Debian GNU/Linux Extended LTS has received important security updates for several packages, including LibRabbitMQ, Intel-Microcode, FFMpeg, and Ruby. These updates are aimed at enhancing system security across various Debian versions.
Debian GNU/Linux 8 (Jessie) ELTS:
- ELA-1363-1: A security update for librabbitmq, which addresses vulnerabilities that could lead to credential visibility issues when using command-line tools.
Debian GNU/Linux 8 (Jessie), 9 (Stretch), and 10 (Buster) ELTS:
- ELA-1364-1: Intel-microcode security updates that fix multiple vulnerabilities in Intel processors, which could allow local privilege escalation, denial of service, or information disclosure.
Debian GNU/Linux 9 (Stretch) ELTS:
- ELA-1360-1: FFMpeg security update that addresses issues related to out-of-bounds reads, assertion errors, and NULL pointer dereferences.
- ELA-1330-1: Ruby 2.3 security update that addresses multiple vulnerabilities, particularly in the REXML gem, which can lead to Denial of Service (DoS) under certain conditions.
Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS:
- ELA-1362-1: Another security update for librabbitmq, addressing issues related to heap memory corruption and credential visibility.
Debian GNU/Linux 10 (Buster) ELTS:
- ELA-1361-1: Further FFMpeg security update addressing similar issues as noted for Stretch.
- ELA-1363-1: Another update for librabbitmq to ensure security against vulnerabilities.
The updates for librabbitmq involve fixing vulnerabilities indexed as CVE-2023-35789, which pertains to credential visibility, and CVE-2019-18609, which relates to heap memory corruption.
The intel-microcode updates target numerous CVEs (from CVE-2023-34440 to CVE-2024-39355) that highlight various vulnerabilities in Intel processors, primarily concerning improper input validation and potential local privilege escalations.
The FFMpeg updates address critical vulnerabilities affecting multimedia file handling, with CVEs like CVE-2024-36613 and CVE-2025-0518 indicating issues that could lead to serious errors in processing multimedia.
Lastly, the Ruby updates underscore several vulnerabilities in the REXML gem, including those that could lead to DoS attacks while parsing XML, emphasizing the need for caution when dealing with untrusted XML inputs.
These updates are crucial for maintaining the security integrity of systems running Debian, particularly for users who rely on these packages for their applications and infrastructure. It is recommended for users to apply these updates promptly to mitigate risks associated with the identified vulnerabilities
Debian GNU/Linux 8 (Jessie) ELTS:
- ELA-1363-1: A security update for librabbitmq, which addresses vulnerabilities that could lead to credential visibility issues when using command-line tools.
Debian GNU/Linux 8 (Jessie), 9 (Stretch), and 10 (Buster) ELTS:
- ELA-1364-1: Intel-microcode security updates that fix multiple vulnerabilities in Intel processors, which could allow local privilege escalation, denial of service, or information disclosure.
Debian GNU/Linux 9 (Stretch) ELTS:
- ELA-1360-1: FFMpeg security update that addresses issues related to out-of-bounds reads, assertion errors, and NULL pointer dereferences.
- ELA-1330-1: Ruby 2.3 security update that addresses multiple vulnerabilities, particularly in the REXML gem, which can lead to Denial of Service (DoS) under certain conditions.
Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS:
- ELA-1362-1: Another security update for librabbitmq, addressing issues related to heap memory corruption and credential visibility.
Debian GNU/Linux 10 (Buster) ELTS:
- ELA-1361-1: Further FFMpeg security update addressing similar issues as noted for Stretch.
- ELA-1363-1: Another update for librabbitmq to ensure security against vulnerabilities.
The updates for librabbitmq involve fixing vulnerabilities indexed as CVE-2023-35789, which pertains to credential visibility, and CVE-2019-18609, which relates to heap memory corruption.
The intel-microcode updates target numerous CVEs (from CVE-2023-34440 to CVE-2024-39355) that highlight various vulnerabilities in Intel processors, primarily concerning improper input validation and potential local privilege escalations.
The FFMpeg updates address critical vulnerabilities affecting multimedia file handling, with CVEs like CVE-2024-36613 and CVE-2025-0518 indicating issues that could lead to serious errors in processing multimedia.
Lastly, the Ruby updates underscore several vulnerabilities in the REXML gem, including those that could lead to DoS attacks while parsing XML, emphasizing the need for caution when dealing with untrusted XML inputs.
These updates are crucial for maintaining the security integrity of systems running Debian, particularly for users who rely on these packages for their applications and infrastructure. It is recommended for users to apply these updates promptly to mitigate risks associated with the identified vulnerabilities
LibRabbitMQ, Intel-Microcode, FFMpeg, Ruby updates for Debian ELTS
Debian GNU/Linux Extended LTS has been updated with several security enhancements, including LibRabbitMQ, Intel-Microcode, FFMpeg, and Ruby:
Debian GNU/Linux 8 (Jessie) ELTS:
ELA-1363-1 librabbitmq security update
Debian GNU/Linux 8 (Jessie), 9 (Stretch), and 10 (Buster) ELTS:
ELA-1364-1 intel-microcode security update
Debian GNU/Linux 9 (Stretch) ELTS:
ELA-1360-1 ffmpeg security update
ELA-1330-1 ruby2.3 security update
Debian GNU/Linux 9 (Stretch) and 10 (Buster) ELTS:
ELA-1362-1 librabbitmq security update
Debian GNU/Linux 10 (Buster) ELTS:
ELA-1361-1 ffmpeg security updateLibRabbitMQ, Intel-Microcode, FFMpeg, Ruby updates for Debian ELTS @ Linux Compatible
