Debian GNU/Linux 8 (Jessie), 9 (Stretch), and 10 (Buster) Extended LTS:
ELA-1406-1 distro-info-data database update
ELA-1407-1 imagemagick security update
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1408-1 curl security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4138-1] distro-info-data database update
[DLA 4139-1] imagemagick security update
[SECURITY] [DLA 4138-1] distro-info-data database update
-------------------------------------------------------------------------
Debian LTS Advisory DLA-4138-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Stefano Rivera
April 26, 2025 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : distro-info-data
Version : 0.51+deb11u8
This is a routine update of the distro-info-data database for Debian LTS
users.
It adds Ubuntu 25.10 "Questing Quokka" and Debian 15 "Duke".
For Debian 11 bullseye, this problem has been fixed in version
0.51+deb11u8.
We recommend that you upgrade your distro-info-data packages.
For the detailed security status of distro-info-data please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/distro-info-data
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
ELA-1406-1 distro-info-data database update
Package : distro-info-data
Version : 0.36~bpo8+7 (jessie), 0.41+deb10u2~bpo9+7 (stretch), 0.41+deb10u11 (buster)
This is a routine update of the distro-info-data database for Debian
ELTS users.
It adds Ubuntu 25.10 “Questing Quokka” and Debian 15 “Duke”.ELA-1406-1 distro-info-data database update
[SECURITY] [DLA 4139-1] imagemagick security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4139-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
April 26, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : imagemagick
Version : 8:6.9.11.60+dfsg-1.3+deb11u5
CVE ID : CVE-2025-43965
Mishandling of MIFF image depth after SetQuantumFormat() has been fixed
in ImageMagick, a software suite for editing and manipulating digital
images.
For Debian 11 bullseye, this problem has been fixed in version
8:6.9.11.60+dfsg-1.3+deb11u5.
We recommend that you upgrade your imagemagick packages.
For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
ELA-1408-1 curl security update
Package : curl
Version : 7.52.1-5+deb9u23 (stretch), 7.64.0-4+deb10u11 (buster)
Related CVEs :
CVE-2024-2398
CVE-2024-8096
Two security issues were found in Curl, an easy-to-use client-side URL
transfer library and command line tool:
CVE-2024-2398
When an application tells libcurl it wants to allow HTTP/2 server push, and
the amount of received headers for the push surpasses the maximum allowed
limit (1000), libcurl aborts the server push. When aborting, libcurl
inadvertently does not free all the previously allocated headers and
instead leaks the memory.
Further, this error condition fails silently and is therefore not easily
detected by an application.
CVE-2024-8096
When curl is told to use the Certificate Status Request TLS extension,
often referred to as OCSP stapling, to verify that the server certificate
is valid, it might fail to detect some OCSP problems and instead wrongly
consider the response as fine.
If the returned status reports another error than "revoked" (like for
example "unauthorized") it is not treated as a bad certificate.ELA-1408-1 curl security update
ELA-1407-1 imagemagick security update
Package : imagemagick
Version : 8:6.8.9.9-5+deb8u28 (jessie), 8:6.9.7.4+dfsg-11+deb9u21 (stretch), 8:6.9.10.23+dfsg-2.1+deb10u10 (buster)
Related CVEs :
CVE-2025-43965
Mishandling of MIFF image depth after SetQuantumFormat() has been fixed in ImageMagick, a software suite for editing and manipulating digital images.ELA-1407-1 imagemagick security update
