Debian GNU/Linux has released significant security updates across various software packages, including Chromium, Firefox-ESR, Squid, and Apache2, enhancing system security for users on different Debian versions.
1. Debian GNU/Linux 10 (Buster) - Extended LTS:
- Apache2 Security Update (ELA-1502-1): Several vulnerabilities addressed, including issues that could lead to HTTP response splitting, Server Side Request Forgery (SSRF), and access control bypass. It is crucial to upgrade to version 2.4.59-1~deb10u5.
2. Debian GNU/Linux 11 (Bullseye) - LTS:
- Firefox-ESR Security Update (DLA 4277-1): Multiple critical vulnerabilities were patched, potentially allowing arbitrary code execution and bypassing security policies. The fixed version is 128.14.0esr-1~deb11u1.
3. Debian GNU/Linux 12 (Bookworm):
- Squid Security Update (DSA 5982-1): Two security vulnerabilities were resolved, which could lead to arbitrary code execution and denial of service. Users should upgrade to version 5.7-2+deb12u3.
- Chromium Security Update (DSA 5981-1): A critical flaw was identified that could permit arbitrary code execution or denial of service. The issue is fixed in version 139.0.7258.138-1~deb12u1 for Bookworm and 139.0.7258.138-1~deb13u1 for Trixie.
- Chromium (CVE-2025-9132): The vulnerability could lead to severe security breaches. Users are advised to upgrade their Chromium packages immediately.
- Firefox-ESR (CVE-2025-9179, CVE-2025-9180, CVE-2025-9181, CVE-2025-9185): These vulnerabilities pose serious risks, such as arbitrary code execution and security policy bypass, necessitating an upgrade to the latest version.
- Squid (CVE-2023-5824, CVE-2025-54574): Both vulnerabilities could allow for significant security compromises, including denial of service attacks.
- Apache2 (CVE-2024-42516, CVE-2024-43204, CVE-2024-47252, CVE-2025-23048, CVE-2025-49630, CVE-2025-49812, CVE-2025-53020): Multiple vulnerabilities including HTTP response splitting, SSRF, insufficient data escaping, and potential denial of service attacks were addressed. Notably, one fix may trigger errors on SSL-enabled websites due to the handling of TLS 1.3 session resumption.
All Debian users are strongly encouraged to apply these updates promptly to safeguard their systems against known vulnerabilities. Detailed information regarding the security status of each package can be found on the Debian security tracker pages. For instructions on applying updates and additional FAQs, users can visit the Debian security website and the LTS wiki.
As cyber threats evolve, keeping software updated is essential for maintaining system integrity. The recent updates from Debian reflect ongoing efforts to enhance security and protect users from potential exploits. Regular maintenance and updates should be a priority for all system administrators and users
Updates Overview:
1. Debian GNU/Linux 10 (Buster) - Extended LTS:
- Apache2 Security Update (ELA-1502-1): Several vulnerabilities addressed, including issues that could lead to HTTP response splitting, Server Side Request Forgery (SSRF), and access control bypass. It is crucial to upgrade to version 2.4.59-1~deb10u5.
2. Debian GNU/Linux 11 (Bullseye) - LTS:
- Firefox-ESR Security Update (DLA 4277-1): Multiple critical vulnerabilities were patched, potentially allowing arbitrary code execution and bypassing security policies. The fixed version is 128.14.0esr-1~deb11u1.
3. Debian GNU/Linux 12 (Bookworm):
- Squid Security Update (DSA 5982-1): Two security vulnerabilities were resolved, which could lead to arbitrary code execution and denial of service. Users should upgrade to version 5.7-2+deb12u3.
- Chromium Security Update (DSA 5981-1): A critical flaw was identified that could permit arbitrary code execution or denial of service. The issue is fixed in version 139.0.7258.138-1~deb12u1 for Bookworm and 139.0.7258.138-1~deb13u1 for Trixie.
Detailed Security Issues:
- Chromium (CVE-2025-9132): The vulnerability could lead to severe security breaches. Users are advised to upgrade their Chromium packages immediately.
- Firefox-ESR (CVE-2025-9179, CVE-2025-9180, CVE-2025-9181, CVE-2025-9185): These vulnerabilities pose serious risks, such as arbitrary code execution and security policy bypass, necessitating an upgrade to the latest version.
- Squid (CVE-2023-5824, CVE-2025-54574): Both vulnerabilities could allow for significant security compromises, including denial of service attacks.
- Apache2 (CVE-2024-42516, CVE-2024-43204, CVE-2024-47252, CVE-2025-23048, CVE-2025-49630, CVE-2025-49812, CVE-2025-53020): Multiple vulnerabilities including HTTP response splitting, SSRF, insufficient data escaping, and potential denial of service attacks were addressed. Notably, one fix may trigger errors on SSL-enabled websites due to the handling of TLS 1.3 session resumption.
Recommendations:
All Debian users are strongly encouraged to apply these updates promptly to safeguard their systems against known vulnerabilities. Detailed information regarding the security status of each package can be found on the Debian security tracker pages. For instructions on applying updates and additional FAQs, users can visit the Debian security website and the LTS wiki.
Conclusion:
As cyber threats evolve, keeping software updated is essential for maintaining system integrity. The recent updates from Debian reflect ongoing efforts to enhance security and protect users from potential exploits. Regular maintenance and updates should be a priority for all system administrators and users
Chromium, Firefox-ESR, Squid, Apache2 updates for Debian
Debian GNU/Linux has been updated with multiple security enhancements, which include updates for Chromium, Firefox-ESR, Squid, and Apache2:
Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1502-1 apache2 security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4277-1] firefox-esr security update
Debian GNU/Linux 12 (Bookworm):
[DSA 5982-1] squid security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 5981-1] chromium security updateChromium, Firefox-ESR, Squid, Apache2 updates for Debian @ Linux Compatible
