Debian GNU/Linux has released vital security updates for two packages: libxslt and openjdk-17, addressing vulnerabilities in both the stable and oldstable distributions.
- CVE-2023-40403: This vulnerability involves weak memory handling in the `generated-id()` function, potentially leading to information disclosure.
- CVE-2025-7424: This vulnerability entails a type confusion issue in `xmlNode.psvi`, which could allow attackers to crash applications or corrupt memory.
The updates are as follows:
- For Debian 12 (bookworm), the fixed version is 1.1.35-1+deb12u2.
- For Debian 13 (trixie), the fixed version is 1.1.35-1.2+deb13u1.
Users are encouraged to upgrade their libxslt packages promptly to mitigate these security risks.
- CVE-2025-30749
- CVE-2025-30754
- CVE-2025-50059
- CVE-2025-50106
These vulnerabilities could lead to denial of service, information disclosure, or compromise of TLS connections. The affected version has been updated to 17.0.16+8-1~deb11u1 for Debian 11 (bullseye).
In conclusion, staying updated with security patches is crucial for maintaining system integrity and protecting sensitive data from potential attacks. Regular upgrades and monitoring of security advisories are essential best practices for all Debian users
LibXSLT Security Update
On August 19, 2025, the Debian Security Advisory DSA-5979-1 announced updates to the libxslt package, which is an XSLT 1.0 processing library. Two critical vulnerabilities have been identified:- CVE-2023-40403: This vulnerability involves weak memory handling in the `generated-id()` function, potentially leading to information disclosure.
- CVE-2025-7424: This vulnerability entails a type confusion issue in `xmlNode.psvi`, which could allow attackers to crash applications or corrupt memory.
The updates are as follows:
- For Debian 12 (bookworm), the fixed version is 1.1.35-1+deb12u2.
- For Debian 13 (trixie), the fixed version is 1.1.35-1.2+deb13u1.
Users are encouraged to upgrade their libxslt packages promptly to mitigate these security risks.
OpenJDK-17 Security Update
Also on August 19, 2025, the Debian LTS Advisory DLA-4275-1 reported multiple vulnerabilities in the openjdk-17 package, which is the Java runtime environment. The identified vulnerabilities include:- CVE-2025-30749
- CVE-2025-30754
- CVE-2025-50059
- CVE-2025-50106
These vulnerabilities could lead to denial of service, information disclosure, or compromise of TLS connections. The affected version has been updated to 17.0.16+8-1~deb11u1 for Debian 11 (bullseye).
Recommendations
Debian users are strongly urged to upgrade their libxslt and openjdk-17 packages to protect against these vulnerabilities. For further details regarding the security status and instructions for applying these updates, users can refer to the respective security tracker pages for libxslt and openjdk-17.Additional Information
For general guidance on Debian security advisories, how to implement updates, and answers to frequently asked questions, users can visit the official Debian security and LTS websites.In conclusion, staying updated with security patches is crucial for maintaining system integrity and protecting sensitive data from potential attacks. Regular upgrades and monitoring of security advisories are essential best practices for all Debian users
LibXSLT and OpenJDK updates for Debian
Debian GNU/Linux has received two security updates: A libxslt update for both Debian 12 and 13 and an openjdk-17 update for Debian 11 LTS
[DSA 5979-1] libxslt security update
[DLA 4275-1] openjdk-17 security update
