Debian GNU/Linux has rolled out critical security updates for several packages, including fig2dev, wget, and transfig. These updates address various vulnerabilities identified in the software, ensuring enhanced security for users.
For Debian GNU/Linux 8 (Jessie) under the Extended LTS, a security update for wget has been issued (ELA-1399-1). Similarly, for Debian GNU/Linux 8 (Jessie), 9 (Stretch), and 10 (Buster), a transfig security update (ELA-1401-1) has been released. Additionally, Debian GNU/Linux 9 (Stretch) and 10 (Buster) have received an update for fig2dev (ELA-1400-1). For the latest Debian 11 (Bullseye), both fig2dev (DLA 4134-1) and wget (DLA 4133-1) have been updated as of April 21, 2025.
The fig2dev package, which is responsible for converting XFig figure files, has been updated to version 1:3.2.8-3+deb11u2 to fix multiple vulnerabilities. These include:
- CVE-2025-31162: A floating point exception due to enormous pattern lengths.
- CVE-2025-31163: Failure to reject arcs with coincident points.
- CVE-2025-31164: A heap buffer overflow occurring on arc-boxes with zero radius.
For wget, the update to version 1.21-1+deb11u2 addresses a critical issue (CVE-2024-38428) related to the mishandling of semicolons in the userinfo subcomponent of URIs, which could lead to security risks when retrieving files over various protocols.
Users are strongly advised to upgrade their fig2dev and wget packages to the latest versions to mitigate these vulnerabilities. Detailed information about the security status of these packages can be found on the Debian security tracker pages.
For further assistance on applying these updates or for additional FAQs, users can refer to the official Debian LTS wiki.
In summary, these security patches reflect Debian's ongoing commitment to maintaining the integrity and security of its operating system and software packages. Users are encouraged to stay updated with the latest releases to protect against potential threats
For Debian GNU/Linux 8 (Jessie) under the Extended LTS, a security update for wget has been issued (ELA-1399-1). Similarly, for Debian GNU/Linux 8 (Jessie), 9 (Stretch), and 10 (Buster), a transfig security update (ELA-1401-1) has been released. Additionally, Debian GNU/Linux 9 (Stretch) and 10 (Buster) have received an update for fig2dev (ELA-1400-1). For the latest Debian 11 (Bullseye), both fig2dev (DLA 4134-1) and wget (DLA 4133-1) have been updated as of April 21, 2025.
The fig2dev package, which is responsible for converting XFig figure files, has been updated to version 1:3.2.8-3+deb11u2 to fix multiple vulnerabilities. These include:
- CVE-2025-31162: A floating point exception due to enormous pattern lengths.
- CVE-2025-31163: Failure to reject arcs with coincident points.
- CVE-2025-31164: A heap buffer overflow occurring on arc-boxes with zero radius.
For wget, the update to version 1.21-1+deb11u2 addresses a critical issue (CVE-2024-38428) related to the mishandling of semicolons in the userinfo subcomponent of URIs, which could lead to security risks when retrieving files over various protocols.
Users are strongly advised to upgrade their fig2dev and wget packages to the latest versions to mitigate these vulnerabilities. Detailed information about the security status of these packages can be found on the Debian security tracker pages.
For further assistance on applying these updates or for additional FAQs, users can refer to the official Debian LTS wiki.
In summary, these security patches reflect Debian's ongoing commitment to maintaining the integrity and security of its operating system and software packages. Users are encouraged to stay updated with the latest releases to protect against potential threats
Fig2dev, Wget, Transfig updates for Debian
Debian GNU/Linux has implemented a series of security updates, including fig2dev, wget, and transfig:
Debian GNU/Linux 8 (Jessie) Extended LTS:
ELA-1399-1 wget security update
Debian GNU/Linux 8 (Jessie), 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1401-1 transfig security update
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1400-1 fig2dev security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4134-1] fig2dev security update
[DLA 4133-1] wget security updateFig2dev, Wget, Transfig updates for Debian @ Linux Compatible
