Debian GNU/Linux has recently announced critical security updates for several key packages, including Twitter-Bootstrap3, Kitty, LibreOffice, and Tcpdf, aimed at improving system security for users of Debian 11 and Debian 12.
1. Twitter-Bootstrap3 Update: The update addresses a cross-site scripting (XSS) vulnerability in the Popover and Tooltip components, which could allow the use of unsanitized HTML. Users are encouraged to upgrade to version 3.4.1+dfsg-2+deb11u2 to mitigate risks associated with CVE-2025-1647.
2. Kitty Update: This update resolves a potential arbitrary code execution vulnerability (CVE-2022-41322) linked to insufficient validation in the desktop notification escape sequence. The fix is included in version 0.19.3-1+deb11u1, and users are advised to upgrade.
3. LibreOffice Update: Several vulnerabilities have been identified, including issues that could allow arbitrary macro calls via specially constructed links (CVE-2025-1080) and PDF signature spoofing (CVE-2025-2866). The recommended version to upgrade to is 1:7.0.4-4+deb11u13.
4. Tcpdf Update: This update addresses multiple vulnerabilities that could lead to denial of service, cross-site scripting, or information disclosure. Users should upgrade to version 6.6.2+dfsg1-1+deb12u1 for enhanced security.
The advisories provide links to the security tracker pages for each package, where users can find detailed information on the vulnerabilities and the recommended actions. For more information about applying these updates and additional security measures, users can visit the Debian LTS and security advisories pages.
Overall, these updates reflect the ongoing commitment of the Debian community to maintain a secure operating environment for its users, emphasizing the importance of keeping software up-to-date to protect against potential threats. Users are strongly encouraged to apply these updates promptly to ensure their systems remain secure
1. Twitter-Bootstrap3 Update: The update addresses a cross-site scripting (XSS) vulnerability in the Popover and Tooltip components, which could allow the use of unsanitized HTML. Users are encouraged to upgrade to version 3.4.1+dfsg-2+deb11u2 to mitigate risks associated with CVE-2025-1647.
2. Kitty Update: This update resolves a potential arbitrary code execution vulnerability (CVE-2022-41322) linked to insufficient validation in the desktop notification escape sequence. The fix is included in version 0.19.3-1+deb11u1, and users are advised to upgrade.
3. LibreOffice Update: Several vulnerabilities have been identified, including issues that could allow arbitrary macro calls via specially constructed links (CVE-2025-1080) and PDF signature spoofing (CVE-2025-2866). The recommended version to upgrade to is 1:7.0.4-4+deb11u13.
4. Tcpdf Update: This update addresses multiple vulnerabilities that could lead to denial of service, cross-site scripting, or information disclosure. Users should upgrade to version 6.6.2+dfsg1-1+deb12u1 for enhanced security.
The advisories provide links to the security tracker pages for each package, where users can find detailed information on the vulnerabilities and the recommended actions. For more information about applying these updates and additional security measures, users can visit the Debian LTS and security advisories pages.
Overall, these updates reflect the ongoing commitment of the Debian community to maintain a secure operating environment for its users, emphasizing the importance of keeping software up-to-date to protect against potential threats. Users are strongly encouraged to apply these updates promptly to ensure their systems remain secure
Twitter-Bootstrap3, Kitty, LibreOffice, Tcpdf updates for Debian
Debian GNU/Linux has been updated with several security enhancements, including updates for Twitter-bootstrap3, Kitty, and LibreOffice for Debian 11, and Tcpdf for Debian 12:
[DLA 4204-1] twitter-bootstrap3 security update
[DLA 4203-1] kitty security update
[DLA 4205-1] libreoffice security update
[DSA 5933-1] tcpdf security updateTwitter-Bootstrap3, Kitty, LibreOffice, Tcpdf updates for Debian @ Linux Compatible
