Debian LTS Linux Security is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals.
Stay Vigilant with Timely Linux Security Advisories LinuxSecurity.com is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the commu
- Debian 11: DLA-4232-1 important: freeradius denial of serviceon June 26, 2025 at 2:37 pm
Several security vulnerabilities have been discovered in freeradius, a highly configurable RADIUS server.
- Debian 11: DLA-4231-1 critical: firefox-esr code execution issueson June 26, 2025 at 7:38 am
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
- Debian 11 DLA-4230-1 critical: xorg-server privilege escalationon June 25, 2025 at 10:20 am
Nils Emmerich discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged.
- Debian LTS DLA-4229-1 critical: commons-beanutils access control flawon June 25, 2025 at 8:49 am
commons-beanutils, utility for manipulating Java beans have an improper Access Control vulnerability. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers
- Debian 11: DLA-4228-1 urgent update for nginx request smuggling fixon June 24, 2025 at 5:11 pm
Two vulnerabilities were discovered in Nginx, a high-performance web and reverse proxy server, more precisely in ngx_http_lua_module, which embeds the Lua scripting language into Nginx. This could lead to request smuggling or contribute to cache poisoning and authentication
- Debian 11 DLA-4227-1 important: dcmtk remote code execution riskson June 24, 2025 at 2:11 pm
Multiple vulnerabilities were fixed in dcmtk an OFFIS DICOM toolkit. CVE-2022-2119/CVE-2022-2120
- Debian 11: DLA-4226-1 critical: dns-root-data DNSSEC trust anchoron June 23, 2025 at 2:55 pm
The dns-root-data package contains DNS root zone data as published by IANA to be used as initial source by DNS software. This release adds the DNSKEY record for the KSK-2024 trust anchor. This new key is planned for use starting October 2026, and the previous one (KSK-2017)
- Debian 11 DLA-4225-1 critical: gdk-pixbuf memory disclosure fixedon June 23, 2025 at 12:08 pm
Memory disclosure has been fixed in the GIF LZW Decoder of the GdkPixbuf image loading library. For Debian 11 bullseye, this problem has been fixed in version
- Debian 11: DLA-4224-1 important: node-send template injection fixedon June 23, 2025 at 10:25 am
Template injection that can lead to XSS has been fixed in node-send, a Node.js module for streaming files over HTTP. For Debian 11 bullseye, this problem has been fixed in version
