esselbach 0

XanMod has dropped new kernel versions 6.19.12 and 6.18.22 LTS/RT for Debian-based distributions that prioritize heavy workload performance over standard stability. These builds include specific optimizations like LLVM ThinLTO and Google's Multigenerational LRU framework to squeeze better throughput out of the hardware. Power users need to exercise caution since NVIDIA drivers and other DKMS modules often break without a manual update following these kernel jumps. Adding the official repository is the safest route to get everything working, provided you install the build dependencies first to avoid compilation headaches later.

ClamAV, Libyaml-Syck-Perl, Inetutils, Webkit2GTK, GDK-Pixbuf updates for Debian

Debian 10927 Published by Philipp Esselbach 0

A batch of Debian security advisories addresses serious vulnerabilities in popular packages including inetutils and webkit2gtk alongside a version upgrade for clamav. Specific flaws allow attackers to escalate privileges or cause process crashes through malicious network inputs and crafted web content. Memory corruption risks within libyaml-syck-perl and the gdk-pixbuf image loader also require immediate attention from system administrators. Upgrading these packages is essential because leaving them unpatched exposes systems to potential remote code execution or denial of service attacks.

Debian GNU/Linux 9 (Stretch) ELTS:
ELA-1680-1 clamav new upstream version

Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS:
ELA-1679-1 libyaml-syck-perl security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4527-1] inetutils security update
[DLA 4528-1] webkit2gtk security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6206-1] gdk-pixbuf security update

Libyaml-Syck-Perl, Firefox, Chromium updates for Debian

Debian 10927 Published by Philipp Esselbach 0

Debian security teams have released urgent updates for firefox-esr, chromium, and libyaml-syck-perl across several distributions. Firefox users need to install the new version to stop flaws that might enable arbitrary code execution through browser exploits. Across stable distributions, Chromium requires a massive patch covering dozens of CVEs designed to prevent denial of service attacks or data leaks. The perl library update fixes critical memory issues where missing terminators could allow attackers to read adjacent variables unexpectedly.

Debian GNU/Linux 10 (Buster) ELTS:
ELA-1679-1 libyaml-syck-perl security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4526-1] firefox-esr security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6205-1] chromium security update

BIND, PostgreSQL, Linyami-Syck-Perl, OpenSSH updates for Debian

Debian 10927 Published by Philipp Esselbach 0

Debian released security patches for PostgreSQL to fix four vulnerabilities involving memory disclosure and arbitrary code execution risks within the database engine. A separate advisory targets an OpenSSH GSSAPI Key Exchange flaw that enables remote code execution or denial of service if the setting remains active. Administrators should also upgrade libyaml-syck-perl because the package contains high-severity heap buffer overflows and memory corruption bugs discovered within its YAML emitter functions. Finally, BIND9 users need to apply patches for cache poisoning vulnerabilities that might let attackers inject forged data into name server caches on older distributions like buster.

Debian GNU/Linux 10 (Buster) ELTS:
ELA-1678-1 bind9 security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4524-1] postgresql-13 security update
[DLA 4525-1] libyaml-syck-perl security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6204-1] openssh security update

Tiff, Firefox ESR, PostgreSQL updates for Debian

Debian 10927 Published by Philipp Esselbach 0

Debian released security advisories regarding critical flaws found within both the tiff library and Firefox ESR browser software. The first update patches a heap overflow vulnerability that could lead to denial of service or code execution, while the second addresses multiple issues with similar severe consequences for users. Separate Debian GNU/Linux ELTS updates also exist for older PostgreSQL versions to resolve memory disclosure bugs and arbitrary code execution risks in database extensions. System administrators are strongly advised to apply these package upgrades immediately to secure their infrastructure against potential exploitation.

[DSA 6303-1] tiff security update
[DSA 6202-1] firefox-esr security update
ELA-1676-1 postgresql-11 security update
ELA-1677-1 postgresql-9.6 security update

Python-Tornado and OpenSSL updates for Debian

Debian 10927 Published by Philipp Esselbach 0

Recent security updates address critical vulnerabilities within the python-tornado framework and the OpenSSL toolkit used across Debian distributions. Tornado users must update to mitigate denial of service risks via multipart body limits while also resolving cookie injection flaws found in CVE-2026-35536. Meanwhile, the OpenSSL advisory warns that unpatched installations face severe risks ranging from information leaks to potential remote code execution exploits. Immediate upgrades are necessary for stable and oldstable releases to close these security gaps effectively.

ELA-1672-1 python-tornado security update
[DSA 6201-1] openssl security update

Dovecot regression update for Debian

Debian 10927 Published by Philipp Esselbach 0

Debian released advisory DSA-6197-2 concerning a regression within the dovecot package. While attempting to backport a fix for CVE-2025-59032, developers accidentally introduced errors that disrupt authentication against managesieved servers in Bookworm. System administrators are urged to upgrade their installations specifically to version 1:2.3.19.1+dfsg1-2.1+deb12u3 which contains the necessary correction.

[DSA 6197-2] dovecot regression update

Valkey, dovecot, Tor, Trafficserver updates for Debian

Debian 10927 Published by Philipp Esselbach 0

Debian has released four new advisories targeting Valkey, Dovecot, Tor, and Apache Traffic Server. The Valkey patch fixes two issues regarding data manipulation or denial of service but the Dovecot update addresses a much longer list containing SQL injection flaws. System administrators are urged to upgrade packages on both stable and oldstable distributions because the risks include timing side channel attacks. The remaining updates address anonymity tools facing potential denial of service alongside proxy server vulnerabilities that allow for HTTP request smuggling.

[DSA 6198-1] valkey security update
[DSA 6197-1] dovecot security update
[DSA 6200-1] tor security update
[DSA 6199-1] trafficserver security update

Liquorix Linux Kernel 6.19-8 released

Debian 10927 Ubuntu 7099 Published by Philipp Esselbach 0

Liquorix Kernel 6.19-8 swaps four millisecond timeslices for two to make the system feel snappier during heavy loads without manual configuration. Split lock detection is disabled by default while tweaks to the Ondemand governor allow CPU frequency to ramp up faster when applications launch. Gamers and audio pros will appreciate the focus on responsiveness even if it means higher power consumption on laptops. The install script makes getting this kernel easy but users should expect reduced battery life as part of the deal for better frame times.

Libxml-Parser-Perl and Roundcube updates for Debian

Debian 10927 Published by Philipp Esselbach 0

Debian security teams have issued updates for the libxml-parser-perl package that resolve buffer overflow vulnerabilities found across several older distributions like bullseye and buster. Specifically, these patches handle heap corruption risks which appear when parsing XML files with deep nesting structures or handling UTF8 layers incorrectly. A separate advisory targets roundcube webmail software where multiple flaws including cross-site scripting and access control bypasses exist in current stable releases for bookworm and trixie.

Debian GNU/Linux 9 (Stretch) and 10 (Buster) LTS:
ELA-1675-1 libxml-parser-perl security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4522-1] libxml-parser-perl security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6196-1] roundcube security update

LibPNG, Pyasn1, Inetutils, Python-Tornado updates for Debian

Debian 10927 Published by Philipp Esselbach 0

Several Debian security advisories were released recently to address critical vulnerabilities across a range of software packages. The libpng1.6 library requires immediate attention on stretch and buster systems because use-after-free errors could allow attackers to run arbitrary code. Flaws in other tools like pyasn1, inetutils, and python-tornado present different dangers including denial of service or privilege escalation risks that need addressing.

Debian GNU/Linux 9 (Stretch) 9 ELTS:
ELA-1674-1 libpng1.6 security update

Debian GNU/Linux 10 (Buster) 10 ELTS:
ELA-1673-1 libpng1.6 security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6194-1] pyasn1 security update
[DSA 6193-1] inetutils security update
[DSA 6195-1] python-tornado security update

Liquorix Linux Kernel 6.19-7 released

Debian 10927 Ubuntu 7099 Arch Linux 964 Published by Philipp Esselbach 0

The latest Liquorix Kernel 6.19-7 update targets gamers and creators by prioritizing responsiveness over raw throughput for background tasks. Technical tweaks include switching block layer schedulers to kyber while tightening CPU frequency thresholds to ensure cores ramp up faster during spikes. Getting this kernel installed is simple via a provided script for Debian or Ubuntu systems though users must accept that split lock detection turns off to reduce overhead. Enthusiasts chasing lower frame time deviations will likely appreciate the aggressive preemption settings even if they introduce some stability risks.

Previous Page

Next Page

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...