Recent Debian and Freexian advisories address critical security flaws across several widely used system packages. The Linux kernel update patches dozens of vulnerabilities that could enable privilege escalation or cause severe service disruptions. Additional fixes target Firefox ESR, Calibre, PolicyKit-1, and systemd by resolving issues like arbitrary code execution, path traversal attacks, and local denial of service conditions. Administrators should apply these updates without delay to maintain a secure computing environment.

Debian GNU/Linux 9 (Stretch) ELTS:
ELA-1702-1 policykit-1 security update
ELA-1701-1 systemd security update

Debian GNU/Linux 10 (Buster) ELTS:
ELA-1700-1 systemd security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4555-1] firefox-esr security update
[DLA 4554-1] calibre security update

Debian GNU/Linux 13 (Trixie):
[DSA 6238-1] linux security update

[SECURITY] [DLA 4555-1] firefox-esr security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4555-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
April 30, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : firefox-esr
Version : 140.10.1esr-1~deb11u1
CVE ID : CVE-2026-7320 CVE-2026-7321 CVE-2026-7322 CVE-2026-7323

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, information disclosure or sandbox escape.

For Debian 11 bullseye, these problems have been fixed in version
140.10.1esr-1~deb11u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

ELA-1702-1 policykit-1 security update (by )

Package : policykit-1
Version : 0.105-18+deb9u3 (stretch)

Related CVEs :
CVE-2026-4897

Pavel Kohout, Aisle Research found that a local user provide a specially
crafted, excessively long input to the polkit-agent-helper-1 setuid binary
via standard input (stdin).
This unbounded input can lead to an out-of-memory (OOM) condition,
resulting in a Denial of Service (DoS) for the system.

ELA-1702-1 policykit-1 security update (by )

[SECURITY] [DLA 4554-1] calibre security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4554-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
April 29, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : calibre
Version : 5.12.0+dfsg-1+deb11u4
CVE ID : CVE-2025-64486 CVE-2026-25635 CVE-2026-25636 CVE-2026-26064
CVE-2026-26065

Multiple vulnerabilities have been discovered in calibre, an e-book
manager

CVE-2025-64486

calibre does not validate filenames when handling binary assets in
FB2 files, allowing an attacker to write arbitrary files on the
filesystem when viewing or converting a malicious FictionBook
file. This can be leveraged to achieve arbitrary code execution.

CVE-2026-25635

Calibre's CHM reader contains a path traversal vulnerability that
allows arbitrary file writes anywhere the user has write
permissions.

CVE-2026-25636

a path traversal vulnerability in Calibre's EPUB conversion allows
a malicious EPUB file to corrupt arbitrary existing files writable
by the Calibre process

CVE-2026-26064

a path traversal vulnerability that allows arbitrary file writes
anywhere the user has write permissions.

CVE-2026-26065

Path Traversal through PDB readers that allow arbitrary file
writes with arbitrary extension and arbitrary content anywhere the
user has write permissions. Files are written in 'wb' mode,
silently overwriting existing files. This can lead to potential
code execution and Denial of Service through file corruption.

For Debian 11 bullseye, these problems have been fixed in version
5.12.0+dfsg-1+deb11u4.

We recommend that you upgrade your calibre packages.

For the detailed security status of calibre please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/calibre

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

ELA-1701-1 systemd security update (by )

Package : systemd
Version : 232-25+deb9u18 (stretch)

Related CVEs :
CVE-2026-4105
CVE-2026-40225

The following vulnerabilities have been discovered systemd:
CVE-2026-4105

The systemd-machined service contains an Improper Access Control
vulnerability due to insufficient validation of the class parameter in
the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged
user can exploit this by attempting to register a machine with a
specific class value, which may leave behind a usable,
attacker-controlled machine object. This allows the attacker to invoke
methods on the privileged object, leading to the execution of
arbitrary commands with root privileges on the host system.

CVE-2026-40225

udev: local root execution can occur via malicious hardware devices
and unsanitized kernel output.

ELA-1701-1 systemd security update (by )

ELA-1700-1 systemd security update (by )

Package : systemd
Version : 241-7~deb10u12 (buster)

Related CVEs :
CVE-2026-4105
CVE-2026-29111
CVE-2026-40225
CVE-2026-40226

The following vulnerabilities have been discovered systemd:

CVE-2026-4105

The systemd-machined service contains an Improper Access Control
vulnerability due to insufficient validation of the class parameter in
the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged
user can exploit this by attempting to register a machine with a
specific class value, which may leave behind a usable,
attacker-controlled machine object. This allows the attacker to invoke
methods on the privileged object, leading to the execution of
arbitrary commands with root privileges on the host system.

CVE-2026-29111

When an unprivileged IPC API call is made with spurious data, a stack
overwrite occurs, with the attacker controlled content.

CVE-2026-40225

udev: local root execution can occur via malicious hardware devices
and unsanitized kernel output.

CVE-2026-40226

nspawn: an escape-to-host action can occur via a crafted optional
config file.

ELA-1700-1 systemd security update (by )

[SECURITY] [DSA 6238-1] linux security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6238-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 30, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2024-14027 CVE-2025-21709 CVE-2025-22116 CVE-2025-22117
CVE-2025-38426 CVE-2025-38627 CVE-2025-39764 CVE-2025-40005
CVE-2025-40135 CVE-2025-40147 CVE-2025-40150 CVE-2025-40219
CVE-2025-68175 CVE-2025-68239 CVE-2025-68334 CVE-2025-68736
CVE-2025-71152 CVE-2025-71161 CVE-2025-71221 CVE-2025-71239
CVE-2025-71265 CVE-2025-71266 CVE-2025-71267 CVE-2025-71269
CVE-2026-22981 CVE-2026-22985 CVE-2026-22986 CVE-2026-22993
CVE-2026-23004 CVE-2026-23066 CVE-2026-23070 CVE-2026-23104
CVE-2026-23138 CVE-2026-23157 CVE-2026-23207 CVE-2026-23210
CVE-2026-23226 CVE-2026-23227 CVE-2026-23231 CVE-2026-23239
CVE-2026-23240 CVE-2026-23242 CVE-2026-23243 CVE-2026-23244
CVE-2026-23245 CVE-2026-23246 CVE-2026-23249 CVE-2026-23250
CVE-2026-23251 CVE-2026-23252 CVE-2026-23253 CVE-2026-23255
CVE-2026-23270 CVE-2026-23271 CVE-2026-23273 CVE-2026-23274
CVE-2026-23276 CVE-2026-23277 CVE-2026-23278 CVE-2026-23279
CVE-2026-23281 CVE-2026-23284 CVE-2026-23285 CVE-2026-23286
CVE-2026-23287 CVE-2026-23289 CVE-2026-23290 CVE-2026-23291
CVE-2026-23292 CVE-2026-23293 CVE-2026-23296 CVE-2026-23297
CVE-2026-23298 CVE-2026-23300 CVE-2026-23302 CVE-2026-23303
CVE-2026-23304 CVE-2026-23306 CVE-2026-23307 CVE-2026-23308
CVE-2026-23310 CVE-2026-23312 CVE-2026-23313 CVE-2026-23315
CVE-2026-23316 CVE-2026-23317 CVE-2026-23318 CVE-2026-23319
CVE-2026-23321 CVE-2026-23324 CVE-2026-23325 CVE-2026-23330
CVE-2026-23334 CVE-2026-23335 CVE-2026-23336 CVE-2026-23339
CVE-2026-23340 CVE-2026-23343 CVE-2026-23347 CVE-2026-23351
CVE-2026-23352 CVE-2026-23354 CVE-2026-23356 CVE-2026-23357
CVE-2026-23359 CVE-2026-23360 CVE-2026-23361 CVE-2026-23362
CVE-2026-23363 CVE-2026-23364 CVE-2026-23365 CVE-2026-23367
CVE-2026-23368 CVE-2026-23369 CVE-2026-23370 CVE-2026-23372
CVE-2026-23373 CVE-2026-23374 CVE-2026-23375 CVE-2026-23378
CVE-2026-23379 CVE-2026-23380 CVE-2026-23381 CVE-2026-23382
CVE-2026-23383 CVE-2026-23386 CVE-2026-23387 CVE-2026-23388
CVE-2026-23389 CVE-2026-23391 CVE-2026-23392 CVE-2026-23393
CVE-2026-23395 CVE-2026-23396 CVE-2026-23397 CVE-2026-23398
CVE-2026-23399 CVE-2026-23401 CVE-2026-23412 CVE-2026-23413
CVE-2026-23414 CVE-2026-23417 CVE-2026-23419 CVE-2026-23420
CVE-2026-23422 CVE-2026-23426 CVE-2026-23427 CVE-2026-23428
CVE-2026-23434 CVE-2026-23438 CVE-2026-23439 CVE-2026-23440
CVE-2026-23441 CVE-2026-23442 CVE-2026-23444 CVE-2026-23445
CVE-2026-23446 CVE-2026-23447 CVE-2026-23448 CVE-2026-23449
CVE-2026-23450 CVE-2026-23452 CVE-2026-23454 CVE-2026-23455
CVE-2026-23456 CVE-2026-23457 CVE-2026-23458 CVE-2026-23460
CVE-2026-23461 CVE-2026-23462 CVE-2026-23463 CVE-2026-23464
CVE-2026-23465 CVE-2026-23466 CVE-2026-23470 CVE-2026-23474
CVE-2026-23475 CVE-2026-31389 CVE-2026-31391 CVE-2026-31392
CVE-2026-31393 CVE-2026-31394 CVE-2026-31396 CVE-2026-31399
CVE-2026-31400 CVE-2026-31401 CVE-2026-31402 CVE-2026-31403
CVE-2026-31405 CVE-2026-31406 CVE-2026-31407 CVE-2026-31408
CVE-2026-31409 CVE-2026-31410 CVE-2026-31411 CVE-2026-31412
CVE-2026-31414 CVE-2026-31415 CVE-2026-31416 CVE-2026-31417
CVE-2026-31418 CVE-2026-31421 CVE-2026-31422 CVE-2026-31423
CVE-2026-31424 CVE-2026-31425 CVE-2026-31426 CVE-2026-31427
CVE-2026-31428 CVE-2026-31429 CVE-2026-31430 CVE-2026-31431
CVE-2026-31432 CVE-2026-31433 CVE-2026-31434 CVE-2026-31436
CVE-2026-31438 CVE-2026-31439 CVE-2026-31440 CVE-2026-31441
CVE-2026-31446 CVE-2026-31447 CVE-2026-31448 CVE-2026-31449
CVE-2026-31450 CVE-2026-31451 CVE-2026-31452 CVE-2026-31453
CVE-2026-31454 CVE-2026-31455 CVE-2026-31458 CVE-2026-31462
CVE-2026-31464 CVE-2026-31466 CVE-2026-31467 CVE-2026-31469
CVE-2026-31470 CVE-2026-31473 CVE-2026-31474 CVE-2026-31476
CVE-2026-31477 CVE-2026-31478 CVE-2026-31479 CVE-2026-31480
CVE-2026-31482 CVE-2026-31483 CVE-2026-31485 CVE-2026-31487
CVE-2026-31488 CVE-2026-31489 CVE-2026-31492 CVE-2026-31494
CVE-2026-31495 CVE-2026-31496 CVE-2026-31497 CVE-2026-31498
CVE-2026-31500 CVE-2026-31502 CVE-2026-31503 CVE-2026-31504
CVE-2026-31505 CVE-2026-31506 CVE-2026-31507 CVE-2026-31508
CVE-2026-31509 CVE-2026-31510 CVE-2026-31511 CVE-2026-31512
CVE-2026-31515 CVE-2026-31516 CVE-2026-31518 CVE-2026-31519
CVE-2026-31520 CVE-2026-31521 CVE-2026-31522 CVE-2026-31523
CVE-2026-31524 CVE-2026-31525 CVE-2026-31527 CVE-2026-31528
CVE-2026-31530 CVE-2026-31531 CVE-2026-31532 CVE-2026-31533
CVE-2026-31540 CVE-2026-31542 CVE-2026-31545 CVE-2026-31546
CVE-2026-31548 CVE-2026-31549 CVE-2026-31550 CVE-2026-31551
CVE-2026-31552 CVE-2026-31554 CVE-2026-31555 CVE-2026-31556
CVE-2026-31557 CVE-2026-31558 CVE-2026-31559 CVE-2026-31561
CVE-2026-31563 CVE-2026-31565 CVE-2026-31566 CVE-2026-31570
CVE-2026-31575 CVE-2026-31576 CVE-2026-31577 CVE-2026-31578
CVE-2026-31580 CVE-2026-31581 CVE-2026-31582 CVE-2026-31583
CVE-2026-31584 CVE-2026-31585 CVE-2026-31586 CVE-2026-31587
CVE-2026-31588 CVE-2026-31590 CVE-2026-31593 CVE-2026-31594
CVE-2026-31595 CVE-2026-31596 CVE-2026-31597 CVE-2026-31598
CVE-2026-31599 CVE-2026-31602 CVE-2026-31603 CVE-2026-31604
CVE-2026-31605 CVE-2026-31606 CVE-2026-31607 CVE-2026-31610
CVE-2026-31611 CVE-2026-31612 CVE-2026-31614 CVE-2026-31615
CVE-2026-31616 CVE-2026-31617 CVE-2026-31618 CVE-2026-31619
CVE-2026-31622 CVE-2026-31623 CVE-2026-31624 CVE-2026-31625
CVE-2026-31626 CVE-2026-31627 CVE-2026-31628 CVE-2026-31629
CVE-2026-31634 CVE-2026-31637 CVE-2026-31638 CVE-2026-31639
CVE-2026-31642 CVE-2026-31644 CVE-2026-31645 CVE-2026-31646
CVE-2026-31647 CVE-2026-31648 CVE-2026-31649 CVE-2026-31651
CVE-2026-31655 CVE-2026-31656 CVE-2026-31657 CVE-2026-31658
CVE-2026-31659 CVE-2026-31660 CVE-2026-31661 CVE-2026-31662
CVE-2026-31664 CVE-2026-31665 CVE-2026-31666 CVE-2026-31667
CVE-2026-31668 CVE-2026-31669 CVE-2026-31670 CVE-2026-31671
CVE-2026-31672 CVE-2026-31673 CVE-2026-31674 CVE-2026-31675
CVE-2026-31676 CVE-2026-31677 CVE-2026-31678 CVE-2026-31679
CVE-2026-31680 CVE-2026-31681 CVE-2026-31682 CVE-2026-31683
CVE-2026-31684 CVE-2026-31685 CVE-2026-31686 CVE-2026-31689
CVE-2026-31693 CVE-2026-31786 CVE-2026-31787 CVE-2026-31788

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

For the stable distribution (trixie), these problems have been fixed in
version 6.12.85-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/