Libhtp and OpenAFS updates for Debian 11 LTS

Debian 10694 Published by

The Debian project has released two security advisories for Debian GNU/Linux 11 (Bullseye) LTS: DLA-4295-1 for libhtp and DLA-4168-2 for openafs. The libhtp advisory fixes multiple denial-of-service vulnerabilities, which have been fixed in version 1:0.5.36-1+deb11u1. Meanwhile, the OpenAFS advisory addresses a regression introduced by a missing commit, which has been resolved in version 1.8.6-5+deb11u2.

[DLA 4295-1] libhtp security update
[DLA 4168-2] openafs regression update




[SECURITY] [DLA 4295-1] libhtp security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4295-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
September 08, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : libhtp
Version : 1:0.5.36-1+deb11u1
CVE ID : CVE-2024-23837 CVE-2024-45797

Multiple cases of denial of service due to excessive CPU time and memory
utilization have been fixed in LibHTP, a parser for the HTTP protocol
mainly used by the network analysis and threat detection software Suricata.

For Debian 11 bullseye, these problems have been fixed in version
1:0.5.36-1+deb11u1.

We recommend that you upgrade your libhtp packages.

For the detailed security status of libhtp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libhtp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



[SECURITY] [DLA 4168-2] openafs regression update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4168-2 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
September 08, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : openafs
Version : 1.8.6-5+deb11u2

Due to a missing commit the update for openafs, announced in DLA-4168-1,
introduced a regression in bos, the Basic OverSeer.

For Debian 11 bullseye, this problem has been fixed in version
1.8.6-5+deb11u2.

We recommend that you upgrade your openafs packages.

For the detailed security status of openafs please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openafs

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


LibEtPan and PostgreSQL updates for Ubuntu

7zip and Firebird updates for SUSE

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...