Debian LTS Linux Security is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals.
Stay Vigilant with Timely Linux Security Advisories LinuxSecurity.com is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the commu
- Debian 11 python3.9 Critical UAF CVE-2026-6100 DLA-4532-1
on April 15, 2026 at 11:26 pmIt was found that the patches for CVE-2025-15366 and CVE-2025-15367 break backward compatibility, and upstream decided not to backport those patches to older Python releases. Therefore those 2 patches, applied in the previous version (python3.9 3.9.2-1+deb11u5), have been reverted. Additionally, the following CVE have been fixed:
- Debian 11 systemd Critical Improper Access Control Exploit DLA-4533-1on April 15, 2026 at 12:26 pm
The following vulnerabilities have been discovered systemd: CVE-2026-4105 The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged
- Debian 11 gdk-pixbuf Critical JPEG Processing Code Exec DLA-4531-1on April 14, 2026 at 11:43 am
It was discovered that gdk-pixbuf, the GDK Pixbuf library, does not properly validate color component counts in the JPEG image loader, which may result in the execution of arbitrary code or denial of service if specially crafted JPEG images are processed. For Debian 11 bullseye, this problem has been fixed in version
- Debian 11 gst-plugins-bad Critical DoS and Code Exec DLA-4530-1on April 13, 2026 at 5:02 pm
Multiple multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. For Debian 11 bullseye, these problems have been fixed in version
- Debian 11 Bind9 Important DNSSEC CPU Consumption Threat DLA-4529-1on April 13, 2026 at 10:01 am
BIND a popular name server (DNS) was affected by a vulnerability. If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers
- Debian 11 webkit2gtk Advisory DLA-4528-1 Multiple Crashes Denial of Serviceon April 11, 2026 at 1:19 pm
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2025-43214 shandikri discovered that processing maliciously crafted web content may lead to an unexpected process crash.
- Debian 11 inetutils Important DLA-4527-1 Privilege Escalation Threaton April 11, 2026 at 10:22 am
Several vulnerabilities were discovered in the inetutils implementation of telnetd and telnet, which may result in privilege escalation or information disclosure. CVE-2026-28372 Ron Ben Yizhak from SafeBreach found that the fix for CVE-2026-24061 was
- Debian 11 DLA-4526-1 Firefox-esr Critical Exec Code Threaton April 11, 2026 at 1:25 am
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 11 bullseye, these problems have been fixed in version 140.9.1esr-1~deb11u1.
- Debian LTS 1.34-1 libyaml-syck-perl Critical Buffer Overflow CVE-2025-11683on April 9, 2026 at 8:38 pm
Brief introduction CVE-2025-11683 Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read. The issue is seen with complex YAML files with a hash of all keys and empty values.
