Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS:
ELA-1663-1 linux-6.1 security update
ELA-1664-1 linux-5.10 security update
Debian GNU/Linux 10 (Buster) ELTS:
ELA-1662-1 awstats security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4508-1] nss security update
[DLA 4509-1] awstats security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6177-1] chromium security update
[DSA 6178-1] firefox-esr security update
[SECURITY] [DSA 6177-1] chromium security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6177-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
March 25, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium
CVE ID : CVE-2026-4673 CVE-2026-4674 CVE-2026-4675 CVE-2026-4676
CVE-2026-4677 CVE-2026-4678 CVE-2026-4679 CVE-2026-4680
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
For the oldstable distribution (bookworm), these problems have been fixed
in version 146.0.7680.164-1~deb12u1.
For the stable distribution (trixie), these problems have been fixed in
version 146.0.7680.164-1~deb13u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[SECURITY] [DLA 4508-1] nss security update
- -----------------------------------------------------------------------
Debian LTS Advisory DLA-4508-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
March 25, 2026 https://wiki.debian.org/LTS
- -----------------------------------------------------------------------
Package : nss
Version : 2:3.61-1+deb11u5
CVE ID : CVE-2026-2781
Clay Ver Valen discovered an integer overflow in the AES-GCM
implementation of the Mozilla Network Security Service libraries.
For Debian 11 bullseye, this problem has been fixed in version
2:3.61-1+deb11u5.
We recommend that you upgrade your nss packages.
For the detailed security status of nss please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nss
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DLA 4509-1] awstats security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4509-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
March 25, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : awstats
Version : 7.8-2+deb11u2
CVE ID : CVE-2025-63261
It was discovered that there was a potential command injection
vulnerability in awstats, an analytics tool for web servers and
similar services.
For Debian 11 bullseye, this problem has been fixed in version
7.8-2+deb11u2.
We recommend that you upgrade your awstats packages.
For the detailed security status of awstats please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/awstats
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DSA 6178-1] firefox-esr security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6178-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
March 25, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : firefox-esr
CVE ID : CVE-2025-59375 CVE-2026-4684 CVE-2026-4685 CVE-2026-4686
CVE-2026-4687 CVE-2026-4688 CVE-2026-4689 CVE-2026-4690
CVE-2026-4691 CVE-2026-4692 CVE-2026-4693 CVE-2026-4694
CVE-2026-4695 CVE-2026-4696 CVE-2026-4697 CVE-2026-4698
CVE-2026-4699 CVE-2026-4700 CVE-2026-4701 CVE-2026-4702
CVE-2026-4704 CVE-2026-4705 CVE-2026-4706 CVE-2026-4707
CVE-2026-4708 CVE-2026-4709 CVE-2026-4710 CVE-2026-4713
CVE-2026-4714 CVE-2026-4715 CVE-2026-4716 CVE-2026-4717
CVE-2026-4718 CVE-2026-4719 CVE-2026-4720 CVE-2026-4721
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, sandbox escape, information disclosure, denial of service or
privilege escalation.
For the oldstable distribution (bookworm), these problems have been
fixed in version 140.9.0esr-1~deb12u1.
For the stable distribution (trixie), these problems have been fixed in
version 140.9.0esr-1~deb13u1.
We recommend that you upgrade your firefox-esr packages.
For the detailed security status of firefox-esr please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
ELA-1663-1 linux-6.1 security update
Package : linux-6.1
Version : 6.1.164+1~deb9u1 (stretch), 6.1.164+1~deb10u1 (buster)
Related CVEs :
CVE-2023-53424
CVE-2024-26822
CVE-2024-57895
CVE-2025-22026
CVE-2025-23155
CVE-2025-37786
CVE-2025-37920
CVE-2025-38201
CVE-2025-38643
CVE-2025-39763
CVE-2025-40082
CVE-2025-40251
CVE-2025-68358
CVE-2025-71089
CVE-2025-71144
CVE-2025-71232
CVE-2025-71233
CVE-2025-71235
CVE-2025-71236
CVE-2025-71237
CVE-2026-23111
CVE-2026-23112
CVE-2026-23169
CVE-2026-23220
CVE-2026-23221
CVE-2026-23222
CVE-2026-23228
CVE-2026-23229
CVE-2026-23230
Several vulnerabilities have been discovered in the Linux kernel that could
lead to privilege escalation, denial of service, or information disclosure.
Many apparmor related issues were fixed. This update also fixes a regression
that caused GRE6 tunnels to stop working due to a decapsulation failure (Debian
bug #1127597).ELA-1663-1 linux-6.1 security update
ELA-1664-1 linux-5.10 security update
Package : linux-5.10
Version : 5.10.251-1~deb9u1 (stretch), 5.10.251-1~deb10u1 (buster)
Related CVEs :
CVE-2022-50516
CVE-2025-38201
CVE-2025-71222
CVE-2025-71224
CVE-2025-71232
CVE-2025-71235
CVE-2025-71236
CVE-2025-71237
CVE-2025-71238
CVE-2026-23112
CVE-2026-23176
CVE-2026-23190
CVE-2026-23193
CVE-2026-23198
CVE-2026-23209
CVE-2026-23216
CVE-2026-23222
CVE-2026-23229
CVE-2026-23234
CVE-2026-23235
CVE-2026-23236
CVE-2026-23237
CVE-2026-23238
Several vulnerabilities have been discovered in the Linux kernel that could
lead to privilege escalation, denial of service, or information disclosure.
Many apparmor related issues were fixed. This update also fixes a regression
that caused GRE6 tunnels to stop working due to a decapsulation failure (Debian
bug #1127597).ELA-1664-1 linux-5.10 security update
ELA-1662-1 awstats security update
Package : awstats
Version : 7.6+dfsg-2+deb10u4 (buster)
Related CVEs :
CVE-2025-63261
It was discovered that there was a potential command injection vulnerability in
awstats, an analytics tool for web servers and similar services.ELA-1662-1 awstats security update
