Debian GNU/Linux 12 (Bookworm) has released two important security updates addressing vulnerabilities in the Ring and MediaWiki applications.
The first update, noted in Debian Security Advisory DSA-5956-1, pertains to the Ring application. This update addresses a buffer overflow vulnerability linked to an embedded version of pjproject, which affects applications utilizing the PJSIP DNS resolver. Users are advised to upgrade to version 20230206.0~ds2-1.1+deb12u1 to mitigate these security risks. More information is available on the security tracker page for Ring.
The second advisory, DSA-5957-1, concerns MediaWiki, a platform used for collaborative website development. Multiple security vulnerabilities have been identified, including issues that could lead to cross-site scripting, information disclosure, HTML injection, and errors in tracking authentication events. These vulnerabilities are cataloged under various CVE IDs (CVE-2025-6590, CVE-2025-6591, CVE-2025-6593, CVE-2025-6594, CVE-2025-6595, CVE-2025-6597, CVE-2025-6926, and CVE-2025-32072). Users should upgrade to version 1:1.39.13-1~deb12u1 to secure their installations. Detailed security information for MediaWiki can also be found on its respective security tracker page.
For both updates, users are encouraged to consult the Debian Security Advisories for guidance on applying these updates and for answers to frequently asked questions related to system security.
As an extension, it's crucial for Debian users to regularly check for security updates and apply them promptly to protect their systems from vulnerabilities. Keeping applications up to date not only helps in maintaining security but also ensures that users benefit from the latest features and performance improvements. Additionally, users can subscribe to Debian's security mailing list or follow official channels to stay informed about upcoming patches and advisories
The first update, noted in Debian Security Advisory DSA-5956-1, pertains to the Ring application. This update addresses a buffer overflow vulnerability linked to an embedded version of pjproject, which affects applications utilizing the PJSIP DNS resolver. Users are advised to upgrade to version 20230206.0~ds2-1.1+deb12u1 to mitigate these security risks. More information is available on the security tracker page for Ring.
The second advisory, DSA-5957-1, concerns MediaWiki, a platform used for collaborative website development. Multiple security vulnerabilities have been identified, including issues that could lead to cross-site scripting, information disclosure, HTML injection, and errors in tracking authentication events. These vulnerabilities are cataloged under various CVE IDs (CVE-2025-6590, CVE-2025-6591, CVE-2025-6593, CVE-2025-6594, CVE-2025-6595, CVE-2025-6597, CVE-2025-6926, and CVE-2025-32072). Users should upgrade to version 1:1.39.13-1~deb12u1 to secure their installations. Detailed security information for MediaWiki can also be found on its respective security tracker page.
For both updates, users are encouraged to consult the Debian Security Advisories for guidance on applying these updates and for answers to frequently asked questions related to system security.
As an extension, it's crucial for Debian users to regularly check for security updates and apply them promptly to protect their systems from vulnerabilities. Keeping applications up to date not only helps in maintaining security but also ensures that users benefit from the latest features and performance improvements. Additionally, users can subscribe to Debian's security mailing list or follow official channels to stay informed about upcoming patches and advisories
Ring and Mediawiki updates for Debian 12
Debian GNU/Linux 12 (Bookworm) has been updated with two security updates:
[DSA 5956-1] ring security update
[DSA 5957-1] mediawiki security update
