Debian has released security updates for several packages, including mako (version 1.1.3+ds1-2+deb11u1) for Debian GNU/Linux 11 LTS, as well as xen (versions 4.17.5 and 4.20.2) and containerd (versions 1.6.20 and 1.7.24) for both Debian GNU/Linux 12 and 13. The updates address various security vulnerabilities, including denial of service attacks and privilege escalation, which could result in memory disclosure or other issues.

[DLA 4393-1] mako security update
[DSA 6068-1] xen security update
[DSA 6067-1] containerd security update

[SECURITY] [DLA 4393-1] mako security update

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-4393-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
December 03, 2025 https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package : mako
Version : 1.1.3+ds1-2+deb11u1
CVE ID : CVE-2022-40023

It was found that Mako, a Python template library, was vulnerable to
a denial of service attack via crafted regular expressions.

For Debian 11 bullseye, this problem has been fixed in version
1.1.3+ds1-2+deb11u1.

We recommend that you upgrade your mako packages.

For the detailed security status of mako please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mako

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[SECURITY] [DSA 6068-1] xen security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6068-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
December 02, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : xen
CVE ID : CVE-2024-28956 CVE-2024-36350 CVE-2024-36357
CVE-2025-27465 CVE-2025-27466 CVE-2025-58142
CVE-2025-58143 CVE-2025-58144 CVE-2025-58145
CVE-2025-58147 CVE-2025-58148 CVE-2025-58149
CVE-2025-1713

Multiple vulnerabilities have been discovered in the Xen hypervisor,
which could result in memory disclosure, denial of service or
privilege escalation.

For the oldstable distribution (bookworm), these problems have been fixed
in version 4.17.5+72-g01140da4e8-1.

For the stable distribution (trixie), these problems have been fixed in
version 4.20.2+7-g1badcf5035-0+deb13u1.

We recommend that you upgrade your xen packages.

For the detailed security status of xen please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xen

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[SECURITY] [DSA 6067-1] containerd security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6067-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
December 02, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : containerd
CVE ID : CVE-2024-25621 CVE-2025-64329

Two security vulnerabilities were discovered in the Containerd container
runtime, which may result in denial of service or local privilege
escalation.

For the oldstable distribution (bookworm), these problems have been fixed
in version 1.6.20~ds1-1+deb12u2.

For the stable distribution (trixie), these problems have been fixed in
version 1.7.24~ds1-6+deb13u1.

We recommend that you upgrade your containerd packages.

For the detailed security status of containerd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/containerd

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/