Debian GNU/Linux 9 (Stretch) Extended LTS:
ELA-1559-1 openssl security update
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1561-1 xorg-server security update
ELA-1560-1 intel-microcode security update
Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1558-1 openssl security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4353-1] xorg-server security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6044-1] xorg-server security update
Debian GNU/Linux 13 (Trixie):
[DSA 6045-1] pdns-recursor security update
[SECURITY] [DSA 6044-1] xorg-server security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6044-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
October 29, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : xorg-server
CVE ID : CVE-2025-62229 CVE-2025-62230 CVE-2025-62231
Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server,
which may result in privilege escalation if the X server is running
privileged.
For the oldstable distribution (bookworm), these problems have been fixed
in version 2:21.1.7-3+deb12u11.
For the stable distribution (trixie), these problems have been fixed in
version 2:21.1.16-1.3+deb13u1.
We recommend that you upgrade your xorg-server packages.
For the detailed security status of xorg-server please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/xorg-server
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
ELA-1558-1 openssl security update
Package : openssl
Version : 1.1.1n-0+deb10u8 (buster)
Related CVEs :
CVE-2024-13176
CVE-2025-9230
Two vulnerabilities were found in OpenSSL, a Secure Sockets Layer toolkit:
CVE-2024-13176
A timing side-channel which could potentially allow recovering
the private key exists in the ECDSA signature computation.
CVE-2025-9230
An application trying to decrypt CMS messages encrypted using
password based encryption can trigger an out-of-bounds read and write.ELA-1558-1 openssl security update
[SECURITY] [DLA 4353-1] xorg-server security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4353-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
October 29, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : xorg-server
Version : 2:1.20.4-1+deb10u18
CVE ID : CVE-2025-62229 CVE-2025-62230 CVE-2025-62231
Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server,
which may result in privilege escalation if the X server is running
privileged.
For Debian 11 bullseye, these problems have been fixed in version
2:1.20.4-1+deb10u18.
We recommend that you upgrade your xorg-server packages.
For the detailed security status of xorg-server please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xorg-server
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
ELA-1559-1 openssl security update
Package : openssl
Version : 1.1.0l-1~deb9u11 (stretch)
Related CVEs :
CVE-2025-9230
Stanislav Fort discovered an out of bounds read and write issue when
decrypting CMS messages that were encrypted using password based
encryption.ELA-1559-1 openssl security update
[SECURITY] [DSA 6045-1] pdns-recursor security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6045-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 29, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : pdns-recursor
CVE ID : CVE-2025-59023 CVE-2025-59024
Two vulnerabiliites have been discovered in PDNS Recursor, a resolving
name server: Delegation information was insufficiently validated, which
could result in cache pollution.
These changes are too intrusive to be backported to the version of
the PDNS recursor in the oldstable distribution (bookworm). For
affected setups an update to Debian stable/trixie is recommended,
no further security updates for pdns-recursor in Bookworm will be issued.
For the stable distribution (trixie), these problems have been fixed in
version 5.2.6-0+deb13u1.
We recommend that you upgrade your pdns-recursor packages.
For the detailed security status of pdns-recursor please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pdns-recursor
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
ELA-1561-1 xorg-server security update
Package : xorg-server
Version : 2:1.19.2-1+deb9u23 (stretch), 2:1.20.4-1+deb10u18 (buster)
Related CVEs :
CVE-2025-62229
CVE-2025-62230
CVE-2025-62231
Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server,
which may result in privilege escalation if the X server is running
privileged.ELA-1561-1 xorg-server security update
ELA-1560-1 intel-microcode security update
Package : intel-microcode
Version : 3.20250812.1~deb9u1 (stretch), 3.20250812.1~deb10u1 (buster)
Related CVEs :
CVE-2025-20053
CVE-2025-20109
CVE-2025-21090
CVE-2025-22839
CVE-2025-22840
CVE-2025-22889
CVE-2025-24305
CVE-2025-26403
CVE-2025-32086
This update ships updated CPU microcode for some types of Intel CPUs and
provides mitigations for security vulnerabilities which could result in
privilege escalation or denial of service.
CVE-2025-20053
Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with
SGX enabled may allow a privileged user to potentially enable escalation of
privilege via local access.
CVE-2025-20109
Improper Isolation or Compartmentalization in the stream cache mechanism for
some Intel(R) Processors may allow an authenticated user to potentially enable
escalation of privilege via local access.
CVE-2025-21090
Missing reference to active allocated resource for some Intel(R) Xeon(R)
processors may allow an authenticated user to potentially enable denial of
service via local access.
CVE-2025-22839
Insufficient granularity of access control in the OOB-MSM for some Intel(R)
Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable
escalation of privilege via adjacent access.
CVE-2025-22840
Sequence of processor instructions leads to unexpected behavior for some
Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to
potentially enable escalation of privilege via local access
CVE-2025-22889
Improper handling of overlap between protected memory ranges for some Intel(R)
Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to
potentially enable escalation of privilege via local access.
CVE-2025-24305
Insufficient control flow management in the Alias Checking Trusted Module
(ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged
user to potentially enable escalation of privilege via local access.
CVE-2025-26403
Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6
processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user
to potentially enable escalation of privilege via local access.
CVE-2025-32086
Improperly implemented security check for standard in the DDRIO configuration
for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX
may allow a privileged user to potentially enable escalation of privilege via
local access.ELA-1560-1 intel-microcode security update
