Debian has released two security advisories: DSA-5988-1 for Chromium for Debian 12 (Bookworm) and 13 (Trixie) and DSA-5987-1 for Unbound for Debian 12 (Bookworm). The Chromium update fixes a vulnerability that could result in the execution of arbitrary code, denial of service, or information disclosure (CVE-2025-9478). The unbound update addresses multiple vulnerabilities, including denial of service and cache poisoning via the "rebirthday attack" (CVE-2024-8508, CVE-2024-33655, CVE-2025-5994). Users are recommended to upgrade their Chromium and unbound packages to fix these security issues.

[SECURITY] [DSA 5988-1] chromium security update
[SECURITY] [DSA 5987-1] unbound security update

[SECURITY] [DSA 5988-1] chromium security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5988-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
August 27, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2025-9478

A security issues was discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.

For the oldstable distribution (bookworm), this problem has been fixed
in version 139.0.7258.154-1~deb12u1.

For the stable distribution (trixie), this problem has been fixed in
version 139.0.7258.154-1~deb13u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[SECURITY] [DSA 5987-1] unbound security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5987-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 27, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : unbound
CVE ID : CVE-2024-8508 CVE-2024-33655 CVE-2025-5994

Multiple security issues were discovered in Unbound, a validating,
recursive, caching DNS resolver, which may result in denial of service
or cache poisoning via the "rebirthday attack".

For the oldstable distribution (bookworm), these problems have been fixed
in version 1.17.1-2+deb12u3.

We recommend that you upgrade your unbound packages.

For the detailed security status of unbound please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/unbound

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/