Debian GNU/Linux has announced critical security updates for several packages, including OpenJDK, Firefox ESR, and MediaWiki, affecting both the Bullseye (Debian 11) and Bookworm (Debian 12) versions.
For Debian 11 (Bullseye):
- OpenJDK 11 has received a security update (DLA-4248-1) to address multiple vulnerabilities (CVE-2025-30749, CVE-2025-30754, CVE-2025-30761, CVE-2025-50059, CVE-2025-50106) that could lead to denial of service and information disclosure. The fixed version is 11.0.28+6-1~deb11u1.
- MediaWiki also received a security update (DLA-4249-1) fixing various issues (CVE-2025-3469, CVE-2025-6590, CVE-2025-6591, CVE-2025-6593, CVE-2025-6594, CVE-2025-6595, CVE-2025-6597, CVE-2025-6926, CVE-2025-32072, CVE-2025-32696, CVE-2025-32698, CVE-2025-32699) that could lead to information disclosure or privilege escalation, with the new version being 1:1.35.13-1+deb11u4.
For Debian 12 (Bookworm):
- Firefox ESR has been updated with a new version (128.13.0esr-1~deb12u1) to address multiple security vulnerabilities (CVE-2025-8027 through CVE-2025-8035) that could allow the execution of arbitrary code.
Users are encouraged to upgrade their respective packages to ensure their systems remain secure. For more detailed information regarding the vulnerabilities and the recommended actions, users can refer to the security tracker pages for each package.
In addition to these updates, it's important for users to regularly monitor security advisories and apply updates promptly to maintain system integrity and protect against potential threats. Keeping software up to date is a crucial aspect of cybersecurity best practices. Furthermore, users should consider implementing additional security measures, such as firewalls and intrusion detection systems, to further safeguard their environments. Regular audits and assessments can also help in identifying vulnerabilities before they can be exploited
For Debian 11 (Bullseye):
- OpenJDK 11 has received a security update (DLA-4248-1) to address multiple vulnerabilities (CVE-2025-30749, CVE-2025-30754, CVE-2025-30761, CVE-2025-50059, CVE-2025-50106) that could lead to denial of service and information disclosure. The fixed version is 11.0.28+6-1~deb11u1.
- MediaWiki also received a security update (DLA-4249-1) fixing various issues (CVE-2025-3469, CVE-2025-6590, CVE-2025-6591, CVE-2025-6593, CVE-2025-6594, CVE-2025-6595, CVE-2025-6597, CVE-2025-6926, CVE-2025-32072, CVE-2025-32696, CVE-2025-32698, CVE-2025-32699) that could lead to information disclosure or privilege escalation, with the new version being 1:1.35.13-1+deb11u4.
For Debian 12 (Bookworm):
- Firefox ESR has been updated with a new version (128.13.0esr-1~deb12u1) to address multiple security vulnerabilities (CVE-2025-8027 through CVE-2025-8035) that could allow the execution of arbitrary code.
Users are encouraged to upgrade their respective packages to ensure their systems remain secure. For more detailed information regarding the vulnerabilities and the recommended actions, users can refer to the security tracker pages for each package.
In addition to these updates, it's important for users to regularly monitor security advisories and apply updates promptly to maintain system integrity and protect against potential threats. Keeping software up to date is a crucial aspect of cybersecurity best practices. Furthermore, users should consider implementing additional security measures, such as firewalls and intrusion detection systems, to further safeguard their environments. Regular audits and assessments can also help in identifying vulnerabilities before they can be exploited
OpenJDK, Mediawiki, Firefox updates for Debian
Debian GNU/Linux has received security updates for openjdk-11, firefox-esr, and mediawiki.
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4248-1] openjdk-11 security update
[DLA 4249-1] mediawiki security update
Debian GNU/Linux 12 (Bookworm):
[DSA 5964-1] firefox-esr security updateOpenJDK, Mediawiki, Firefox updates for Debian @ Linux Compatible
