Debian GNU/Linux has received two security updates: [DSA 5968-1] chromium security update for Debian 12 and [DLA 4259-1] systemd security update for Debian 11 LTS:

[DSA 5968-1] chromium security update
[DLA 4259-1] systemd security update

[SECURITY] [DSA 5968-1] chromium security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5968-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
July 30, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2025-8292

Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.

For the stable distribution (bookworm), this problem has been fixed in
version 138.0.7204.183-1~deb12u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[SECURITY] [DLA 4259-1] systemd security update

-------------------------------------------------------------------------
Debian LTS Advisory DLA-4259-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Carlos Henrique Lima Melara
July 30, 2025 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : systemd
Version : 247.3-7+deb11u7
CVE ID : CVE-2025-4598
Debian Bug : 1106785

The Qualys Threat Research Unit (TRU) discovered that systemd-coredump
is prone to a kill-and-replace race condition which may allow a local
attacker to gain sensitive information from crashed SUID processes.
Additionally systemd-coredump does not specify %d (the kernel's per-
process "dumpable" flag) in /proc/sys/kernel/core_pattern allowing a
local attacker to crash root daemons that fork() and setuid() to the
attacker's uid and consequently gain read access to the resulting core
dumps and therefore to sensitive information from memory of the root
daemons.

Details can be found in the Qualys advisory at
https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt

For Debian 11 bullseye, this problem has been fixed in version
247.3-7+deb11u7.

We recommend that you upgrade your systemd packages.

For the detailed security status of systemd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/systemd

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS