Multiple security updates have been issued for various Debian packages, including syslog-ng, pam, corosync, and linux. The updates fix security problems like mishandling of wildcard certificates during TLS authentication, denial-of-service attacks using mkfifo, buffer overflows in corosync, and different issues that could let attackers gain higher access or leak information in the Linux kernel. These vulnerabilities could allow attackers to impersonate legitimate endpoints, compromise secure logging, or elevate their privileges to root. It is recommended that users upgrade their packages to the latest versions to address these security concerns.

Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1523-1 syslog-ng security update
ELA-1522-1 pam security update
ELA-1524-1 corosync security update

Debian GNU/Linux 11 (Buster) LTS:
[DLA 4308-1] corosync security update

Debian GNU/Linux 12 (Bookworm):
[DSA 6009-1] linux security update

Debian GNU/Linux 13 (Trixie):
[DSA 6008-1] linux security update

ELA-1523-1 syslog-ng security update

Package : syslog-ng
Version : 3.8.1-10+deb9u2 (stretch), 3.19.1-5+deb10u2 (buster)

Related CVEs :
CVE-2024-47619

Syslog-ng, a widely used logging service, was found to be vulnerable due to improper handling of wildcard certificates during TLS authentication.
Specifically, the function tls_wildcard_match() incorrectly accepted certificate patterns like foo.*.bar,
which violate standard wildcard rules and should not be permitted. Additionally, partial wildcard
patterns such as foo.a*c.bar were matched by GLib, further weakening the authentication mechanism.
This flaw could allow a monster-in-the-middle attacker to impersonate legitimate endpoints,
compromising the integrity of secure logging. Such wildcard mismatches must be explicitly rejected to ensure robust TLS validation.

ELA-1523-1 syslog-ng security update

ELA-1522-1 pam security update

Package : pam
Version : 1.1.8-3.6+deb9u1 (stretch), 1.3.1-5+deb10u1 (buster)

Related CVEs :
CVE-2024-22365
CVE-2025-6020

Multiple vulnerabilities were found in PAM namespace module
used to configure private namespaces for user sessions.

CVE-2024-22365
An attackers can cause a denial of service
(blocked login process) via mkfifo because the
openat call (for protect_dir) lacks O_DIRECTORY.

CVE-2025-6020
pam_namespace may use access user-controlled paths
without proper protection, allowing local users to elevate
their privileges to root via multiple symlink attacks
and race conditions.

ELA-1522-1 pam security update

[SECURITY] [DLA 4308-1] corosync security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4308-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
September 22, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : corosync
Version : 3.1.2-2+deb11u1
CVE ID : CVE-2025-30472

An issue has been found in corosync, a cluster engine daemon and
utilities. A stack-based buffer overflow may happen when encryption is
disabled or the attacker knows the encryption key and a large crafted UDP
packet has to be processed.

For Debian 11 bullseye, this problem has been fixed in version
3.1.2-2+deb11u1.

We recommend that you upgrade your corosync packages.

For the detailed security status of corosync please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/corosync

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[SECURITY] [DSA 6009-1] linux security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6009-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 22, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2024-47704 CVE-2024-57924 CVE-2024-58240 CVE-2025-23143
CVE-2025-23160 CVE-2025-37931 CVE-2025-37968 CVE-2025-38322
CVE-2025-38347 CVE-2025-38491 CVE-2025-38502 CVE-2025-38552
CVE-2025-38614 CVE-2025-38670 CVE-2025-38676 CVE-2025-38677
CVE-2025-38679 CVE-2025-38680 CVE-2025-38681 CVE-2025-38683
CVE-2025-38684 CVE-2025-38685 CVE-2025-38687 CVE-2025-38691
CVE-2025-38693 CVE-2025-38694 CVE-2025-38695 CVE-2025-38696
CVE-2025-38697 CVE-2025-38698 CVE-2025-38699 CVE-2025-38700
CVE-2025-38701 CVE-2025-38702 CVE-2025-38706 CVE-2025-38707
CVE-2025-38708 CVE-2025-38711 CVE-2025-38712 CVE-2025-38713
CVE-2025-38714 CVE-2025-38715 CVE-2025-38721 CVE-2025-38723
CVE-2025-38724 CVE-2025-38725 CVE-2025-38727 CVE-2025-38728
CVE-2025-38729 CVE-2025-38732 CVE-2025-38735 CVE-2025-38736
CVE-2025-39673 CVE-2025-39675 CVE-2025-39676 CVE-2025-39681
CVE-2025-39682 CVE-2025-39683 CVE-2025-39684 CVE-2025-39685
CVE-2025-39686 CVE-2025-39687 CVE-2025-39689 CVE-2025-39691
CVE-2025-39692 CVE-2025-39693 CVE-2025-39694 CVE-2025-39697
CVE-2025-39701 CVE-2025-39702 CVE-2025-39703 CVE-2025-39706
CVE-2025-39709 CVE-2025-39710 CVE-2025-39713 CVE-2025-39714
CVE-2025-39715 CVE-2025-39716 CVE-2025-39718 CVE-2025-39719
CVE-2025-39724 CVE-2025-39736 CVE-2025-39737 CVE-2025-39738
CVE-2025-39742 CVE-2025-39743 CVE-2025-39749 CVE-2025-39751
CVE-2025-39752 CVE-2025-39756 CVE-2025-39757 CVE-2025-39759
CVE-2025-39760 CVE-2025-39766 CVE-2025-39770 CVE-2025-39772
CVE-2025-39773 CVE-2025-39776 CVE-2025-39782 CVE-2025-39783
CVE-2025-39787 CVE-2025-39788 CVE-2025-39790 CVE-2025-39794
CVE-2025-39795 CVE-2025-39798 CVE-2025-39800 CVE-2025-39801
CVE-2025-39806 CVE-2025-39808 CVE-2025-39812 CVE-2025-39813
CVE-2025-39817 CVE-2025-39819 CVE-2025-39823 CVE-2025-39824
CVE-2025-39825 CVE-2025-39826 CVE-2025-39827 CVE-2025-39828
CVE-2025-39835 CVE-2025-39838 CVE-2025-39839 CVE-2025-39841
CVE-2025-39842 CVE-2025-39843 CVE-2025-39844 CVE-2025-39845
CVE-2025-39846 CVE-2025-39847 CVE-2025-39848 CVE-2025-39849
CVE-2025-39853 CVE-2025-39857 CVE-2025-39860 CVE-2025-39864
CVE-2025-39865 CVE-2025-39866 CVE-2025-40300

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

For the oldstable distribution (bookworm), these problems have been fixed
in version 6.1.153-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[SECURITY] [DSA 6008-1] linux security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6008-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 22, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2025-21751 CVE-2025-22103 CVE-2025-22113 CVE-2025-22124
CVE-2025-22125 CVE-2025-23133 CVE-2025-38272 CVE-2025-38306
CVE-2025-38453 CVE-2025-38502 CVE-2025-38556 CVE-2025-38676
CVE-2025-38677 CVE-2025-38730 CVE-2025-38732 CVE-2025-38733
CVE-2025-38734 CVE-2025-38735 CVE-2025-38736 CVE-2025-38737
CVE-2025-39673 CVE-2025-39675 CVE-2025-39676 CVE-2025-39679
CVE-2025-39681 CVE-2025-39682 CVE-2025-39683 CVE-2025-39684
CVE-2025-39685 CVE-2025-39686 CVE-2025-39687 CVE-2025-39689
CVE-2025-39691 CVE-2025-39692 CVE-2025-39693 CVE-2025-39694
CVE-2025-39695 CVE-2025-39697 CVE-2025-39698 CVE-2025-39700
CVE-2025-39701 CVE-2025-39702 CVE-2025-39703 CVE-2025-39705
CVE-2025-39706 CVE-2025-39707 CVE-2025-39709 CVE-2025-39710
CVE-2025-39711 CVE-2025-39712 CVE-2025-39713 CVE-2025-39714
CVE-2025-39715 CVE-2025-39716 CVE-2025-39718 CVE-2025-39719
CVE-2025-39720 CVE-2025-39721 CVE-2025-39722 CVE-2025-39723
CVE-2025-39724 CVE-2025-39759 CVE-2025-39765 CVE-2025-39766
CVE-2025-39767 CVE-2025-39770 CVE-2025-39772 CVE-2025-39773
CVE-2025-39776 CVE-2025-39779 CVE-2025-39780 CVE-2025-39781
CVE-2025-39782 CVE-2025-39783 CVE-2025-39787 CVE-2025-39788
CVE-2025-39790 CVE-2025-39791 CVE-2025-39800 CVE-2025-39801
CVE-2025-39805 CVE-2025-39806 CVE-2025-39807 CVE-2025-39808
CVE-2025-39810 CVE-2025-39811 CVE-2025-39812 CVE-2025-39813
CVE-2025-39815 CVE-2025-39817 CVE-2025-39819 CVE-2025-39823
CVE-2025-39824 CVE-2025-39825 CVE-2025-39826 CVE-2025-39827
CVE-2025-39828 CVE-2025-39829 CVE-2025-39831 CVE-2025-39832
CVE-2025-39835 CVE-2025-39836 CVE-2025-39838 CVE-2025-39839
CVE-2025-39841 CVE-2025-39842 CVE-2025-39843 CVE-2025-39844
CVE-2025-39845 CVE-2025-39846 CVE-2025-39847 CVE-2025-39848
CVE-2025-39849 CVE-2025-39850 CVE-2025-39851 CVE-2025-39852
CVE-2025-39853 CVE-2025-39854 CVE-2025-39857 CVE-2025-39860
CVE-2025-39861 CVE-2025-39863 CVE-2025-39864 CVE-2025-39865
CVE-2025-39866 CVE-2025-40300

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

For the stable distribution (trixie), these problems have been fixed in
version 6.12.48-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

ELA-1524-1 corosync security update

Package : corosync
Version : 2.4.2-3+deb9u2 (stretch), 3.0.1-2+deb10u2 (buster)

Related CVEs :
CVE-2025-30472

An issue has been found in corosync, a cluster engine daemon and
utilities. A stack-based buffer overflow may happen when encryption is
disabled or the attacker knows the encryption key and a large crafted UDP
packet has to be processed.

ELA-1524-1 corosync security update