Debian issued a series of security advisories to address serious flaws in several key software packages. The OpenSSL updates tackle numerous vulnerabilities that could lead to denial of service or remote code execution, while Poppler receives patches to prevent data leaks and application crashes. Meanwhile, the Mistral workflow engine gets fixed for broken access controls, and Okular addresses a critical issue that could allow arbitrary code execution when opening damaged fax files.

[DLA 4624-1] openssl security update
[DSA 6335-1] openssl security update
[DSA 6334-1] poppler security update
[DSA 6333-1] mistral security update
[DSA 6332-1] okular security update

[SECURITY] [DLA 4624-1] openssl security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4624-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Arnaud Rebillout
June 09, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : openssl
Version : 1.1.1w-0+deb11u7
CVE ID : CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390

Several vulnerabilities have been discovered in OpenSSL, a Secure Socket
Layer toolkit providing the SSL and TLS cryptographic protocols for secure
communication over the Internet.

CVE-2026-28387

An uncommon configuration of clients performing DANE TLSA-based server
authentication, when paired with uncommon server DANE TLSA records,
may result in a use-after-free and/or double-free on the client side.

CVE-2026-28388

When a delta CRL that contains a Delta CRL Indicator extension is
processed a NULL pointer dereference might happen if the required CRL
Number extension is missing.

CVE-2026-28389

During processing of a crafted CMS EnvelopedData message with
KeyAgreeRecipientInfo a NULL pointer dereference can happen.

CVE-2026-28390

During processing of a crafted CMS EnvelopedData message with
KeyTransportRecipientInfo a NULL pointer dereference can happen.

For Debian 11 bullseye, these problems have been fixed in version
1.1.1w-0+deb11u7.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openssl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[SECURITY] [DSA 6335-1] openssl security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6335-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 09, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : openssl
CVE ID : CVE-2026-7383 CVE-2026-9076 CVE-2026-34180 CVE-2026-34181
CVE-2026-34182 CVE-2026-34183 CVE-2026-42764 CVE-2026-42766
CVE-2026-42767 CVE-2026-42768 CVE-2026-42769 CVE-2026-42770
CVE-2026-45445 CVE-2026-45446 CVE-2026-45447

Multiple vulnerabilities have been discovered in OpenSSL, a Secure
Sockets Layer toolkit, which may result in denial of service,
information leaks, or potentially remote code execution.

Additional details can be found in the upstream advisory:
https://openssl-library.org/news/secadv/20260609.txt

For the oldstable distribution (bookworm), these problems have been fixed
in version 3.0.20-1~deb12u2.

For the stable distribution (trixie), these problems have been fixed in
version 3.5.6-1~deb13u2.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/openssl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[SECURITY] [DSA 6334-1] poppler security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6334-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 09, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : poppler
CVE ID : CVE-2025-43718 CVE-2025-52885 CVE-2026-10118
Debian Bug : 1117046 1117853 1138708

Several vulnerabilities were discovered in poppler, a PDF rendering
library, which could result in denial of service, information
disclosure, or potentially the execution of arbitrary code if a
specially crafted file is processed.

For the oldstable distribution (bookworm), these problems have been fixed
in version 22.12.0-2+deb12u2.

For the stable distribution (trixie), these problems have been fixed in
version 25.03.0-5+deb13u3.

We recommend that you upgrade your poppler packages.

For the detailed security status of poppler please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/poppler

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[SECURITY] [DSA 6333-1] mistral security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6333-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 09, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : mistral
CVE ID : CVE-2026-41283

Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that multiple
API endpoints of Mistral, the OpenStack Workflow, improperly enforced
access policies, which could result in information disclosure.

For the oldstable distribution (bookworm), this problem has been fixed
in version 15.0.0-1+deb12u1.

For the stable distribution (trixie), this problem has been fixed in
version 20.0.0-2+deb13u1.

We recommend that you upgrade your mistral packages.

For the detailed security status of mistral please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mistral

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[SECURITY] [DSA 6332-1] okular security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6332-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 09, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : okular
CVE ID : not yet available

George Karagiannidis discovered multiple security vulnerabilities in
the fax backend of the Okular document viewer, which could potentially
result in the execution of arbitrary code if a malformed G3/G4 Fax file
is opened.

For the oldstable distribution (bookworm), this problem has been fixed
in version 4:22.12.3-1+deb12u1.

For the stable distribution (trixie), this problem has been fixed in
version 4:25.04.2-1+deb13u1.

We recommend that you upgrade your okular packages.

For the detailed security status of okular please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/okular

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/