Debian has released security updates for FFmpeg and Redis in its various distributions.
On July 14, 2025, a security advisory (DLA-4241-1) was issued for FFmpeg in Debian GNU/Linux 11 (Bullseye) LTS, addressing multiple vulnerabilities identified by CVE-2023-6601, CVE-2023-6602, CVE-2023-6604, and CVE-2023-6605. These vulnerabilities include issues such as the triggering of arbitrary demuxers via base64 data URIs, improper parsing of HLS playlist input files, and the potential for arbitrary HTTP GET requests through specially crafted DASH playlists. Users are encouraged to upgrade to the fixed version 7:4.3.9-0+deb11u1 to mitigate these risks.
Additionally, a Redis security update (ELA-1481-1) was released for Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS. This update addresses two vulnerabilities: CVE-2025-32023, which could allow an authenticated user to exploit a crafted string for a stack/heap out-of-bounds write during hyperloglog operations, potentially leading to remote code execution; and CVE-2025-48367, which could expose installations to Denial of Service (DoS) attacks through unauthenticated connections causing repeated IP protocol errors.
To ensure the security and stability of systems running these versions of Debian, users are strongly advised to apply these updates promptly. For detailed information regarding these advisories, users can visit the respective security tracker pages for FFmpeg and Redis, along with additional guidance on how to apply updates and address frequently asked questions on the Debian LTS wiki.
In conclusion, maintaining up-to-date software is crucial for safeguarding systems against vulnerabilities. Users should regularly check for security updates and apply them as necessary to protect their data and infrastructure
On July 14, 2025, a security advisory (DLA-4241-1) was issued for FFmpeg in Debian GNU/Linux 11 (Bullseye) LTS, addressing multiple vulnerabilities identified by CVE-2023-6601, CVE-2023-6602, CVE-2023-6604, and CVE-2023-6605. These vulnerabilities include issues such as the triggering of arbitrary demuxers via base64 data URIs, improper parsing of HLS playlist input files, and the potential for arbitrary HTTP GET requests through specially crafted DASH playlists. Users are encouraged to upgrade to the fixed version 7:4.3.9-0+deb11u1 to mitigate these risks.
Additionally, a Redis security update (ELA-1481-1) was released for Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS. This update addresses two vulnerabilities: CVE-2025-32023, which could allow an authenticated user to exploit a crafted string for a stack/heap out-of-bounds write during hyperloglog operations, potentially leading to remote code execution; and CVE-2025-48367, which could expose installations to Denial of Service (DoS) attacks through unauthenticated connections causing repeated IP protocol errors.
To ensure the security and stability of systems running these versions of Debian, users are strongly advised to apply these updates promptly. For detailed information regarding these advisories, users can visit the respective security tracker pages for FFmpeg and Redis, along with additional guidance on how to apply updates and address frequently asked questions on the Debian LTS wiki.
In conclusion, maintaining up-to-date software is crucial for safeguarding systems against vulnerabilities. Users should regularly check for security updates and apply them as necessary to protect their data and infrastructure
FFmpeg and Redis security updates for Debian
A security update for FFmpeg has been issued for Debian GNU/Linux 11 (Bullseye) LTS, along with a Redis update for Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS.
[DLA 4241-1] ffmpeg security update
ELA-1481-1 redis security updateFFmpeg and Redis security updates for Debian @ Linux Compatible
