Pdns, Dnsdist, Chromium, and Libssh2 updates for Debian

Debian 10967 Published by

Debian and Freexian security teams released updated advisories for packages including pdns, dnsdist, libtext-csv-xs-perl, SOGo, libssh2, and Chromium. The updates resolve flaws that enable attackers to trigger denial of service attacks, poison DNS caches, execute cross-site scripting code, and run arbitrary commands.

[DSA 6368-1] pdns security update
[DSA 6367-1] dnsdist security update
[DLA 4648-1] libtext-csv-xs-perl security update
[DSA 6366-1] sogo security update
[DSA 6365-1] libssh2 security update
[DSA 6364-1] chromium security update
[DSA 6369-1] pdns-recursor security update
ELA-1756-1 libtext-csv-xs-perl security update




[SECURITY] [DSA 6368-1] pdns security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-6368-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 25, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : pdns
CVE ID : CVE-2026-42005

It was discovered that incorrect request handling in the internal web
server of the PowerDNS DNS server could result in denial of service.

For the stable distribution (trixie), this problem has been fixed in
version 4.9.16-0+deb13u1.

We recommend that you upgrade your pdns packages.

For the detailed security status of pdns please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pdns

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[SECURITY] [DSA 6367-1] dnsdist security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-6367-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 25, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : dnsdist
CVE ID : CVE-2026-40011 CVE-2026-40208 CVE-2026-40209
CVE-2026-40210 CVE-2026-40211 CVE-2026-42004
CVE-2026-42005

Multiple security vulnerabilities were discovered in the dnsdist DNS
loadbalancer, which could result in denial of service, information
disclosure or bypass of security rules.

For the stable distribution (trixie), these problems have been fixed in
version 1.9.15-0+deb13u1.

We recommend that you upgrade your dnsdist packages.

For the detailed security status of dnsdist please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dnsdist

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[SECURITY] [DLA 4648-1] libtext-csv-xs-perl security update


-------------------------------------------------------------------------
Debian LTS Advisory DLA-4648-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Guilhem Moulin
June 25, 2026 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : libtext-csv-xs-perl
Version : 1.45-1+deb11u1 1.49-1+deb12u1
CVE ID : CVE-2026-7111
Debian Bug : 1135232

A use-after-free issue was found in libtext-csv-xs-perl, a Perl C/XS
module to process Comma-Separated Value files, which may yield type
confusion or memory corruption when registered callbacks extend the Perl
argument stack.

For Debian 11 bullseye, this problem has been fixed in version
1.45-1+deb11u1.

For Debian 12 bookworm, this problem has been fixed in version
1.49-1+deb12u1.

We recommend that you upgrade your libtext-csv-xs-perl packages.

For the detailed security status of libtext-csv-xs-perl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libtext-csv-xs-perl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



[SECURITY] [DSA 6366-1] sogo security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-6366-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 25, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : sogo
CVE ID : CVE-2025-71276 CVE-2026-3054 CVE-2026-8496 CVE-2026-8851
CVE-2026-33550 CVE-2026-46445 CVE-2026-46446

Multiple security vulnerabilities were discovered in the SOGo groupware
server, which could result in cross-site scripting or SQL injection.

For the stable distribution (trixie), these problems have been fixed in
version 5.12.1-3+deb13u2.

We recommend that you upgrade your sogo packages.

For the detailed security status of sogo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sogo

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[SECURITY] [DSA 6365-1] libssh2 security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-6365-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 25, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libssh2
CVE ID : CVE-2025-15661 CVE-2026-7598 CVE-2026-55199 CVE-2026-55200

Multiple security vulnerabilities were discovered in libssh2, a
client-side C library implementing the SSH2 protocol which could result
in memory disclosure, denial of service or potentially the execution of
arbitrary code.

For the stable distribution (trixie), these problems have been fixed in
version 1.11.1-1+deb13u1.

We recommend that you upgrade your libssh2 packages.

For the detailed security status of libssh2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libssh2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[SECURITY] [DSA 6364-1] chromium security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-6364-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
June 25, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2026-13021 CVE-2026-13022 CVE-2026-13023 CVE-2026-13024
CVE-2026-13025 CVE-2026-13026 CVE-2026-13027 CVE-2026-13028
CVE-2026-13029 CVE-2026-13030 CVE-2026-13031 CVE-2026-13032
CVE-2026-13033 CVE-2026-13034 CVE-2026-13035 CVE-2026-13036
CVE-2026-13037 CVE-2026-13038

Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.

For the stable distribution (trixie), these problems have been fixed in
version 149.0.7827.196-1~deb13u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[SECURITY] [DSA 6369-1] pdns-recursor security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-6369-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 25, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : pdns-recursor
CVE ID : CVE-2026-33612 CVE-2026-40012 CVE-2026-42005
CVE-2026-42387 CVE-2026-42388 CVE-2026-42390
CVE-2026-52690

Multiple vulnerabiliites have been discovered in PDNS Recursor, a
resolving name server which could result in denial of service, cache
poisoning or information disclosure.

For the stable distribution (trixie), these problems have been fixed in
version 5.2.11-0+deb13u1.

We recommend that you upgrade your pdns-recursor packages.

For the detailed security status of pdns-recursor please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pdns-recursor

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


ELA-1756-1 libtext-csv-xs-perl security update (by )


Package : libtext-csv-xs-perl


Version : 1.26-1+deb9u1 (stretch), 1.38-1+deb10u1 (buster)


Related CVEs :

CVE-2026-7111



A use-after-free issue was found in libtext-csv-xs-perl (Text::CSV_XS
module), which may yield type confusion or memory corruption when
registered callbacks extend the Perl argument stack.


ELA-1756-1 libtext-csv-xs-perl security update (by )


Nginx, Python, PostgreSQL, and Core System updates for AlmaLinux

Goose, strongSwan, httpd, rsync, and Perl Modules updates for Fedora

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...