Multiple security updates have been released for Debian GNU/Linux, including patches for OpenSSL, Ghostscript, Chromium, Squid, and QEMU. The updates address various vulnerabilities, such as out-of-bounds reads and writes, denial of service attacks, information disclosure, and privilege escalation. The affected packages include OpenSSL 1.0, Ghostscript 9.26a and 9.27, Chromium 142.0.7444.59, Squid 5.7 and 6.13, and QEMU 2.8.

Debian GNU/Linux 9 (Stretch) Extended LTS:
ELA-1563-1 openssl1.0 security update
ELA-1564-1 qemu security update

Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1562-1 ghostscript security update

Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6046-1] chromium security update
[DSA 6047-1] squid security update

ELA-1563-1 openssl1.0 security update

Package : openssl1.0
Version : 1.0.2u-1~deb9u11 (stretch)

Related CVEs :
CVE-2025-9230

Stanislav Fort discovered an out of bounds read and write issue when
decrypting CMS messages that were encrypted using password based
encryption.

ELA-1563-1 openssl1.0 security update

ELA-1562-1 ghostscript security update

Package : ghostscript
Version : 9.26a~dfsg-0+deb9u15 (stretch), 9.27~dfsg-2+deb10u12 (buster)

Related CVEs :
CVE-2025-59798
CVE-2025-59799

It was discovered that Ghostscript incorrectly handled some PDF files. An
attacker could use this issue to cause Ghostscript to crash, resulting in
a denial of service.

ELA-1562-1 ghostscript security update

[SECURITY] [DSA 6046-1] chromium security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6046-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
October 30, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2025-12036 CVE-2025-12428 CVE-2025-12429 CVE-2025-12430
CVE-2025-12431 CVE-2025-12432 CVE-2025-12433 CVE-2025-12434
CVE-2025-12435 CVE-2025-12436 CVE-2025-12437 CVE-2025-12438
CVE-2025-12439 CVE-2025-12440 CVE-2025-12441 CVE-2025-12443
CVE-2025-12444 CVE-2025-12445 CVE-2025-12446 CVE-2025-12447

Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.

For the oldstable distribution (bookworm), these problems have been fixed
in version 142.0.7444.59-1~deb12u1.

For the stable distribution (trixie), these problems have been fixed in
version 142.0.7444.59-1~deb13u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[SECURITY] [DSA 6047-1] squid security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6047-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 30, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : squid
CVE ID : CVE-2025-62168

Leonardo Giovanni discovered that missing redaction of authentication
data in the Squid proxy caching server could result in information
disclosure.

For the oldstable distribution (bookworm), this problem has been fixed
in version 5.7-2+deb12u4.

For the stable distribution (trixie), this problem has been fixed in
version 6.13-2+deb13u1.

We recommend that you upgrade your squid packages.

For the detailed security status of squid please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/squid

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

ELA-1564-1 qemu security update

Package : qemu
Version : 1:2.8+dfsg-6+deb9u20 (stretch)

Related CVEs :
CVE-2023-3019
CVE-2024-3447

Multiple security issues were found in QEMU, a fast processor
emulator, that could result in denial of service, information leak, or
privilege escalation.

CVE-2023-3019
Use-after-free error in the e1000e NIC emulation.

CVE-2024-3447
Heap-based buffer overflow in SDHCI device emulation.

This update also removes the usage of the C (Credential) flag for the
binfmt_misc registration within the qemu-user-static (and qemu-user-binfmt)
packages, as it allowed for privilege escalation when running a suid/sgid binary
under qemu-user. This means suid/sgid foreign-architecture binaries are not
running with elevated privileges under qemu-user anymore. If you relied on
this behavior of qemu-user in the past (running suid/sgid foreign-arch
binaries), this will require changes to your deployment.
In Debian 9 “stretch”, the affected packages are qemu-user-static (and
qemu-user-binfmt).

ELA-1564-1 qemu security update