Debian has released security updates for both Debian GNU/Linux 12 (Bookworm) and 13 (Trixie) for several packages: Chromium, Python-Internetarchive, Tryton-Sao, and BIND. The updates address various vulnerabilities, including arbitrary code execution, cache poisoning, denial of service, and cross-site scripting.

[DSA 6036-1] chromium security update
[DSA 6035-1] python-internetarchive security update
[DSA 6034-1] tryton-sao security update
[DSA 6033-1] bind9 security update

[SECURITY] [DSA 6036-1] chromium security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6036-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
October 23, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2025-12036

A security issue was discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.

For the oldstable distribution (bookworm), this problem has been fixed
in version 141.0.7390.122-1~deb12u1.

For the stable distribution (trixie), this problem has been fixed in
version 141.0.7390.122-1~deb13u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[SECURITY] [DSA 6035-1] python-internetarchive security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6035-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 23, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : python-internetarchive
CVE ID : CVE-2025-58438

It was discovered that insecure path handling in the Python interface
to the Internet Archive/archive.org could result in overwriting a
user's files.

For the oldstable distribution (bookworm), this problem has been fixed
in version 3.3.0-2~deb12u1.

For the stable distribution (trixie), this problem has been fixed in
version 5.4.0-2~deb13u1.

We recommend that you upgrade your python-internetarchive packages.

For the detailed security status of python-internetarchive please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-internetarchive

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[SECURITY] [DSA 6034-1] tryton-sao security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6034-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 23, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : tryton-sao
CVE ID : not yet available

Brandon Da Costa and Mahdi Asfhar discovered a cross-site scripting
vulnerability in the web client of the Tryton application platform.

For the oldstable distribution (bookworm), this problem has been fixed
in version 6.0.28+ds1-2+deb12u1.

For the stable distribution (trixie), this problem has been fixed in
version 7.0.28+ds1-1+deb13u1.

We recommend that you upgrade your tryton-sao packages.

For the detailed security status of tryton-sao please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tryton-sao

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[SECURITY] [DSA 6033-1] bind9 security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6033-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 23, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : bind9
CVE ID : CVE-2025-8677 CVE-2025-40778 CVE-2025-40780

Several vulnerabilities were discovered in BIND, a DNS server
implementation, which may result in cache poisoning or denial of service.

For the oldstable distribution (bookworm), these problems have been fixed
in version 1:9.18.41-1~deb12u1.

For the stable distribution (trixie), these problems have been fixed in
version 1:9.20.15-1~deb13u1.

We recommend that you upgrade your bind9 packages.

For the detailed security status of bind9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/bind9

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/