Debian GNU/Linux has recently released a range of critical security updates for various packages including Varnish, Firefox, Modsecurity, and others. The updates affect several Debian versions: 8 (Jessie), 9 (Stretch), 10 (Buster), and 11 (Bullseye), as well as the latest 12 (Bookworm).

Notable updates include:

- Varnish: A security vulnerability related to client-side desynchronization was identified and has been resolved in version 6.5.1-1+deb11u5, addressing issues with chunked transfer encoding that allowed request smuggling.

- Firefox-ESR: Multiple vulnerabilities have been fixed, which could lead to arbitrary code execution or cross-origin leaks, with the latest version being 128.11.0esr-1~deb11u1.

- Modsecurity-Apache: A denial-of-service vulnerability has been patched in version 2.9.3-3+deb11u3, enhancing web application security.

- Systemd: Issues regarding potential information leaks from crashed SUID processes were addressed, with fixes included in version 252.38-1~deb12u1.

- Linux Kernel: Version 6.1.137-1~deb11u1 contains fixes for a multitude of vulnerabilities that could lead to privilege escalation, denial of service, or information leaks.

- Libavif and Chromium: Both packages have also received updates to mitigate various security risks, including potential arbitrary code execution.

The Debian security team strongly recommends that users upgrade to the latest versions of these packages to ensure their systems are protected against known vulnerabilities. Detailed information about each advisory, including CVE identifiers, can be found on the Debian security tracker pages.

For users looking to maintain the security of their Debian systems, it is advised to regularly check for updates and consult the Debian LTS and security advisories for the latest information on vulnerabilities and fixes. Additionally, practices such as disabling unnecessary features, regular system audits, and employing best security practices are recommended to enhance system security further

Varnish, Firefox, Modsecurity, and more updates for Debian

Debian GNU/Linux has received several security updates, including varnish, php-twig, webpy, yelp, linux-6.1, systemd, firefox-esr, mydumper, libavif, chromium, and modsecurity-apache.

Debian GNU/Linux 8 (Jessie), 9 (Stretch), and 10 (Buster) Extended LTS:
ELA-1441-1 modsecurity-apache security update

Debian GNU/Linux 9 (Stretch) Extended LTS:
ELA-1440-1 webpy security update

Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1438-1 yelp security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4187-1] varnish security update
[DLA 4186-1] php-twig security update
[DLA 4189-1] webpy security update
[DLA 4193-1] linux-6.1 security update
[DLA 4192-1] modsecurity-apache security update
[DLA 4191-1] firefox-esr security update
[DLA 4190-1] mydumper security update

Debian GNU/Linux 12 (Bookworm):
[DSA 5931-1] systemd security update
[DSA 5930-1] libavif security update
[DSA 5929-1] chromium security update

Varnish, Firefox, Modsecurity, and more updates for Debian @ Linux Compatible