Debian GNU/Linux has recently released security updates for two important packages: WebKit2GTK for Debian 11 LTS and Firefox-ESR for Debian 12 and 13. These updates address multiple vulnerabilities that could compromise user security and system stability.
Release Date: August 20, 2025
Version: 2.48.5-1~deb11u1
A series of vulnerabilities have been identified in the WebKitGTK web engine, including potential crashes, memory corruption, denial-of-service attacks, and even the risk of sensitive information disclosure. The specific CVEs addressed include:
- CVE-2025-6558: Malicious web content may cause crashes.
- CVE-2025-31273 and CVE-2025-31278: Memory corruption risks from maliciously crafted content.
- CVE-2025-43211: Denial-of-service risks.
- CVE-2025-43227: Possible disclosure of sensitive user information.
- CVE-2025-43228: Address bar spoofing risks.
Users are advised to upgrade their WebKit2GTK packages to strengthen security.
Release Date: August 20, 2025
Versions:
- Debian 12: 128.14.0esr-1~deb12u1
- Debian 13: 128.14.0esr-1~deb13u1
Multiple security vulnerabilities were found in Mozilla Firefox, which could allow for arbitrary code execution, sandbox escapes, or bypassing the same-origin policy. Users are strongly encouraged to update their Firefox-ESR packages to mitigate these risks.
WebKit2GTK Security Update
Advisory: [DLA 4276-1](https://www.debian.org/lts/security/)Release Date: August 20, 2025
Version: 2.48.5-1~deb11u1
A series of vulnerabilities have been identified in the WebKitGTK web engine, including potential crashes, memory corruption, denial-of-service attacks, and even the risk of sensitive information disclosure. The specific CVEs addressed include:
- CVE-2025-6558: Malicious web content may cause crashes.
- CVE-2025-31273 and CVE-2025-31278: Memory corruption risks from maliciously crafted content.
- CVE-2025-43211: Denial-of-service risks.
- CVE-2025-43227: Possible disclosure of sensitive user information.
- CVE-2025-43228: Address bar spoofing risks.
Users are advised to upgrade their WebKit2GTK packages to strengthen security.
Firefox-ESR Security Update
Advisory: [DSA 5980-1](https://www.debian.org/security/)Release Date: August 20, 2025
Versions:
- Debian 12: 128.14.0esr-1~deb12u1
- Debian 13: 128.14.0esr-1~deb13u1
Multiple security vulnerabilities were found in Mozilla Firefox, which could allow for arbitrary code execution, sandbox escapes, or bypassing the same-origin policy. Users are strongly encouraged to update their Firefox-ESR packages to mitigate these risks.
Recommendations
For both WebKit2GTK and Firefox-ESR, users should upgrade to the latest versions provided in the updates to ensure their systems are protected against the identified vulnerabilities. Detailed information on security statuses and how to apply these updates can be found on the respective security tracker pages for [WebKit2GTK](https://security-tracker.debian.org/tracker/webkit2gtk) and [Firefox-ESR](https://security-tracker.debian.org/tracker/firefox-esr).Conclusion
Regular updates are crucial for maintaining the security and stability of the Debian GNU/Linux system. Users should stay informed about security advisories and promptly apply updates to safeguard their systems against potential threats. Additionally, the Debian community provides resources and documentation to assist users in managing these updates effectivelyWebKit2GTK and Firefox updates for Debian
Debian GNU/Linux has received two new security updates: WebKit2GTK for Debian 11 LTS and Firefox-ESR for Debian 12 and 13:
[DLA 4276-1] webkit2gtk security update
[DSA 5980-1] firefox-esr security updateWebKit2GTK and Firefox updates for Debian @ Linux Compatible
