Debian GNU/Linux Extended LTS has released important security updates for several key packages, namely Varnish, LibreOffice, and U-Boot, addressing various vulnerabilities that could be exploited by attackers.
Varnish Security Update (ELA-1457-1)
- Package: Varnish
- Version: 6.1.1-1+deb10u5 (buster)
- Related CVEs: CVE-2025-30346, CVE-2025-47905
This update addresses two client-side desynchronization vulnerabilities that could lead to HTTP request smuggling attacks, which may allow attackers to poison the cache or bypass web application firewalls.
LibreOffice Security Update (ELA-1460-1)
- Package: LibreOffice
- Versions: 1:6.1.5-3+deb9u7 (stretch), 1:6.1.5-3+deb10u16 (buster)
- Related CVEs: CVE-2025-1080, CVE-2025-2866
This update fixes multiple vulnerabilities in LibreOffice, a widely used office productivity suite. Notably, it addresses issues with Office URI Schemes that could allow execution of arbitrary macros and a flaw that could permit PDF signature spoofing due to improper cryptographic validation.
U-Boot Security Update (ELA-1459-1)
- Package: U-Boot
- Versions: 2016.11+dfsg1-4+deb9u1 (stretch), 2019.01+dfsg-7+deb10u1 (buster)
- Related CVEs: Numerous, including CVE-2019-13103, CVE-2022-34835, CVE-2024-57258, among others.
This update addresses multiple vulnerabilities found in U-Boot, a popular boot loader for embedded systems. The vulnerabilities include potential stack overflows, unbounded memory operations, and issues that could allow attackers to bypass boot verification and execute arbitrary code.
Varnish Security Update (ELA-1457-1)
- Package: Varnish
- Version: 6.1.1-1+deb10u5 (buster)
- Related CVEs: CVE-2025-30346, CVE-2025-47905
This update addresses two client-side desynchronization vulnerabilities that could lead to HTTP request smuggling attacks, which may allow attackers to poison the cache or bypass web application firewalls.
LibreOffice Security Update (ELA-1460-1)
- Package: LibreOffice
- Versions: 1:6.1.5-3+deb9u7 (stretch), 1:6.1.5-3+deb10u16 (buster)
- Related CVEs: CVE-2025-1080, CVE-2025-2866
This update fixes multiple vulnerabilities in LibreOffice, a widely used office productivity suite. Notably, it addresses issues with Office URI Schemes that could allow execution of arbitrary macros and a flaw that could permit PDF signature spoofing due to improper cryptographic validation.
U-Boot Security Update (ELA-1459-1)
- Package: U-Boot
- Versions: 2016.11+dfsg1-4+deb9u1 (stretch), 2019.01+dfsg-7+deb10u1 (buster)
- Related CVEs: Numerous, including CVE-2019-13103, CVE-2022-34835, CVE-2024-57258, among others.
This update addresses multiple vulnerabilities found in U-Boot, a popular boot loader for embedded systems. The vulnerabilities include potential stack overflows, unbounded memory operations, and issues that could allow attackers to bypass boot verification and execute arbitrary code.
Conclusion
These updates are crucial for maintaining the security integrity of systems running Debian GNU/Linux, especially in environments where these applications are critical. Users are strongly advised to apply these updates promptly to protect against potential exploits that could compromise system security. Regular monitoring and updating of software packages remain essential best practices in cybersecurityVarnish, LibreOffice, U-Boot updates for Debian ELTS
Debian GNU/Linux Extended LTS has been updated with security patches, including for Varnish, LibreOffice, and U-Boot:
ELA-1457-1 varnish security update
ELA-1460-1 libreoffice security update
ELA-1459-1 u-boot security updateVarnish, LibreOffice, U-Boot updates for Debian ELTS @ Linux Compatible
