Debian has released important security updates addressing vulnerabilities in two packages: Atop for Debian 11 LTS and Ruby 2.1 for Debian 8 ELTS.
Release Date: April 06, 2025
CVE ID: CVE-2025-31160
Affected Package: atop (Version 2.6.0-2+deb11u1)
The Atop monitoring tool, which tracks system resources and process activity, was found to have a vulnerability that involved an attempt to connect to the atopgpud daemon port without proper data sanitization. This connection could lead to security risks if the port is exploited. The recent update enhances data validation and modifies the default behavior to prevent automatic connections to the atopgpud daemon unless specifically requested with the `-k` option. Users are advised to upgrade their Atop packages to the latest version for improved security.
For more details on the security status of Atop, refer to the [security tracker page](https://security-tracker.debian.org/tracker/atop).
Affected Package: ruby2.1 (Version 2.1.5-2+deb8u16)
Ruby, a widely-used scripting language, has been identified with several vulnerabilities that could lead to serious issues:
1. CVE-2025-27219: A Denial of Service (DoS) vulnerability in the CGI gem's `CGI::Cookie.parse` method, which fails to limit the length of cookie values, potentially exhausting system resources when processing excessively large cookies.
2. CVE-2025-27220: A Regular Expression Denial of Service (ReDoS) vulnerability in the `Util#escapeElement` method of the CGI gem.
3. CVE-2025-27221: A URI handling vulnerability that inadvertently retains user authentication credentials in certain URI methods, leading to potential information leakage.
Users running Ruby 2.1 on Debian 8 are encouraged to update their installations to mitigate these vulnerabilities.
For additional information on applying these updates, as well as answers to frequently asked questions, visit the [Debian LTS Wiki](https://wiki.debian.org/LTS).
Atop Security Update
Advisory ID: DLA-4117-1Release Date: April 06, 2025
CVE ID: CVE-2025-31160
Affected Package: atop (Version 2.6.0-2+deb11u1)
The Atop monitoring tool, which tracks system resources and process activity, was found to have a vulnerability that involved an attempt to connect to the atopgpud daemon port without proper data sanitization. This connection could lead to security risks if the port is exploited. The recent update enhances data validation and modifies the default behavior to prevent automatic connections to the atopgpud daemon unless specifically requested with the `-k` option. Users are advised to upgrade their Atop packages to the latest version for improved security.
For more details on the security status of Atop, refer to the [security tracker page](https://security-tracker.debian.org/tracker/atop).
Ruby 2.1 Security Update
Advisory ID: ELA-1381-1Affected Package: ruby2.1 (Version 2.1.5-2+deb8u16)
Ruby, a widely-used scripting language, has been identified with several vulnerabilities that could lead to serious issues:
1. CVE-2025-27219: A Denial of Service (DoS) vulnerability in the CGI gem's `CGI::Cookie.parse` method, which fails to limit the length of cookie values, potentially exhausting system resources when processing excessively large cookies.
2. CVE-2025-27220: A Regular Expression Denial of Service (ReDoS) vulnerability in the `Util#escapeElement` method of the CGI gem.
3. CVE-2025-27221: A URI handling vulnerability that inadvertently retains user authentication credentials in certain URI methods, leading to potential information leakage.
Users running Ruby 2.1 on Debian 8 are encouraged to update their installations to mitigate these vulnerabilities.
For additional information on applying these updates, as well as answers to frequently asked questions, visit the [Debian LTS Wiki](https://wiki.debian.org/LTS).
Summary
The updates for Atop and Ruby address significant security vulnerabilities that could impact system performance and data security. Users are strongly recommended to apply these updates promptly to ensure their systems remain secure and functionalAtop and Ruby updates for Debian
Debian GNU/Linux has been updated with two security updates: Atop for Debian 11 LTS and Ruby 2.1 for Debian 8 ELTS
[DLA 4117-1] atop security update
ELA-1381-1 ruby2.1 security update
