Python-APT and Paramiko security update for Debian

Debian 10706 Published by

Debian has released security advisories: DLA-4409-1 for paramiko and ELA-1596-1/DLA-4408-1 for python-apt. The paramiko advisory addresses a race condition that could allow unauthorized information disclosure, while the python-apt advisory fixes an issue where the package incorrectly handled deb822 configuration files, causing a denial of service.

Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1596-1 python-apt security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4409-1] paramiko security update
[DLA 4408-1] python-apt security update



[SECURITY] [DLA 4409-1] paramiko security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4409-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Bastien Roucari??s
December 16, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : paramiko
Version : 2.7.2-1+deb11u1
CVE ID : CVE-2022-24302
Debian Bug : 1008012

A race condition (between creation and chmod) in the write_private_key_file
function could allow unauthorized information disclosure.

For Debian 11 bullseye, this problem has been fixed in version
2.7.2-1+deb11u1.

We recommend that you upgrade your paramiko packages.

For the detailed security status of paramiko please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/paramiko

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



[SECURITY] [DLA 4408-1] python-apt security update


- -----------------------------------------------------------------------
Debian LTS Advisory DLA-4408-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
December 16, 2025 https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package : python-apt
Version : 2.2.1.1
CVE ID : CVE-2025-6966
Debian Bug : 1122291

Julian Andres Klode discovered that python-apt, a Python interface to
libapt-pkg, incorrectly handled deb822 configuration files. An attacker
could use this issue to cause python-apt to crash, resulting in a
denial of service.

For Debian 11 bullseye, this problem has been fixed in version
2.2.1.1.

We recommend that you upgrade your python-apt packages.

For the detailed security status of python-apt please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-apt

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



ELA-1596-1 python-apt security update


Package : python-apt
Version : 1.4.4 (stretch), 1.8.4.4 (buster)

Related CVEs :
CVE-2025-6966

Julian Andres Klode discovered that python-apt, a Python interface to
libapt-pkg, incorrectly handled deb822 configuration files. An attacker
could use this issue to cause python-apt to crash, resulting in a
denial of service.


ELA-1596-1 python-apt security update


Linux Kernel, Libsoup, and Usbmuxd for Ubuntu

Windows 11 Insider Preview Build 28020.1362 (Canary Channel) released

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...