Debian GNU/Linux has recently released important security updates for two widely used applications: Asterisk and Roundcube, specifically targeting Debian 11 and Debian 12, respectively.
Asterisk Security Update (DLA 4206-1)
- Version: 1:16.28.0~dfsg-0+deb11u7
- CVE IDs: CVE-2025-47779, CVE-2025-47780
- Vulnerabilities:
- CVE-2025-47779: A vulnerability in SIP MESSAGE requests can allow authenticated attackers to spoof user identities and send spam messages, potentially leading to trust issues.
- CVE-2025-47780: A misconfiguration in the Asterisk CLI permissions allows unauthorized execution of shell commands. A new configuration option, 'disable_remote_console_shell', has been introduced to mitigate this risk.
Users are encouraged to upgrade their Asterisk packages to ensure they are protected against these vulnerabilities. More details are available on the [security tracker page](https://security-tracker.debian.org/tracker/asterisk).
Roundcube Security Update (DSA 5934-1)
- CVE ID: CVE-2025-49113
- Vulnerability: A critical issue involving missing input validation in Roundcube Webmail could allow for unauthorized code execution.
This vulnerability has been addressed in version 1.6.5+dfsg-1+deb12u5 for Debian 12. Users should also upgrade their Roundcube packages to safeguard against this threat. Further information can be found on the [security tracker page](https://security-tracker.debian.org/tracker/roundcube).
General Recommendations:
Debian users are advised to apply these updates promptly to maintain system security. Additional resources on applying these updates and FAQs can be found on the [Debian LTS](https://wiki.debian.org/LTS) and [Debian Security](https://www.debian.org/security/) websites.
In conclusion, keeping software up to date is crucial for security and stability, especially in environments where such applications are integral to communication and data management
Asterisk Security Update (DLA 4206-1)
- Version: 1:16.28.0~dfsg-0+deb11u7
- CVE IDs: CVE-2025-47779, CVE-2025-47780
- Vulnerabilities:
- CVE-2025-47779: A vulnerability in SIP MESSAGE requests can allow authenticated attackers to spoof user identities and send spam messages, potentially leading to trust issues.
- CVE-2025-47780: A misconfiguration in the Asterisk CLI permissions allows unauthorized execution of shell commands. A new configuration option, 'disable_remote_console_shell', has been introduced to mitigate this risk.
Users are encouraged to upgrade their Asterisk packages to ensure they are protected against these vulnerabilities. More details are available on the [security tracker page](https://security-tracker.debian.org/tracker/asterisk).
Roundcube Security Update (DSA 5934-1)
- CVE ID: CVE-2025-49113
- Vulnerability: A critical issue involving missing input validation in Roundcube Webmail could allow for unauthorized code execution.
This vulnerability has been addressed in version 1.6.5+dfsg-1+deb12u5 for Debian 12. Users should also upgrade their Roundcube packages to safeguard against this threat. Further information can be found on the [security tracker page](https://security-tracker.debian.org/tracker/roundcube).
General Recommendations:
Debian users are advised to apply these updates promptly to maintain system security. Additional resources on applying these updates and FAQs can be found on the [Debian LTS](https://wiki.debian.org/LTS) and [Debian Security](https://www.debian.org/security/) websites.
In conclusion, keeping software up to date is crucial for security and stability, especially in environments where such applications are integral to communication and data management
Asterisk and Roundcube updates for Debian
Debian GNU/Linux has been updated with two security updates: Asterisk for Debian 11 and Roundcube for Debian 12
[DLA 4206-1] asterisk security update
[DSA 5934-1] roundcube security updateAsterisk and Roundcube updates for Debian @ Linux Compatible
