A security update has been released for PHP 8.2 for Debian GNU/Linux 12 (Bookworm), which fixes multiple issues that could result in denial of service or memory disclosure. Another issue was found in the Mozilla Firefox web browser for Debian GNU/Linux 11 (Bullseye) LTS, where multiple security vulnerabilities were discovered that could potentially lead to code execution, sandbox escape, or privilege escalation.

[DSA 6154-1] php8.2 security update
[DLA 4496-1] firefox-esr security update

[SECURITY] [DSA 6154-1] php8.2 security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6154-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 02, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : php8.2
CVE ID : CVE-2025-14177 CVE-2025-14178 CVE-2025-14180

Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language which could result in denial of
service or memory disclosure.

For the oldstable distribution (bookworm), these problems have been fixed
in version 8.2.30-1~deb12u1.

We recommend that you upgrade your php8.2 packages.

For the detailed security status of php8.2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php8.2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[SECURITY] [DLA 4496-1] firefox-esr security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4496-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
March 02, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : firefox-esr
Version : 140.8.0esr-1~deb11u1
CVE ID : CVE-2026-2757 CVE-2026-2758 CVE-2026-2759 CVE-2026-2760
CVE-2026-2761 CVE-2026-2762 CVE-2026-2763 CVE-2026-2764
CVE-2026-2765 CVE-2026-2766 CVE-2026-2767 CVE-2026-2768
CVE-2026-2769 CVE-2026-2770 CVE-2026-2771 CVE-2026-2772
CVE-2026-2773 CVE-2026-2774 CVE-2026-2775 CVE-2026-2776
CVE-2026-2777 CVE-2026-2778 CVE-2026-2779 CVE-2026-2780
CVE-2026-2781 CVE-2026-2782 CVE-2026-2783 CVE-2026-2784
CVE-2026-2785 CVE-2026-2786 CVE-2026-2787 CVE-2026-2788
CVE-2026-2789 CVE-2026-2790 CVE-2026-2791 CVE-2026-2792
CVE-2026-2793

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, sandbox escape, bypass of the same-origin policy, information
disclosure or privilege escalation.

For Debian 11 bullseye, these problems have been fixed in version
140.8.0esr-1~deb11u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS