Debian GNU/Linux has released important security updates across various packages, including Thunderbird, Open-VM-Tools, and a new version of Wireless-Regdb. These updates apply to multiple versions of Debian, specifically the Extended LTS for Debian 9 (Stretch) and 10 (Buster), as well as the LTS for Debian 11 (Bullseye).
1. Thunderbird Security Update (DLA 4167-1):
- Affected Version: 1:128.10.1esr-1~deb11u1
- CVE Identifiers: A total of nine CVEs (CVE-2025-2817, CVE-2025-4082, CVE-2025-4083, CVE-2025-4084, CVE-2025-4087, CVE-2025-4091, CVE-2025-4093, CVE-2025-3875, CVE-2025-3877, CVE-2025-3909, CVE-2025-3932) were reported, indicating multiple security vulnerabilities that could lead to arbitrary code execution or information disclosure. Users are advised to upgrade their Thunderbird packages to mitigate these risks.
2. Open-VM-Tools Security Update (ELA-1427-1):
- Affected Versions: 2:10.1.5-5055683-4+deb9u7 (Stretch), 2:10.3.10-1+deb10u7 (Buster)
- CVE Identifier: CVE-2025-22247 highlights an insecure file handling vulnerability that could allow unprivileged local guest users to manipulate files and trigger insecure operations. This update is crucial for maintaining the integrity of virtual machines.
3. Wireless-Regdb Update (DLA 4171-1):
- Affected Version: 2025.02.20-1~deb11u1
- This update incorporates changes to radio regulations across various countries. It is important for ensuring compliance with local wireless communication laws.
For more information, users can consult the Debian wiki on LTS security advisories and the security tracker pages for specific packages
Security Updates Overview:
1. Thunderbird Security Update (DLA 4167-1):
- Affected Version: 1:128.10.1esr-1~deb11u1
- CVE Identifiers: A total of nine CVEs (CVE-2025-2817, CVE-2025-4082, CVE-2025-4083, CVE-2025-4084, CVE-2025-4087, CVE-2025-4091, CVE-2025-4093, CVE-2025-3875, CVE-2025-3877, CVE-2025-3909, CVE-2025-3932) were reported, indicating multiple security vulnerabilities that could lead to arbitrary code execution or information disclosure. Users are advised to upgrade their Thunderbird packages to mitigate these risks.
2. Open-VM-Tools Security Update (ELA-1427-1):
- Affected Versions: 2:10.1.5-5055683-4+deb9u7 (Stretch), 2:10.3.10-1+deb10u7 (Buster)
- CVE Identifier: CVE-2025-22247 highlights an insecure file handling vulnerability that could allow unprivileged local guest users to manipulate files and trigger insecure operations. This update is crucial for maintaining the integrity of virtual machines.
3. Wireless-Regdb Update (DLA 4171-1):
- Affected Version: 2025.02.20-1~deb11u1
- This update incorporates changes to radio regulations across various countries. It is important for ensuring compliance with local wireless communication laws.
Recommendations:
Users are encouraged to apply these updates to enhance their system's security. Detailed guidance on applying the updates and additional information regarding the security status of each package can be found on the official Debian LTS security advisory pages.Conclusion:
These updates reflect Debian's commitment to maintaining a secure operating environment for its users by addressing vulnerabilities promptly. Regularly updating software and monitoring security advisories are essential practices for all Debian users to safeguard their systems against potential threats.For more information, users can consult the Debian wiki on LTS security advisories and the security tracker pages for specific packages
Thunderbird, Open-VM-Tools, Wireless-Regdb updates for Debian
Debian GNU/Linux has been updated with various security enhancements, including the Thunderbird security update, open-vm-tools security update, and a new upstream version of wireless-regdb:
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1427-1 open-vm-tools security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4167-1] thunderbird security update
[DLA 4171-1] wireless-regdb new upstream versionThunderbird, Open-VM-Tools, Wireless-Regdb updates for Debian @ Linux Compatible
