Debian has released several security updates aimed at addressing vulnerabilities in key software packages, impacting various versions of the Debian operating system. Notably, the mbedtls package for Debian 11 LTS has been updated to version 2.16.9-0.1+deb11u3. This revision rectifies an incomplete fix from a previous update that still allowed for use-after-free vulnerabilities under specific circumstances.

Additionally, the firebird4.0 package has been updated for Debian 13, moving to version 4.0.5.3140.ds6-17+deb13u1, while the apache2 package has been upgraded to version 2.4.25-3+deb9u21 for Debian 9 ELTS. These updates address multiple vulnerabilities that could lead to denial of service or authentication bypass, which are critical security concerns for users and administrators alike.

The updates include specific advisories, such as:

1. MbedTLS Security Update (DLA 4274-2): Resolves the CVE-2025-47917 vulnerability related to use-after-free issues. Users are urged to upgrade to the latest version to mitigate risks.
2. Firebird Database Security Update (DSA 5992-1): Addresses vulnerabilities (CVE-2025-24975, CVE-2025-54989) that could lead to denial of service and authentication bypass. Users are advised to install the latest version to enhance security.
3. Apache Web Server Security Update (ELA-1509-1): This comprehensive update covers several critical vulnerabilities affecting Apache, including potential denial of service and access control bypass issues. Notable CVEs include CVE-2024-42516 (HTTP response splitting) and CVE-2025-23048 (access control bypass with TLS 1.3). Users are informed that some websites may encounter the error AH02032 after the update due to SSL configuration changes.

To ensure ongoing security, users are encouraged to apply these updates promptly. The advisories provide links to the security tracker pages for each package, offering further insights and guidance. Administrators should also review their configurations, particularly for SSL/TLS settings, to prevent potential connectivity issues stemming from the updates.

In summary, these updates are part of Debian's ongoing commitment to improving security across its software ecosystem, highlighting the importance of regular maintenance and timely upgrades for users to protect their systems against vulnerabilities. Users are advised to stay informed about future updates and to conduct regular security assessments of their installations

Mbedtls, Firefox, Apache updates for Debian

Debian has issued multiple security updates to mitigate vulnerabilities in a range of packages. The mbedtls package for Debian 11 LTS has been updated from version 2.16.9-0.1+deb11u2 to 2.16.9-0.1+deb11u3. This update addresses an incomplete fix from the previous version that permitted use-after-free vulnerabilities in specific scenarios. Furthermore, the firebird4.0 for Debian 13 and apache2 packages for Debian 9 ELTS have been upgraded to versions 4.0.5.3140.ds6-17+deb13u1 and 2.4.25-3+deb9u21 (stretch), respectively. These updates address several vulnerabilities that could lead to denial of service or authentication bypass.

[DLA 4274-2] mbedtls security update
[DSA 5992-1] firebird4.0 security update
ELA-1509-1 apache2 security update

Mbedtls, Firefox, Apache updates for Debian @ Linux Compatible