[DLA 4566-1] openjdk-11 security update
[DLA 4565-1] openjdk-17 security update
ELA-1708-1 openjdk-11 security update
[DSA 6248-1] apache2 security update
[DSA 6249-1] wireshark security update
[DLA 4567-1] lrzip security update
ELA-1710-1 imagemagick security update
[SECURITY] [DLA 4566-1] openjdk-11 security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4566-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
May 06, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : openjdk-11
Version : 11.0.31+11-1~deb11u1
CVE ID : CVE-2026-22007 CVE-2026-22013 CVE-2026-22016 CVE-2026-22018
CVE-2026-22021 CVE-2026-34268 CVE-2026-34282
Several vulnerabilities have been discovered in the OpenJDK Java
runtime, which may result in incorrect generation of cryptographic
keys, denial of service, information disclosure, XEE/XEE attacks
or incorrect validation of Kerberos credentials.
For Debian 11 bullseye, these problems have been fixed in version
11.0.31+11-1~deb11u1.
We recommend that you upgrade your openjdk-11 packages.
For the detailed security status of openjdk-11 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-11
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DLA 4565-1] openjdk-17 security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4565-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
May 06, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : openjdk-17
Version : 17.0.19+10-1~deb11u1
CVE ID : CVE-2026-22007 CVE-2026-22013 CVE-2026-22016 CVE-2026-22018
CVE-2026-22021 CVE-2026-34268 CVE-2026-34282
Several vulnerabilities have been discovered in the OpenJDK Java
runtime, which may result in incorrect generation of cryptographic
keys, denial of service, information disclosure, XEE/XEE attacks
or incorrect validation of Kerberos credentials.
For Debian 11 bullseye, these problems have been fixed in version
17.0.19+10-1~deb11u1.
We recommend that you upgrade your openjdk-17 packages.
For the detailed security status of openjdk-17 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-17
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
ELA-1708-1 openjdk-11 security update (by )
Package : openjdk-11
Version : 11.0.31+11-1~deb10u1 (buster)
Related CVEs :
CVE-2026-22007
CVE-2026-22013
CVE-2026-22016
CVE-2026-22018
CVE-2026-22021
CVE-2026-34268
CVE-2026-34282
Several vulnerabilities have been discovered in the OpenJDK Java
runtime, which may result in incorrect generation of cryptographic
keys, denial of service, information disclosure, XEE/XEE attacks
or incorrect validation of Kerberos credentials.ELA-1708-1 openjdk-11 security update (by )
[SECURITY] [DSA 6248-1] apache2 security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6248-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 06, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : apache2
CVE ID : CVE-2026-23918 CVE-2026-24072 CVE-2026-28780 CVE-2026-29168
CVE-2026-29169 CVE-2026-33006 CVE-2026-33007 CVE-2026-33523
CVE-2026-33857 CVE-2026-34032 CVE-2026-34059
Debian Bug : 1135737
Multiple vulnerabilities have been discovered in the Apache HTTP server,
which may result in remote code execution, privilege escalation, denial
of service or information disclosure.
For the oldstable distribution (bookworm), these problems have been fixed
in version 2.4.67-1~deb12u2.
For the stable distribution (trixie), these problems have been fixed in
version 2.4.67-1~deb13u2. The fix for CVE-2026-23918 was already
included in the Debian 13.4 point release update versioned
2.4.66-1~deb13u2 to address reported HTTP/2 regressions.
We recommend that you upgrade your apache2 packages.
For the detailed security status of apache2 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/apache2
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[SECURITY] [DSA 6249-1] wireshark security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6249-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 06, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : wireshark
CVE ID : CVE-2026-5299 CVE-2026-5401 CVE-2026-5403 CVE-2026-5404
CVE-2026-5405 CVE-2026-5406 CVE-2026-5407 CVE-2026-5408
CVE-2026-5409 CVE-2026-5653 CVE-2026-5654 CVE-2026-5656
CVE-2026-5657 CVE-2026-6519 CVE-2026-6520 CVE-2026-6521
CVE-2026-6522 CVE-2026-6523 CVE-2026-6524 CVE-2026-6527
CVE-2026-6529 CVE-2026-6530 CVE-2026-6531 CVE-2026-6532
CVE-2026-6533 CVE-2026-6534 CVE-2026-6535 CVE-2026-6537
CVE-2026-6538 CVE-2026-6867 CVE-2026-6868 CVE-2026-6869
CVE-2026-6870 CVE-2026-7375 CVE-2026-7376 CVE-2026-7378
CVE-2026-7379
Multiple vulnerabilities have been discocvered in Wireshark, a network
protocol analyzer which could result in denial of service or the
execution of arbitrary code.
For the oldstable distribution (bookworm), a subset of these problems
have been fixed in version 4.0.17-0+deb12u3.
For the stable distribution (trixie), these problems have been fixed in
version 4.4.15-0+deb13u1.
We recommend that you upgrade your wireshark packages.
For the detailed security status of wireshark please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wireshark
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[SECURITY] [DLA 4567-1] lrzip security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4567-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
May 06, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : lrzip
Version : 0.641-1+deb11u2
CVE ID : CVE-2025-15570
Debian Bug : 1128069
It was discovered that there was a potential use-after-free issue in
the lrzip compression/decompression program.
For Debian 11 bullseye, this problem has been fixed in version
0.641-1+deb11u2.
We recommend that you upgrade your lrzip packages.
For the detailed security status of lrzip please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lrzip
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
ELA-1710-1 imagemagick security update (by )
Package : imagemagick
Version : 8:6.9.7.4+dfsg-11+deb9u28 (stretch)
Related CVEs :
CVE-2026-33899
CVE-2026-33900
CVE-2026-33901
CVE-2026-33905
CVE-2026-33908
CVE-2026-34238
CVE-2026-40310
CVE-2026-40311
CVE-2026-42050
Multiple security vulnerabilities were discovered in imagemagick, a
software suite used for editing and manipulating digital images, which
could lead to denial of service, information disclosure or potentially
arbitrary code execution if malformed images are processed.ELA-1710-1 imagemagick security update (by )
