Debian GNU/Linux has released several important security updates targeting vulnerabilities in FFmpeg, LuaJIT, and the Firebird database. These updates address critical issues that could lead to denial of service or arbitrary code execution when processing malformed files.

FFmpeg Security Update

The FFmpeg update resolves multiple Common Vulnerabilities and Exposures (CVEs), including CVE-2023-49502, CVE-2023-50007, and others. These vulnerabilities could result in denial of service or arbitrary code execution if untrusted files or streams are processed. The fixed version for Debian 12 (Bookworm) is 7:5.1.7-0+deb12u1. Users are encouraged to upgrade their FFmpeg packages to mitigate these risks.

LuaJIT Security Update

The LuaJIT update addresses several vulnerabilities (CVE-2019-19391, CVE-2020-15890, among others) that could lead to denial of service. These include type confusion, out-of-bounds reads, and stack buffer overflows. For Debian 11 (Bullseye), the updated version is 2.1.0~beta3+dfsg-5.3+deb11u1. Users should upgrade their LuaJIT packages to the patched version provided.

Firebird Database Security Update

A security update has also been issued for the Firebird database, fixing an issue related to XDR message parsing that could lead to a NULL pointer dereference (CVE-2025-54989). The version affected in Debian 10 (Buster) is 3.0.5.33100.ds4-2+deb10u1, and users are advised to apply the updates to secure their installations.

Extended Support and Recommendations

- For Debian 10 (Buster): ELA-1507-1 (LuaJIT) and ELA-1506-1 (Firebird)
- For Debian 11 (Bullseye): DLA-4283-1 (LuaJIT)
- For Debian 12 (Bookworm): DSA-5985-1 (FFmpeg)

To ensure systems remain secure, users should regularly check for updates and apply security patches promptly. More detailed information on the vulnerabilities and how to apply these updates can be found on the Debian security advisory pages.

In summary, these updates reflect Debian's ongoing commitment to maintaining system security and addressing vulnerabilities proactively. Users are strongly encouraged to keep their systems up to date and monitor for any new advisories released in the future to safeguard against potential threats

FFmpeg, luajit, and Firebird updates for Debian

Multiple security updates have been released for Debian GNU/Linux, including fixes for vulnerabilities in FFmpeg, luajit, and Firebird database. The FFmpeg update addresses several CVEs that could lead to denial of service or arbitrary code execution if malformed files are processed. The luajit update resolves multiple issues that could result in denial of service, including type confusion, out-of-bounds reads, and stack-buffer overflows. Additionally, a security update has been released for the Firebird database, which fixes an XDR message parsing NULL pointer dereference issue (CVE-2025-54989).

Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1507-1 luajit security update
ELA-1506-1 firebird3.0 security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4283-1] luajit security update

Debian GNU/Linux 12 (Bookworm):
[DSA 5985-1] ffmpeg security update

FFmpeg, luajit, and Firebird updates for Debian @ Linux Compatible