Debian administrators should immediately apply three urgent security patches to keep their systems safe. The Linux kernel update resolves a vulnerability that could allow attackers to escalate privileges or leak sensitive data. Apache HTTP Server receives critical fixes for numerous flaws that might enable remote code execution and cause service disruptions. GnuTLS also gets corrected against multiple serious issues involving authentication bypasses and arbitrary code execution across several Debian releases.

[DLA 4588-1] linux-6.1 security update
ELA-1728-1 apache2 security update
[DSA 6281-1] gnutls28 security update

[SECURITY] [DLA 4588-1] linux-6.1 security update

-------------------------------------------------------------------------
Debian LTS Advisory DLA-4588-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Ben Hutchings
May 19, 2026 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : linux-6.1
Version : 6.1.172-1~deb11u1
CVE ID : CVE-2026-46333

A vulnerability has been discovered in the Linux kernel that may
lead to information leaks or local privilege escalation.

For Debian 11 bullseye, this problem has been fixed in version
6.1.172-1~deb11u1.

We recommend that you upgrade your linux-6.1 packages.

For the detailed security status of linux-6.1 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/linux-6.1

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

ELA-1728-1 apache2 security update (by )

Package : apache2


Version : 2.4.25-3+deb9u23 (stretch)


Related CVEs :

CVE-2026-24072

CVE-2026-28780

CVE-2026-29169

CVE-2026-33006

CVE-2026-33007

CVE-2026-33523

CVE-2026-33857

CVE-2026-34032

CVE-2026-34059



Multiple vulnerabilities have been discovered in the Apache HTTP server,
which may result in remote code execution, privilege escalation, denial
of service or information disclosure.

ELA-1728-1 apache2 security update (by )

[SECURITY] [DSA 6281-1] gnutls28 security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6281-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 19, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : gnutls28
CVE ID : CVE-2026-3832 CVE-2026-3833 CVE-2026-5260 CVE-2026-5419
CVE-2026-33845 CVE-2026-33846 CVE-2026-42009 CVE-2026-42010
CVE-2026-42011 CVE-2026-42012 CVE-2026-42013 CVE-2026-42014
CVE-2026-42015
Debian Bug : 1135319

Multiple security vulnerabilities have been discovered in GnuTLS, a
library implementing the TLS and SSL protocols, which may result in
execution of arbitrary code, denial of service, information leak,
certificate misuse, name constraint bypass, authentication bypass,
revocation bypass or timing side-channel attacks.

For the oldstable distribution (bookworm), these problems have been
fixed in version 3.7.9-2+deb12u7.

For the stable distribution (trixie), these problems have been fixed in
version 3.8.9-3+deb13u4.

We recommend that you upgrade your gnutls28 packages.

For the detailed security status of gnutls28 please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/gnutls28

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/