Trixie distributions, respectively, as well as in version 2.9.2-2+deb11u3 for Debian 11 Bullseye. Additionally, an issue was found in golang-github-gin-contrib-cors (CVE-2019-25211) that could allow an attacker to circumvent CORS restrictions due to improper wildcard handling, which has been fixed in version 1.3.1-1+deb11u1 for Debian 11 Bullseye. It is recommended to upgrade the affected packages to fix these security vulnerabilities and prevent potential attacks.
[DSA 5989-1] udisks2 security update
[DLA 4285-1] golang-github-gin-contrib-cors security
[DLA 4284-1] udisks2 security update
[SECURITY] [DSA 5989-1] udisks2 security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5989-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
August 28, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : udisks2
CVE ID : CVE-2025-8067
Michael Imfeld discovered an out-of-bounds read vulnerability in
udisks2, a D-Bus service to access and manipulate storage devices, which
may result in denial of service (daemon process crash), or in mapping an
internal file descriptor from the daemon process onto a loop device,
resulting in local privilege escalation.
For the oldstable distribution (bookworm), this problem has been fixed
in version 2.9.4-4+deb12u2.
For the stable distribution (trixie), this problem has been fixed in
version 2.10.1-12.1+deb13u1.
We recommend that you upgrade your udisks2 packages.
For the detailed security status of udisks2 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/udisks2
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
[SECURITY] [DLA 4285-1] golang-github-gin-contrib-cors security
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4285-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
August 28, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : golang-github-gin-contrib-cors
Version : 1.3.1-1+deb11u1
CVE ID : CVE-2019-25211
An issue has been found in golang-github-gin-contrib-cors, a Gin
middleware/handler to enable CORS support. The issue is related to
improper wildcard handling and an attacker might be able to circumvent
restrictions.
For Debian 11 bullseye, this problem has been fixed in version
1.3.1-1+deb11u1.
We recommend that you upgrade your golang-github-gin-contrib-cors
packages.
For the detailed security status of golang-github-gin-contrib-cors please
refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/golang-github-gin-contrib-cors
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[SECURITY] [DLA 4284-1] udisks2 security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4284-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
August 28, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : udisks2
Version : 2.9.2-2+deb11u3
CVE ID : CVE-2025-8067
Michael Imfeld discovered an out-of-bounds read vulnerability in udisks2,
which may result in denial of service (daemon process crash), or in
mapping an internal file descriptor from the daemon process onto a loop
device, resulting in local privilege escalation.
For Debian 11 bullseye, this problem has been fixed in version
2.9.2-2+deb11u3.
We recommend that you upgrade your udisks2 packages.
For the detailed security status of udisks2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/udisks2
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
