[DLA 4614-1] sudo security update
ELA-1748-1 gimp security update (by )
ELA-1747-1 gimp security update (by )
[DSA 6322-1] frr security update
[SECURITY] [DLA 4614-1] sudo security update
-------------------------------------------------------------------------
Debian LTS Advisory DLA-4614-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Andreas Henriksson
June 04, 2026 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : sudo
Version : 1.9.5p2-3+deb11u4
CVE ID : CVE-2026-35535
Debian Bug : 1130593
Qualys released an advisory called CrackArmor reporting that in sudo, an
application that provide limited super user privileges to specific users, a
failure during a privilege drop before running the mailer is not a fatal error,
which could lead to privilege escalation.
For Debian 11 bullseye, this problem has been fixed in version
1.9.5p2-3+deb11u4.
We recommend that you upgrade your sudo packages.
For the detailed security status of sudo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sudo
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
ELA-1748-1 gimp security update (by )
Package : gimp
Version : 2.8.18-1+deb9u10 (stretch)
Related CVEs :
CVE-2026-4150
CVE-2026-4153
Several vulnerabilities were discovered in GIMP, the GNU Image
Manipulation Program, which could result in denial of service or
potentially the execution of arbitrary code if malformed PSP or PSD files are opened.ELA-1748-1 gimp security update (by )
ELA-1747-1 gimp security update (by )
Package : gimp
Version : 2.10.8-2+deb10u9 (buster)
Related CVEs :
CVE-2026-4150
CVE-2026-4152
CVE-2026-4153
Several vulnerabilities were discovered in GIMP, the GNU Image
Manipulation Program, which could result in denial of service or
potentially the execution of arbitrary code if malformed PSP, JPEG 2000 or PSD files are opened.ELA-1747-1 gimp security update (by )
[SECURITY] [DSA 6322-1] frr security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6322-1 security@debian.org
https://www.debian.org/security/ Aron Xu
June 05, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : frr
CVE ID : CVE-2023-3748 CVE-2024-27913 CVE-2024-31950 CVE-2024-31951
CVE-2024-34088 CVE-2025-61099 CVE-2025-61100 CVE-2025-61101
CVE-2025-61102 CVE-2025-61103 CVE-2025-61104 CVE-2025-61105
CVE-2025-61106 CVE-2025-61107 CVE-2026-5107 CVE-2026-28532
CVE-2026-37457 CVE-2026-37458
Debian Bug :
Several vulnerabilities were discovered in FRRouting (frr), a suite of
internet routing protocol daemons. A remote attacker could trigger these
issues by sending specially crafted protocol packets to a vulnerable
daemon, resulting in denial of service (infinite loops, NULL pointer
dereferences and crashes) or potentially the execution of arbitrary code
through out-of-bounds reads and writes and buffer overflows. The flaws
affect packet and attribute parsing in the BGP daemon (including FlowSpec,
EVPN/VNC NLRI and MP_REACH_NLRI handling), the OSPF daemon (Traffic
Engineering, Segment Routing and Opaque LSA processing) and the babeld
daemon.
For the oldstable distribution (bookworm), these problems have been fixed
in version 8.4.4-1.1~deb12u2.
For the stable distribution (trixie), these problems have been fixed in
version 10.3-3+deb13u1.
We recommend that you upgrade your frr packages.
For the detailed security status of frr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/frr
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
