Two security updates have been released for Debian: Zabbix for Debian GNU/Linux 11 (Bullseye) LTS and Wireshark for Debian GNU/Linux 13 (Trixie). The Zabbix update fixes a vulnerability that allows remote code execution due to an attacker injecting unexpected arguments into the smartctl command, while the Wireshark update addresses multiple vulnerabilities that could result in denial of service or arbitrary code execution. Both updates recommend upgrading the respective packages to fix the security issues.

[DLA 4473-1] zabbix security update
[DSA 6124-1] wireshark security update

[SECURITY] [DLA 4473-1] zabbix security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4473-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Bastien Roucari??s
February 08, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : zabbix
Version : 1:5.0.47+dfsg-0+deb11u1
CVE ID : CVE-2025-27234

zabbix a popular network monitoring solution was affected by a
vulnerabilty.

Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get
parameters, allowing an attacker to inject unexpected arguments into
the smartctl command. In Zabbix 5.0 this allows for remote code execution.

For Debian 11 bullseye, this problem has been fixed in version
1:5.0.47+dfsg-0+deb11u1.

We recommend that you upgrade your zabbix packages.

For the detailed security status of zabbix please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/zabbix

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[SECURITY] [DSA 6124-1] wireshark security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6124-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 08, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : wireshark
CVE ID : CVE-2025-9817 CVE-2025-11626 CVE-2025-13499 CVE-2025-13945
CVE-2025-13946 CVE-2026-0959 CVE-2026-0960 CVE-2026-0961
CVE-2026-0962

Multiple vulnerabilities have been discocvered in Wireshark, a network
protocol analyzer which could result in denial of service or the
execution of arbitrary code.

For the stable distribution (trixie), these problems have been fixed in
version 4.4.13-0+deb13u1.

We recommend that you upgrade your wireshark packages.

For the detailed security status of wireshark please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wireshark

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/