Debian GNU/Linux versions 11 (Bullseye) and 12 (Bookworm) have received significant security updates addressing vulnerabilities in various packages. Key updates include:
For Debian 11 (Bullseye):
- syslog-ng: Updates address a security issue with TLS wildcard matching, which could lead to man-in-the-middle attacks. Fixed in version 3.28.1-2+deb11u2.
- setuptools: A path traversal vulnerability was discovered that could allow unauthorized file writing, potentially leading to remote code execution. Fixed in version 52.0.0-4+deb11u2.
- python-tornado: A denial-of-service vulnerability was fixed that could result from improper handling of multipart form data. Updated to version 6.1.0-1+deb11u2.
- yelp-xsl and yelp: Both packages were updated to fix a vulnerability that allowed help documents to execute arbitrary scripts, potentially leading to data exfiltration. Updated to version 3.38.3-1+deb11u1.
For Debian 12 (Bookworm):
- net-tools: A regression fix was issued due to an issue with packet counters in the ifconfig tool. Additional buffer overflow vulnerabilities were also addressed in version 2.10-0.1+deb12u2.
- libvpx: A double-free vulnerability in the multimedia library could lead to denial of service or arbitrary code execution. Fixed in version 1.12.0-1+deb12u4.
- firefox-esr: Multiple vulnerabilities were found that could allow arbitrary code execution or cross-origin leaks, resolved with an update to version 128.11.0esr-1~deb12u1.
These updates emphasize the importance of keeping systems secure and up-to-date, as many vulnerabilities could be exploited by attackers. Users are strongly encouraged to upgrade their packages to the latest versions to mitigate these risks.
For more detailed information on the security status of each package and guidance on applying these updates, users can refer to the Debian security tracker and the Debian LTS wiki
For Debian 11 (Bullseye):
- syslog-ng: Updates address a security issue with TLS wildcard matching, which could lead to man-in-the-middle attacks. Fixed in version 3.28.1-2+deb11u2.
- setuptools: A path traversal vulnerability was discovered that could allow unauthorized file writing, potentially leading to remote code execution. Fixed in version 52.0.0-4+deb11u2.
- python-tornado: A denial-of-service vulnerability was fixed that could result from improper handling of multipart form data. Updated to version 6.1.0-1+deb11u2.
- yelp-xsl and yelp: Both packages were updated to fix a vulnerability that allowed help documents to execute arbitrary scripts, potentially leading to data exfiltration. Updated to version 3.38.3-1+deb11u1.
For Debian 12 (Bookworm):
- net-tools: A regression fix was issued due to an issue with packet counters in the ifconfig tool. Additional buffer overflow vulnerabilities were also addressed in version 2.10-0.1+deb12u2.
- libvpx: A double-free vulnerability in the multimedia library could lead to denial of service or arbitrary code execution. Fixed in version 1.12.0-1+deb12u4.
- firefox-esr: Multiple vulnerabilities were found that could allow arbitrary code execution or cross-origin leaks, resolved with an update to version 128.11.0esr-1~deb12u1.
These updates emphasize the importance of keeping systems secure and up-to-date, as many vulnerabilities could be exploited by attackers. Users are strongly encouraged to upgrade their packages to the latest versions to mitigate these risks.
For more detailed information on the security status of each package and guidance on applying these updates, users can refer to the Debian security tracker and the Debian LTS wiki
Syslog-NG, Setuptools, Net-Tools, and more updates for Debian
Debian GNU/Linux 11 and 12 have received several security updates, including syslog-ng, setuptools, python-tornado, net-tools regression, libvpx, yelp-xsl, yelp, and firefox-esr:
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4182-1] syslog-ng security update
[DLA 4183-1] setuptools security update
[DLA 4188-1] python-tornado security update
[DLA 4185-1] yelp-xsl security update
[DLA 4184-1] yelp security update
Debian GNU/Linux 12 (Bookworm):
[DSA 5923-2] net-tools regression update
[DSA 5928-1] libvpx security update
[DSA 5927-1] yelp security update
[DSA 5926-1] firefox-esr security updateSyslog-NG, Setuptools, Net-Tools, and more updates for Debian @ Linux Compatible
