Debian LTS Linux Security is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals.
Stay Vigilant with Timely Linux Security Advisories LinuxSecurity.com is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the commu
- Debian LTS: DLA-4123-1 Moderate: wpa Security Risks Addressedon April 12, 2025 at 7:58 pm
Multiple vulnerabilities were found in wpa, a set of tools including the widely-used wpasupplicant client for authenticating with WPA and WPA2 wireless networks.
- Critical Update for Debian 11: DLA-4122-1 Addresses libbssolv-perl Bugon April 9, 2025 at 9:02 am
This update includes an upstream patch to accept “0” as a valid epoch in Debian packages processed by BSSolv. This fixes a bug that prevents the Open Build Service backend from working
- Debian 11: DLA-4119-1 critical: lemonldap-ng input validation issueon April 8, 2025 at 4:47 pm
lemonldap-ng is a powerful SSO solution that implement OpenID-Connect, SAML, CAS,… An input validation vulnerability (XSS) has been identified when using the “Choice” module. It permit to introduce HTML code into login page, and if the default Content-Security-Policy headers
- Debian 11: DLA-4121-1 moderate: phpMyAdmin XSS security updateon April 8, 2025 at 3:22 pm
Multiple XSS vulnerabilities have been fixed in phpMyAdmin, an administration tool for MySQL and MariaDB databases. CVE-2023-25727
- Debian LTS: DLA-4120-1 Critical Update for libnet-easytcp-perlon April 8, 2025 at 7:35 am
Net::EasyTCP Perl module includes encryption functionality that requires a secure random number generator. Until and including the version 0.26, this module used a random number generator without any such guarantees. The reason for this was that it relied on Crypt::Random, a Perl module
- Debian 11: DLA-4118-1 critical: ghostscript buffer overflow issueson April 7, 2025 at 8:45 pm
Multiple vulnerabilities have been fixed in the PostScript/PDF interpreter Ghostscript. CVE-2025-27830
- Debian 11: DLA-4116-1 critical update for abseil heap overflow issueon April 5, 2025 at 2:32 pm
A vulnerability has been found in abseil, a collection of open-source C++ libraries that extend the C++ standard library, which might cause an heap buffer overflow.
- Debian 11 DLA-4115-1 critical: ruby-saml authentication bypass and DoSon April 4, 2025 at 11:21 pm
Multiple vulnerabilities have been detected in ruby-saml, a library for implementing the client side of a SAML authorization. CVE-2025-25291 and CVE-2025-25292
- Debian 11: DLA-4106-2 Low Security Update for Jetty9 Regressionon April 4, 2025 at 10:48 pm
The security update DLA-4106-1 for jetty9 incorrectly required an unavailable dependency on sysvinit-utils >= 3.05 when installing the jetty9 binary package. This issue has been addressed by reverting back to requiring only the lsb-base binary package.
