The Debian project has released security updates for two packages. The libsodium library, version 1.0.18-1+deb11u1 For Debian GNU/Linux 11 (Bullseye) LTS, it fixes a vulnerability in the crypto_core_ed25519_is_valid_point() function that mishandled checks for valid elliptic curve points. The foomuuri firewall generator package, version 0.27-2+deb13u1 for Debian GNU/Linux 13 (Trixie), addresses two vulnerabilities that could allow unauthorized users to tamper with the firewall configuration.

[DLA 4435-1] libsodium security update
[DSA 6095-1] foomuuri security update

[SECURITY] [DLA 4435-1] libsodium security update

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-4435-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
January 07, 2026 https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package : libsodium
Version : 1.0.18-1+deb11u1
CVE ID : CVE-2025-69277
Debian Bug : 1124374

It was discovered that the crypto_core_ed25519_is_valid_point()
function of the Sodium cryptography library mishandled checks for
valid elliptic curve points.

For Debian 11 bullseye, this problem has been fixed in version
1.0.18-1+deb11u1.

We recommend that you upgrade your libsodium packages.

For the detailed security status of libsodium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libsodium

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[SECURITY] [DSA 6095-1] foomuuri security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6095-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
January 07, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : foomuuri
CVE ID : CVE-2025-67603 CVE-2025-67858

Matthias Gerstner discovered two vulnerabilities in the Foomuuri
firewall generator, which could result in tampering of the firewall
configuration by unauthorised users.

For the stable distribution (trixie), these problems have been fixed in
version 0.27-2+deb13u1.

We recommend that you upgrade your foomuuri packages.

For the detailed security status of foomuuri please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/foomuuri

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/