Debian GNU/Linux 9 (Stretch) Extended LTS:
ELA-1577-1 gst-plugins-good1.0 security update
Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1576-1 gst-plugins-good1.0 security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4370-1] firefox-esr security update
Debian GNU/Linux 12 (Bookworm):
[DSA 6057-1] lxd security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6055-1] chromium security update
[DSA 6056-1] keystone security update
[SECURITY] [DLA 4370-1] firefox-esr security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4370-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
November 13, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : firefox-esr
Version : 140.5.0esr-1~deb11u1
CVE ID : CVE-2025-13012 CVE-2025-13013 CVE-2025-13014 CVE-2025-13015
CVE-2025-13016 CVE-2025-13017 CVE-2025-13018 CVE-2025-13019
CVE-2025-13020
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary code
or bypass of the same-origin policy.
For Debian 11 bullseye, these problems have been fixed in version
140.5.0esr-1~deb11u1.
We recommend that you upgrade your firefox-esr packages.
For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DSA 6055-1] chromium security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6055-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
November 13, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium
CVE ID : CVE-2025-13042
A security issue was discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
For the oldstable distribution (bookworm), this problem has been fixed
in version 142.0.7444.162-1~deb12u1.
For the stable distribution (trixie), this problem has been fixed in
version 142.0.7444.162-1~deb13u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
ELA-1576-1 gst-plugins-good1.0 security update
Package : gst-plugins-good1.0
Version : 1.14.4-1+deb10u5 (buster)
Related CVEs :
CVE-2025-47183
CVE-2025-47219
Multiple vulnerabilities were discovered in plugins for the GStreamer media framework.
CVE-2025-47183
The isomp4 plugin's qtdemux_parse_tree() function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure.
CVE-2025-47219
The isomp4 plugin's qtdemux_parse_trak() function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.ELA-1576-1 gst-plugins-good1.0 security update
ELA-1577-1 gst-plugins-good1.0 security update
Package : gst-plugins-good1.0
Version : 1.10.4-1+deb9u5 (stretch)
Related CVEs :
CVE-2024-47543
CVE-2024-47545
CVE-2024-47546
CVE-2024-47597
CVE-2025-47219
Multiple vulnerabilities were discovered in plugins for the GStreamer media framework.
CVE-2024-47543:
An OOB-read vulnerability has been discovered
in qtdemux_parse_container function within qtdemux.c.
In the parent function qtdemux_parse_node, the value of
length is not well checked. So, if length is big enough,
it causes the pointer end to point beyond the boundaries
of buffer. Subsequently, in the qtdemux_parse_container
function, the while loop can trigger an OOB-read,
accessing memory beyond the bounds of buf.
This vulnerability can result in reading up to
4GB of process memory or potentially causing a
segmentation fault (SEGV) when accessing invalid memory
CVE-2024-47545:
An integer underflow has been detected in qtdemux_parse_trak function
within qtdemux.c. During the strf parsing case, the subtraction
size -= 40 can lead to a negative integer overflow if it is less than
40. If this happens, the subsequent call to gst_buffer_fill will
invoke memcpy with a large tocopy size, resulting in an OOB-read.
CVE-2024-47546:
An integer underflow has been detected
in extract_cc_from_data function within qtdemux.c.
In the FOURCC_c708 case, the subtraction atom_length - 8
may result in an underflow if atom_length is less than 8.
When that subtraction underflows, *cclen ends up being a
large number, and then cclen is passed to g_memdup2
leading to an out-of-bounds (OOB) read
CVE-2024-47597:
An OOB-read has been detected in the function
qtdemux_parse_samples within qtdemux.c. This issue arises
when the function qtdemux_parse_samples reads data beyond
the boundaries of the stream->stco buffer. The following code
snippet shows the call to qt_atom_parser_get_offset_unchecked,
which leads to the OOB-read when parsing the provided
GHSL-2024-245_crash1.mp4 file. This issue may lead
to read up to 8 bytes out-of-bounds.
CVE-2025-47219:
The isomp4 plugin's qtdemux_parse_trak() function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.ELA-1577-1 gst-plugins-good1.0 security update
[SECURITY] [DSA 6056-1] keystone security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6056-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
November 13, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : keystone
CVE ID : not yet available
A vulnerability was discovered in the ec2tokens and s3tokens APIs of
Keystone, the OpenStack identity service, which may result in
authorisation bypass or privilege escalation if /v3/ec2tokens or
/v3/s3tokens are reachable by unauthenticated clients.
The Swift object storage service also requires an update to work with
the updated Keystone: The update to Swift is provided as 2.30.1-0+deb12u1
for bookworm and 2.35.1-0+deb13u1 for trixie and is backwards-compatible
with older Keystone versions. As such, it is recommended to first upgrade
Swift before deploying the Keystone update.
For the oldstable distribution (bookworm), this problem has been fixed
in version 2:22.0.2-0+deb12u1.
For the stable distribution (trixie), this problem has been fixed in
version 2:27.0.0-3+deb13u1.
We recommend that you upgrade your keystone packages.
For the detailed security status of keystone please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/keystone
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[SECURITY] [DSA 6057-1] lxd security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6057-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
November 13, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : lxd
CVE ID : CVE-2025-64507
It was discovered that LXD, a system container and virtual machine
manager, is prone to a local privilege escalation vulnerability if
unprivileged users are allowed to access LXD through lxd-user.
For the oldstable distribution (bookworm), this problem has been fixed
in version 5.0.2-5+deb12u2.
We recommend that you upgrade your lxd packages.
For the detailed security status of lxd please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/lxd
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
