The Debian Project has released a security update for the bind9 package to fix three vulnerabilities, including resource exhaustion and cache poisoning attacks. The vulnerabilities were fixed in version 1:9.16.50-1~deb11u4, which is available for Debian GNU/Linux 11 (Bullseye) LTS. A separate security advisory was also released for the GIMP package in Debian GNU/Linux 12 (Bookworm) and 13 (Trixie), which contains a buffer overflow vulnerability that can result in denial of service or arbitrary code execution when opening malformed XWD images.

[DLA 4364-1] bind9 security update
[DSA 6049-1] gimp security update

[SECURITY] [DLA 4364-1] bind9 security update

-------------------------------------------------------------------------
Debian LTS Advisory DLA-4364-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Andreas Henriksson
November 04, 2025 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : bind9
Version : 1:9.16.50-1~deb11u4
CVE ID : CVE-2025-8677 CVE-2025-40778 CVE-2025-40780
Debian Bug :

Brief introduction

CVE-2025-8677

Resource exhaustion via malformed DNSKEY handling

CVE-2025-40778

Cache poisoning attacks with unsolicited RRs

CVE-2025-40780

Cache poisoning due to weak PRNG

For Debian 11 bullseye, these problems have been fixed in version
1:9.16.50-1~deb11u4.

We recommend that you upgrade your bind9 packages.

For the detailed security status of bind9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/bind9

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[SECURITY] [DSA 6049-1] gimp security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6049-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
November 04, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : gimp
CVE ID : CVE-2025-10934

A buffer overflow was discovered in GIMP, the GNU Image Manipulation
Program, which could result in denial of service or potentially the
execution of arbitrary code if malformed XWD images are opened.

For the oldstable distribution (bookworm), this problem has been fixed
in version 2.10.34-1+deb12u5.

For the stable distribution (trixie), this problem has been fixed in
version 3.0.4-3+deb13u2.

We recommend that you upgrade your gimp packages.

For the detailed security status of gimp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gimp

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/