Debian GNU/Linux has recently released several important security updates for key packages including Python Django, ModSecurity for Apache, Twitter Bootstrap 3, and CURL. These updates are part of the Extended Long Term Support (LTS) for Debian versions 8 (Jessie), 9 (Stretch), 10 (Buster), and the current LTS version 11 (Bullseye).
1. CURL Security Update:
- Debian 8 (Jessie) received an update for CURL under advisory ELA-1455-1, addressing vulnerabilities that include a path traversal issue (CVE-2023-27534) and others affecting the integrity of the transfer process.
2. Twitter Bootstrap 3 Security Update:
- Under advisory ELA-1454-1, vulnerabilities in Twitter Bootstrap 3 were addressed across multiple Debian versions. A significant cross-site scripting (XSS) vulnerability was identified in the Popover and Tooltip components, allowing unsanitized HTML, which may require application rebuilds if bootstrap is used via a module bundler.
3. ModSecurity for Apache Update:
- Advisory ELA-1453-1 highlights a denial-of-service (DoS) vulnerability fixed in ModSecurity, crucial for enhancing web application security on Apache servers. This was also applied to the latest version in Debian 11 (Bullseye).
4. Python Django Security Update:
- Advisory DLA-4210-1 details multiple vulnerabilities fixed in Python Django, including potential log injection (CVE-2025-48432) and several denial-of-service vulnerabilities that could be exploited through specific inputs. Users are advised to upgrade to version 2:2.2.28-1~deb11u7 to mitigate these risks.
Key Updates:
1. CURL Security Update:
- Debian 8 (Jessie) received an update for CURL under advisory ELA-1455-1, addressing vulnerabilities that include a path traversal issue (CVE-2023-27534) and others affecting the integrity of the transfer process.
2. Twitter Bootstrap 3 Security Update:
- Under advisory ELA-1454-1, vulnerabilities in Twitter Bootstrap 3 were addressed across multiple Debian versions. A significant cross-site scripting (XSS) vulnerability was identified in the Popover and Tooltip components, allowing unsanitized HTML, which may require application rebuilds if bootstrap is used via a module bundler.
3. ModSecurity for Apache Update:
- Advisory ELA-1453-1 highlights a denial-of-service (DoS) vulnerability fixed in ModSecurity, crucial for enhancing web application security on Apache servers. This was also applied to the latest version in Debian 11 (Bullseye).
4. Python Django Security Update:
- Advisory DLA-4210-1 details multiple vulnerabilities fixed in Python Django, including potential log injection (CVE-2025-48432) and several denial-of-service vulnerabilities that could be exploited through specific inputs. Users are advised to upgrade to version 2:2.2.28-1~deb11u7 to mitigate these risks.
Recommendations:
- Users of Debian are encouraged to promptly apply these updates to safeguard their systems against the identified vulnerabilities. Detailed security statuses and instructions for applying these updates can be found on the Debian security tracker and LTS wiki pages.Conclusion:
Maintaining up-to-date software is critical for security and stability. The latest updates for CURL, Twitter Bootstrap 3, ModSecurity, and Python Django reinforce the importance of vigilance in software management in the Debian ecosystem. Users should regularly check for updates and apply them to protect their systems from potential threatsPython-Django, ModSecurity-Apache, Twitter-Bootstrap3, CURL updates for Debian
Debian GNU/Linux has received several security updates, including python-django, modsecurity-apache, twitter-bootstrap3, and curl:
Debian GNU/Linux 8 (Jessie) Extended LTS:
ELA-1455-1 curl security update
Debian GNU/Linux 8 (Jessie), 9 (Stretch), and 10 (Buster) Extended LTS:
ELA-1454-1 twitter-bootstrap3 security update
ELA-1453-1 modsecurity-apache security update
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1068-2 curl regression update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4210-1] python-django security update
[DLA 4212-1] modsecurity-apache security updatePython-Django, ModSecurity-Apache, Twitter-Bootstrap3, CURL updates for Debian @ Linux Compatible
