[DSA 6355-1] linux security update
[DLA 4638-1] libgd-perl security update
[DSA 6356-1] imagemagick security update
[DSA 6359-1] gst-plugins-good1.0 security update
[DSA 6358-1] libhttp-daemon-perl security update
[DSA 6357-1] pillow security update
[DSA 6360-1] squid security update
[DLA 4639-1] libhttp-daemon-perl security update
[DLA 4640-1] mediawiki security update
[SECURITY] [DSA 6355-1] linux security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6355-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 21, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : linux
CVE ID : CVE-2025-22069 CVE-2025-68251 CVE-2025-68768 CVE-2025-71289
CVE-2026-23247 CVE-2026-23272 CVE-2026-23346 CVE-2026-23394
CVE-2026-23469 CVE-2026-31420 CVE-2026-31486 CVE-2026-31560
CVE-2026-31613 CVE-2026-31663 CVE-2026-31717 CVE-2026-43116
CVE-2026-43219 CVE-2026-43245 CVE-2026-43303 CVE-2026-43331
CVE-2026-45838 CVE-2026-45839 CVE-2026-45840 CVE-2026-45841
CVE-2026-45842 CVE-2026-45843 CVE-2026-45844 CVE-2026-45845
CVE-2026-45846 CVE-2026-45850 CVE-2026-45930 CVE-2026-46117
CVE-2026-46137 CVE-2026-46158 CVE-2026-46160 CVE-2026-46170
CVE-2026-46203 CVE-2026-46216 CVE-2026-46244 CVE-2026-46274
CVE-2026-46275 CVE-2026-46315 CVE-2026-46316 CVE-2026-46319
CVE-2026-46320 CVE-2026-46321 CVE-2026-46322 CVE-2026-46323
CVE-2026-46331 CVE-2026-52908 CVE-2026-52909 CVE-2026-52910
CVE-2026-52911
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
For the stable distribution (trixie), these problems have been fixed in
version 6.12.94-1.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[SECURITY] [DLA 4638-1] libgd-perl security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4638-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Salvatore Bonaccorso
June 21, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : libgd-perl
Version : 2.73-1+deb11u1 2.76-4+deb12u1
CVE ID : CVE-2026-11526
A flaw was discovered in libgd-perl, a Perl module wrapper for libgd,
which may result in the execution of arbitrary shell commands or file
overwrite when processing specially crafted file names.
For Debian 11 bullseye, this problem has been fixed in version
2.73-1+deb11u1.
For Debian 12 bookworm, this problem has been fixed in version
2.76-4+deb12u1.
We recommend that you upgrade your libgd-perl packages.
For the detailed security status of libgd-perl please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/libgd-perl
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DSA 6356-1] imagemagick security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6356-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 21, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : imagemagick
CVE ID : CVE-2026-48724 CVE-2026-48734 CVE-2026-48994 CVE-2026-49218
CVE-2026-49219 CVE-2026-53460 CVE-2026-53461 CVE-2026-53463
CVE-2026-53464
Debian Bug : 1140176
Multiple security vulnerabilities were discovered in imagemagick, a
software suite used for editing and manipulating digital images, which
could lead to denial of service, information disclosure or potentially
arbitrary code execution if malformed images are processed.
For the stable distribution (trixie), these problems have been fixed in
version 8:7.1.1.43+dfsg1-1+deb13u10.
We recommend that you upgrade your imagemagick packages.
For the detailed security status of imagemagick please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/imagemagick
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[SECURITY] [DSA 6359-1] gst-plugins-good1.0 security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6359-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 21, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : gst-plugins-good1.0
CVE ID : CVE-2026-1940 CVE-2026-3083 CVE-2026-3085 CVE-2026-39043
CVE-2026-39044
Multiple security vulnerabilities were discovered in plugins for the
GStreamer media framework and its codecs and demuxers, which may result
in denial of service or potentially the execution of arbitrary code if
a malformed media file is opened.
For the stable distribution (trixie), these problems have been fixed in
version 1.26.2-1+deb13u2.
We recommend that you upgrade your gst-plugins-good1.0 packages.
For the detailed security status of gst-plugins-good1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-good1.0
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[SECURITY] [DSA 6358-1] libhttp-daemon-perl security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6358-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 21, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libhttp-daemon-perl
CVE ID : CVE-2026-8450
Debian Bug : 1138050
A flaw was discovered in libhttp-daemon-perl, a simple http server class
for Perl, which may result in the execution of arbitrary shell commands
or file overwrite when processing specially crafted input.
For the stable distribution (trixie), this problem has been fixed in
version 6.16-1+deb13u1.
We recommend that you upgrade your libhttp-daemon-perl packages.
For the detailed security status of libhttp-daemon-perl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libhttp-daemon-perl
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[SECURITY] [DSA 6357-1] pillow security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6357-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 21, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : pillow
CVE ID : CVE-2026-42308 CVE-2026-42310 CVE-2026-42311
Multiple security vulnerabilities have been discovered in Pillow, a
Python imaging library, which could result in denial of service or the
execution of arbitrary code if malformed files are processed.
For the stable distribution (trixie), these problems have been fixed in
version 11.1.0-5+deb13u3.
We recommend that you upgrade your pillow packages.
For the detailed security status of pillow please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pillow
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[SECURITY] [DSA 6360-1] squid security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6360-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 21, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : squid
CVE ID : CVE-2026-33515 CVE-2026-33526 CVE-2026-47729 CVE-2026-50012
Multiple security issues were discovered in the Squid proxy caching
server, which could result in information disclosure or denial of service.
For the stable distribution (trixie), these problems have been fixed in
version 6.13-2+deb13u2.
We recommend that you upgrade your squid packages.
For the detailed security status of squid please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/squid
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[SECURITY] [DLA 4639-1] libhttp-daemon-perl security update
-------------------------------------------------------------------------
Debian LTS Advisory DLA-4639-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Santiago Ruano Rincón
June 21, 2026 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : libhttp-daemon-perl
Version : 6.12-1+deb11u2 6.16-1+deb13u1~deb12u1
CVE ID : CVE-2026-8450
Debian Bug : 1138050
A flaw was discovered in libhttp-daemon-perl, a simple http server class
for Perl, which may result in the execution of arbitrary shell commands
or file overwrite when processing specially crafted input.
For Debian 11 bullseye, this problem has been fixed in version
6.12-1+deb11u2.
For Debian 12 bookworm, this problem has been fixed in version
6.16-1+deb13u1~deb12u1.
We recommend that you upgrade your libhttp-daemon-perl packages.
For the detailed security status of libhttp-daemon-perl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libhttp-daemon-perl
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DLA 4640-1] mediawiki security update
-------------------------------------------------------------------------
Debian LTS Advisory DLA-4640-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
June 22, 2026 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : mediawiki
Version : 1:1.35.13-1+deb11u7 $bookworm_VERSION
CVE ID : CVE-2026-34087 CVE-2026-34088 CVE-2026-34093 CVE-2026-34095
Multiple security vulnerabilities were found in mediawiki, a website
engine for collaborative work, which could lead to information
disclosure or access controls bypass.
CVE-2026-34087
OATHAuth extension: Users API leaks whether privileged users have
their user groups disabled for lack of 2FA.
CVE-2026-34088
RecentChanges entries expose suppressed content via generated log
page HTML.
CVE-2026-34093
Special:UserRights page allows viewing user rights from private
wiki.
CVE-2026-34095
action=raw with Special:Mypage subpage title responds with
"Content-Type: text/html" on ctype=text/javascript request, which
may lead to cross-site scripting.
For Debian 11 bullseye, these problems have been fixed in version
1:1.35.13-1+deb11u7.
For Debian 12 bookworm, these problems have been fixed in version
$bookworm_VERSION.
We recommend that you upgrade your mediawiki packages.
For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
