1. Firefox-ESR has been updated to version 140.3.1, resolving connection issues with certain websites, particularly relating to HTTP/3 connections. This update is available for both the oldstable distribution (Bullseye) and stable distribution (Trixie).
2. GIMP has been updated to version 3.0.4-3+deb13u1, which addresses multiple vulnerabilities (CVE IDs: CVE-2025-10920, CVE-2025-10922, CVE-2025-10923, CVE-2025-10924) that could lead to denial of service or arbitrary code execution when processing malformed image files.
3. Node-Tar-FS has received updates across different versions for Debian 11 (Bullseye), 12 (Bookworm), and 13 (Trixie) to version 2.1.3-0+deb11u2, 2.1.3-0+deb12u2, and 3.0.9+~cs2.0.4-1+deb13u1, respectively. This update fixes a symlink validation bypass vulnerability (CVE-2025-59343) that could be exploited if the destination directory was predictable.
For users of Debian GNU/Linux:
- Debian 11 (Bullseye LTS): Node-Tar-FS security update (DLA 4313-1).
- Debian 12 (Bookworm): Firefox-ESR update (DSA 6003-2) and Node-Tar-FS security update (DSA 6013-1).
- Debian 13 (Trixie): Firefox-ESR update (DSA 6003-2), Node-Tar-FS security update (DSA 6013-1), and GIMP security update (DSA 6014-1).
Users are strongly encouraged to upgrade their respective packages to ensure their systems remain secure. Detailed security statuses for each package are available on their respective security tracker pages on the Debian website.
In conclusion, it is vital for all Debian users to stay informed about security advisories and apply updates promptly. Regularly checking for updates and understanding the implications of security vulnerabilities can significantly enhance the security posture of systems running Debian. Additionally, community resources and forums can provide valuable support for users navigating these updates
Node-Tar-FS, Firefox-ESR, GIMP updates for Debian
Debian Security Advisories have been released to address security vulnerabilities in several packages. Firefox-esr has been updated to version 140.3.1 to fix connection errors with some sites, while GIMP has been updated to version 3.0.4-3+deb13u1 to prevent denial of service or arbitrary code execution from malformed images. Node-tar-fs has also been updated to versions 2.1.3-0+deb11u2, 2.1.3-0+deb12u2, and 3.0.9+~cs2.0.4-1+deb13u1 for the same reason, with a specific tarball allowing symlink validation bypass if the destination directory is predictable.
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4313-1] node-tar-fs security update
Debian GNU/Linux 12 (Bookworm) and 13 (Trixie):
[DSA 6003-2] firefox-esr update
[DSA 6013-1] node-tar-fs security update
Debian GNU/Linux 13 (Trixie):
[DSA 6014-1] gimp security updateNode-Tar-FS, Firefox-ESR, GIMP updates for Debian @ Linux Compatible
