Debian GNU/Linux has recently released critical security updates for several packages, including DCMTK, Traffic Server, Nginx, and Symfony. These updates aim to address vulnerabilities that could pose risks to system security.
For Debian 10 (Buster), the Extended LTS version received a security update for Symfony (ELA-1471-1), addressing vulnerabilities identified as CVE-2024-50343 and CVE-2024-50345. The first vulnerability involves a potential bypass of validators due to input ending with a newline, while the second relates to URI parsing issues that could allow attackers to redirect users to malicious domains.
In Debian 11 (Bullseye), two significant updates were issued: one for DCMTK (DLA 4227-1) and another for Nginx (DLA 4228-1). The update for DCMTK addresses multiple vulnerabilities, including path traversal issues that could lead to remote code execution and various buffer overflows that might result in denial of service or memory corruption. The specific vulnerabilities are cataloged under several CVE identifiers, including CVE-2022-2119 and CVE-2025-2357, among others.
The Nginx update targets vulnerabilities within the ngx_http_lua_module, which could lead to request smuggling and cache poisoning. The fixed vulnerabilities include CVE-2020-36309 and CVE-2024-33452, which could allow unsafe characters in arguments and facilitate HTTP request smuggling through crafted requests.
For Debian 12 (Bookworm), an update was issued for Traffic Server (DSA 5948-1), fixing vulnerabilities that could result in denial of service or incorrect processing of access control lists (ACLs). The vulnerabilities are identified under CVE-2024-53868, CVE-2025-31698, and CVE-2025-49763.
Users are strongly encouraged to upgrade their respective packages to mitigate potential security risks. For detailed information regarding the security status of these packages and how to apply the updates, users can refer to the Debian security tracker and the LTS wiki.
In summary, ongoing vigilance is crucial for maintaining security in Debian installations, particularly as new vulnerabilities are discovered and patched. Users should regularly check for updates and apply them promptly to ensure the integrity and security of their systems
For Debian 10 (Buster), the Extended LTS version received a security update for Symfony (ELA-1471-1), addressing vulnerabilities identified as CVE-2024-50343 and CVE-2024-50345. The first vulnerability involves a potential bypass of validators due to input ending with a newline, while the second relates to URI parsing issues that could allow attackers to redirect users to malicious domains.
In Debian 11 (Bullseye), two significant updates were issued: one for DCMTK (DLA 4227-1) and another for Nginx (DLA 4228-1). The update for DCMTK addresses multiple vulnerabilities, including path traversal issues that could lead to remote code execution and various buffer overflows that might result in denial of service or memory corruption. The specific vulnerabilities are cataloged under several CVE identifiers, including CVE-2022-2119 and CVE-2025-2357, among others.
The Nginx update targets vulnerabilities within the ngx_http_lua_module, which could lead to request smuggling and cache poisoning. The fixed vulnerabilities include CVE-2020-36309 and CVE-2024-33452, which could allow unsafe characters in arguments and facilitate HTTP request smuggling through crafted requests.
For Debian 12 (Bookworm), an update was issued for Traffic Server (DSA 5948-1), fixing vulnerabilities that could result in denial of service or incorrect processing of access control lists (ACLs). The vulnerabilities are identified under CVE-2024-53868, CVE-2025-31698, and CVE-2025-49763.
Users are strongly encouraged to upgrade their respective packages to mitigate potential security risks. For detailed information regarding the security status of these packages and how to apply the updates, users can refer to the Debian security tracker and the LTS wiki.
In summary, ongoing vigilance is crucial for maintaining security in Debian installations, particularly as new vulnerabilities are discovered and patched. Users should regularly check for updates and apply them promptly to ensure the integrity and security of their systems
DCMTK, Traffic Server, Nginx, and Symfony updates for Debian
Debian GNU/Linux has undergone multiple security updates, which include DCMTK, Traffic Server, Nginx, and Symfony.
Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1471-1 symfony security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4227-1] dcmtk security update
[DLA 4228-1] nginx security update
Debian GNU/Linux 12 (Bookworm):
[DSA 5948-1] trafficserver security updateDCMTK, Traffic Server, Nginx, and Symfony updates for Debian @ Linux Compatible
