Debian GNU/Linux has released multiple security updates addressing vulnerabilities in important packages, including iperf3, unbound, and firebird3.0. These updates specifically target issues such as heap buffer overflows, shell code injections, and denial of service attacks that could arise from specially timed DNS queries and responses. The affected package versions span across various Debian releases, including Debian 9 (Stretch), Debian 10 (Buster), and Debian 11 (Bullseye).

Key Security Updates:

1. iperf3 (ELA-1505-1):
- Version: 3.9-1+deb11u3 (Stretch), 3.9-1+deb11u3 (Buster)
- Vulnerabilities addressed:
- CVE-2025-54349: Heap buffer overflow.
- CVE-2025-54350: Reachable assert.

2. unbound (ELA-1504-1 / ELA-1503-1):
- Version: 1.9.0-2+deb10u2 (Stretch), 1.9.0-2+deb10u6 (Buster)
- Vulnerabilities addressed include:
- CVE-2019-18934: Shell code injection (only affects builds with specific configurations).
- CVE-2024-33655: Potential denial of service via DNSBomb attacks, mitigated by new configuration options.
- CVE-2025-5994: Vulnerability related to outgoing ECS information leading to a rebirth day attack.

3. firebird3.0 (DLA 4282-1):
- Version: 3.0.7.33374.ds4-2+deb11u1
- Vulnerability addressed:
- CVE-2025-54989: A NULL pointer dereference during XDR message parsing.

Recommendations:

- Users are strongly encouraged to upgrade their packages for iperf3, unbound, and firebird3.0 to mitigate these vulnerabilities effectively.
- For detailed security tracking and additional information regarding the updates, users should refer to the Debian security tracker pages for each package.

Summary of Update Processes:

- To ensure the security of Debian systems, administrators should regularly check for updates and apply them promptly. Detailed guidance on applying updates can be found on Debian's LTS wiki page, which also addresses frequently asked questions about security advisories and their implications.

Overall, these updates reflect Debian's commitment to maintaining a secure operating environment for its users by continually addressing vulnerabilities as they arise

Iperf3, Unbound, Firebird updates for Debian

Multiple security updates have been released for Debian GNU/Linux systems, including iperf3, unbound, and firebird3.0, to address vulnerabilities such as heap buffer overflows, shell code injection, and denial of service attacks via specially timed DNS queries and answers. The affected versions include 3.9-1+deb11u3deb9u1 for iperf3 and 1.9.0-2+deb10u2deb9u6 for unbound, both for Debian 9 (Stretch) ELTS; 1.9.0-2+deb10u6 for unbound on Debian 10 (Buster) ELTS; and 3.0.7.33374.ds4-2+deb11u1 for firebird3.0 on Debian 11 (Bullseye) LTS:

ELA-1505-1 iperf3 security update
ELA-1504-1 unbound1.9 security update
ELA-1503-1 unbound security update
[DLA 4282-1] firebird3.0 security update

Iperf3, Unbound, Firebird updates for Debian @ Linux Compatible