Roundcube, Dropbear, MediaWiki updates for Debian

Debian 10710 Published by

There are multiple security updates for Debian GNU/Linux distributions, including Roundcube, Dropbear, and MediaWiki. The Roundcube update, which is available for Debian 10 ELTS, 12, and 13, fixes two vulnerabilities: an information disclosure vulnerability in its HTML style sanitizer and a cross-site scripting (XSS) vulnerability via SVG's animate tag. The dropbear update for Debian 12 and 13 addresses a privilege escalation issue caused by incorrect permission handling in the Dropbear SSH server. The MediaWiki update for Debian 12 and 13 fixes multiple security issues, including XSS, information disclosure, missing rate limiting, and denial of service vulnerabilities.

ELA-1598-1 roundcube security update
[DSA 6087-1] roundcube security update
[DSA 6086-1] dropbear security update
[DSA 6085-1] mediawiki security update




ELA-1598-1 roundcube security update


Package : roundcube
Version : 1.3.17+dfsg.1-1~deb10u9 (buster)

Related CVEs :
CVE-2025-68460
CVE-2025-68461

CVE-2025-68460

Information disclosure vulnerability in the HTML style sanitizer.

CVE-2025-68461

Cross-Site-Scripting (XSS) vulnerability via SVG’s tag,
which could allow a remote attacker to load arbitrary JavaScript
code and might lead to privilege escalation or information
disclosure via malicious SVG document.


ELA-1598-1 roundcube security update



[SECURITY] [DSA 6087-1] roundcube security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-6087-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
December 19, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : roundcube
CVE ID : CVE-2025-68460 CVE-2025-68461
Debian Bug : 1122899

It was discovered that roundcube, a skinnable AJAX based webmail
solution for IMAP servers, is prone to a cross-site scripting
vulnerability via the animate tag in an SVG document and a information
disclosure vulnerability in the HTML style sanitizer.

For the oldstable distribution (bookworm), these problems have been fixed
in version 1.6.5+dfsg-1+deb12u6.

For the stable distribution (trixie), these problems have been fixed in
version 1.6.12+dfsg-0+deb13u1.

We recommend that you upgrade your roundcube packages.

For the detailed security status of roundcube please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/roundcube

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[SECURITY] [DSA 6086-1] dropbear security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-6086-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
December 19, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : dropbear
CVE ID : CVE-2025-14282

"Turistu" discovered that incorrect permission handling in the Dropbear
SSH server could result in privilege escalation.

The oldstable distribution (bookworm) is not affected.

For the stable distribution (trixie), this problem has been fixed in
version 2025.89-1~deb13u1.

We recommend that you upgrade your dropbear packages.

For the detailed security status of dropbear please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dropbear

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[SECURITY] [DSA 6085-1] mediawiki security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-6085-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
December 19, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : mediawiki
CVE ID : CVE-2025-11173 CVE-2025-11261 CVE-2025-61635 CVE-2025-61638
CVE-2025-61639 CVE-2025-61640 CVE-2025-61641 CVE-2025-61643
CVE-2025-61646 CVE-2025-61653 CVE-2025-61655 CVE-2025-61656
CVE-2025-67475 CVE-2025-67478 CVE-2025-67479 CVE-2025-67480
CVE-2025-67481 CVE-2025-67482 CVE-2025-67484 CVE-2025-67483
CVE-2025-67477 CVE-2025-61657 CVE-2025-61654 CVE-2025-61652
CVE-2025-61642 CVE-2025-61637 CVE-2025-61636 CVE-2025-61634
CVE-2025-11175

Multiple security issues were discovered in MediaWiki, a website engine for
collaborative work, which could result in cross-site scripting, information
disclosure, missing rate limiting or denial of service.

For the oldstable distribution (bookworm), these problems have been fixed
in version 1:1.39.17-1~deb12u1.

For the stable distribution (trixie), these problems have been fixed in
version 1:1.43.6+dfsg-1~deb13u1.

We recommend that you upgrade your mediawiki packages.

For the detailed security status of mediawiki please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mediawiki

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Linux Kernel updates for Ubuntu

Wine 11.0 Release Candidate 3 released

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...