Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS:
ELA-1666-1 libvpx security update
Debian GNU/Linux 10 (Buster) ELTS:
ELA-1665-1 strongswan security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4512-1] strongswan security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6181-1] bind9 security update
[SECURITY] [DLA 4512-1] strongswan security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4512-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
March 27, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : strongswan
Version : 5.9.1-1+deb11u6
CVE ID : CVE-2026-25075
Kazuma Matsumoto discovered an integer overflow bug in the EAP-TTLS plugin
of strongSwan, an IKE/IPsec suite.
The EAP-TTLS plugin doesn't check the length field in the header of
attribute-value pairs (AVPs) tunneled in EAP-TTLS, which can cause an
integer underflow that may lead to a crash. An unauthenticated attacker
could exploit this for a DoS attack by sending a crafted message.
For Debian 11 bullseye, this problem has been fixed in version
5.9.1-1+deb11u6.
We recommend that you upgrade your strongswan packages.
For the detailed security status of strongswan please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/strongswan
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
ELA-1666-1 libvpx security update
Package : libvpx
Version : 1.6.1-3+deb9u8 (stretch), 1.7.0-3+deb10u5 (buster)
Related CVEs :
CVE-2026-2447
A buffer overflow was discovered in libvpx, a library implementing the
VP8/VP9 open video codecs, which could result in denial of service or
potentially the execution of arbitrary code.ELA-1666-1 libvpx security update
ELA-1665-1 strongswan security update
Package : strongswan
Version : 5.7.2-1+deb10u6 (buster)
Related CVEs :
CVE-2026-25075
Kazuma Matsumoto discovered an integer overflow bug in the EAP-TTLS plugin
of strongSwan, an IKE/IPsec suite.
The EAP-TTLS plugin doesn’t check the length field in the header of
attribute-value pairs (AVPs) tunneled in EAP-TTLS, which can cause an
integer underflow that may lead to a crash. An unauthenticated attacker
could exploit this for a DoS attack by sending a crafted message.ELA-1665-1 strongswan security update
[SECURITY] [DSA 6181-1] bind9 security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6181-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
March 27, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : bind9
CVE ID : CVE-2026-1519 CVE-2026-3104 CVE-2026-3119 CVE-2026-3591
Several vulnerabilities were discovered in BIND, a DNS server
implementation, which may result in bypass of ACL restrictions or denial
of service.
For the oldstable distribution (bookworm), these problems have been
fixed in version 1:9.18.47-1~deb12u1. The oldstable distribution is only
affected by CVE-2026-1519.
For the stable distribution (trixie), these problems have been fixed in
version 1:9.20.21-1~deb13u1.
We recommend that you upgrade your bind9 packages.
For the detailed security status of bind9 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/bind9
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
