Debian GNU/Linux has recently released important security updates for three packages: Vips, Xrdp, and Thunderbird, addressing various vulnerabilities that could compromise the security of users' systems.
1. Vips Security Update (ELA-1421-1):
- Affected Version: vips 8.7.4-1+deb10u2 (Debian 10 ELTS)
- Related CVE: CVE-2021-27847
- Issue: Division by zero issues were found in functions `vips_eye_point()` and `vips_mask_point()`, which could potentially lead to denial of service.
2. Xrdp Security Update (DLA 4166-1):
- Affected Version: xrdp 0.9.21.1-1~deb11u2 (Debian 11 LTS)
- Related CVEs: CVE-2023-40184, CVE-2023-42822, CVE-2024-39917
- Issues:
- CVE-2023-40184: Improper handling of session establishment errors can bypass OS-level session restrictions.
- CVE-2023-42822: Lack of bounds-checking on font glyph access can lead to out-of-bounds reads, creating a potential security risk.
- CVE-2024-39917: A vulnerability allowing an unlimited number of login attempts, undermining the configured max login attempts.
3. Thunderbird Security Update (DSA 5921-1):
- Affected Version: thunderbird 1:128.10.1esr-1~deb12u1 (Debian 12)
- Related CVEs: CVE-2025-3875, CVE-2025-3877, CVE-2025-3909, CVE-2025-3932
- Issues: Multiple vulnerabilities were found that could lead to email spoofing, execution of JavaScript, or information disclosure.
Users are encouraged to upgrade these packages to mitigate the risks associated with these vulnerabilities. The security advisories provide detailed information on the nature of each vulnerability and instructions for applying the updates.
For additional guidance on maintaining security within Debian systems, users can refer to the Debian LTS and Security Advisories pages, which offer comprehensive resources and FAQs regarding updates and security practices.
In conclusion, staying up-to-date with security patches is essential for safeguarding systems from potential attacks. Users should regularly monitor Debian's security advisories to ensure their software remains secure and resilient against emerging threats
1. Vips Security Update (ELA-1421-1):
- Affected Version: vips 8.7.4-1+deb10u2 (Debian 10 ELTS)
- Related CVE: CVE-2021-27847
- Issue: Division by zero issues were found in functions `vips_eye_point()` and `vips_mask_point()`, which could potentially lead to denial of service.
2. Xrdp Security Update (DLA 4166-1):
- Affected Version: xrdp 0.9.21.1-1~deb11u2 (Debian 11 LTS)
- Related CVEs: CVE-2023-40184, CVE-2023-42822, CVE-2024-39917
- Issues:
- CVE-2023-40184: Improper handling of session establishment errors can bypass OS-level session restrictions.
- CVE-2023-42822: Lack of bounds-checking on font glyph access can lead to out-of-bounds reads, creating a potential security risk.
- CVE-2024-39917: A vulnerability allowing an unlimited number of login attempts, undermining the configured max login attempts.
3. Thunderbird Security Update (DSA 5921-1):
- Affected Version: thunderbird 1:128.10.1esr-1~deb12u1 (Debian 12)
- Related CVEs: CVE-2025-3875, CVE-2025-3877, CVE-2025-3909, CVE-2025-3932
- Issues: Multiple vulnerabilities were found that could lead to email spoofing, execution of JavaScript, or information disclosure.
Users are encouraged to upgrade these packages to mitigate the risks associated with these vulnerabilities. The security advisories provide detailed information on the nature of each vulnerability and instructions for applying the updates.
For additional guidance on maintaining security within Debian systems, users can refer to the Debian LTS and Security Advisories pages, which offer comprehensive resources and FAQs regarding updates and security practices.
In conclusion, staying up-to-date with security patches is essential for safeguarding systems from potential attacks. Users should regularly monitor Debian's security advisories to ensure their software remains secure and resilient against emerging threats
Vips, Xrdp, Thunderbird updates for Debian
Debian GNU/Linux has been updated with three security updates: Vips for Debian 10 ELTS, Xrdp for Debian 11 LTS, and Thunderbird for Debian 12:
ELA-1421-1 vips security update
[DLA 4166-1] xrdp security update
[DSA 5921-1] thunderbird security updateVips, Xrdp, Thunderbird updates for Debian @ Linux Compatible
