Debian GNU/Linux has recently implemented several important security updates across various packages, including libsndfile, haproxy, erlang, and hiredis, to enhance system security and address known vulnerabilities.
For Extended Long Term Support (ELTS), Debian GNU/Linux versions 8 (Jessie), 9 (Stretch), and 10 (Buster) have received a security update for libsndfile under advisory ELA-1403-1. This package, which is crucial for reading and writing audio files, has been identified with multiple vulnerabilities, specifically:
1. CVE-2022-33065: This vulnerability allows for Denial of Service or other unspecified impacts due to signed integer overflows in specific functions.
2. CVE-2024-50612: An out-of-bounds read vulnerability in the vorbis_analysis_wrote function of the library can potentially lead to security issues.
For Debian versions 9 (Stretch) and 10 (Buster), additional updates include:
- ELA-1405-1: A security update for erlang, addressing a critical remote code execution vulnerability (CVE-2025-32433) in the SSH protocol implementation. This flaw could enable an attacker to execute arbitrary commands without proper authentication.
- ELA-1404-1: A security update for hiredis, which resolves a NULL pointer dereference issue (CVE-2020-7105) caused by unverified return values from allocation functions in the C client library for the Redis database.
Furthermore, Debian 11 (Bullseye) has been updated with a security fix for haproxy under advisory DLA-4135-1, addressing a heap buffer overflow vulnerability (CVE-2025-32464) in the load balancing reverse proxy.
Users are strongly encouraged to upgrade their packages to ensure their systems are secured against these vulnerabilities. Detailed security status and further information on applying updates can be found on the Debian security tracker and LTS wiki pages.
In summary, these updates are part of Debian's ongoing commitment to maintaining system security and stability, and they highlight the importance of regular software maintenance to protect against emerging threats. Users should remain vigilant and keep their systems updated to the latest versions
For Extended Long Term Support (ELTS), Debian GNU/Linux versions 8 (Jessie), 9 (Stretch), and 10 (Buster) have received a security update for libsndfile under advisory ELA-1403-1. This package, which is crucial for reading and writing audio files, has been identified with multiple vulnerabilities, specifically:
1. CVE-2022-33065: This vulnerability allows for Denial of Service or other unspecified impacts due to signed integer overflows in specific functions.
2. CVE-2024-50612: An out-of-bounds read vulnerability in the vorbis_analysis_wrote function of the library can potentially lead to security issues.
For Debian versions 9 (Stretch) and 10 (Buster), additional updates include:
- ELA-1405-1: A security update for erlang, addressing a critical remote code execution vulnerability (CVE-2025-32433) in the SSH protocol implementation. This flaw could enable an attacker to execute arbitrary commands without proper authentication.
- ELA-1404-1: A security update for hiredis, which resolves a NULL pointer dereference issue (CVE-2020-7105) caused by unverified return values from allocation functions in the C client library for the Redis database.
Furthermore, Debian 11 (Bullseye) has been updated with a security fix for haproxy under advisory DLA-4135-1, addressing a heap buffer overflow vulnerability (CVE-2025-32464) in the load balancing reverse proxy.
Users are strongly encouraged to upgrade their packages to ensure their systems are secured against these vulnerabilities. Detailed security status and further information on applying updates can be found on the Debian security tracker and LTS wiki pages.
In summary, these updates are part of Debian's ongoing commitment to maintaining system security and stability, and they highlight the importance of regular software maintenance to protect against emerging threats. Users should remain vigilant and keep their systems updated to the latest versions
Libsndfile, Erlang, Hiredis, Haproxy updates for Debian
Debian GNU/Linux has been updated with multiple security enhancements, including libsndfile, haproxy, erlang, and hiredis.
Debian GNU/Linux 8 (Jessie), 9 (Stretch), and 10 (Buster) Extended LTS:
ELA-1403-1 libsndfile security update
Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1405-1 erlang security update
ELA-1404-1 hiredis security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4135-1] haproxy security updateLibsndfile, Erlang, Hiredis, Haproxy updates for Debian @ Linux Compatible
