[DSA 6348-1] gsasl security update
[DLA 4631-1] asterisk security update
[DLA 4632-1] atril security update
[SECURITY] [DSA 6348-1] gsasl security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6348-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 16, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : gsasl
CVE ID : not yet available
It was discovered that missing input sanitising in the NTLM client of the
GNU SASL library could result in memory disclosure
For the stable distribution (trixie), this problem has been fixed in
version 2.2.2-1.1+deb13u2.
We recommend that you upgrade your gsasl packages.
For the detailed security status of gsasl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gsasl
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[SECURITY] [DLA 4631-1] asterisk security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4631-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
June 16, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : asterisk
Version : 1:16.28.0~dfsg-0+deb11u10
CVE ID : CVE-2025-65102 CVE-2026-25994 CVE-2026-26203
CVE-2026-26967 CVE-2026-28799 CVE-2026-29068
CVE-2026-32942 CVE-2026-32945 CVE-2026-33069
CVE-2026-34235 CVE-2026-40614 CVE-2026-41415
CVE-2026-42225
Several issues have been found in asterisk, an Open Source Private Branch
Exchange (PBX). They are related to buffer under- or overflows, either on
heap or on stack. Some are related to use-after-free or wrong processing
of invalid or untrusted certificates.
For Debian 11 bullseye, these problems have been fixed in version
1:16.28.0~dfsg-0+deb11u10.
We recommend that you upgrade your asterisk packages.
For the detailed security status of asterisk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/asterisk
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DLA 4632-1] atril security update
-------------------------------------------------------------------------
Debian LTS Advisory DLA-4632-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Andreas Henriksson
June 16, 2026 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : atril
Version : 1.26.0-2+deb12u4
CVE ID : CVE-2026-46529
Debian Bug : 1139874
It was discovered that atril, a simple multi-page document viewer, is
prone to a command injection vulnerability if a specially crafted PDF
file is opened.
For Debian 12 bookworm, this problem has been fixed in version
1.26.0-2+deb12u4.
For Debian 11 bullseye, see DLA 4597-1.
We recommend that you upgrade your atril packages.
For the detailed security status of atril please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/atril
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
