Debian GNU/Linux has recently released several updates addressing security vulnerabilities and enhancements for TzData, Tomcat9, OpenJPEG2, and Jetty across its various versions, including Extended LTS for older releases and LTS for the current version.
For Debian GNU/Linux 8 (Jessie), 9 (Stretch), and 10 (Buster), the notable update is ELA-1369-1, which introduces a new timezone database (tzdata 2025b). This update includes a new timezone for the Aysén Region in Chile, specifically the America/Coyhaique zone, which changes its offset from -04/-03 to -03.
In the LTS version (Debian 11 Bullseye), multiple security advisories have been issued:
1. [DLA 4105-1] tzdata: This update also includes tzdata 2025b, fixing the same timezone issue noted above.
2. [DLA 4108-1] tomcat9: A security vulnerability identified as CVE-2025-24813 was patched. This flaw allowed potential unauthorized access to sensitive files and possible remote code execution under certain conditions, particularly when specific servlet configurations were enabled.
3. [DLA 4107-1] openjpeg2: This update addresses multiple vulnerabilities (CVE-2021-3575, CVE-2021-29338, CVE-2022-1122, CVE-2024-56826, CVE-2024-56827) that could lead to denial of service or arbitrary code execution when handling malformed images.
4. [DLA 4106-1] jetty9: Several security vulnerabilities (CVE-2024-6762, CVE-2024-8184, CVE-2024-9823) were resolved, which could allow remote attackers to force the server into an OutOfMemory state through crafted requests.
Users are advised to upgrade their respective packages to ensure their systems are secure. Detailed security status and guidance on applying these updates can be found on the Debian security tracker and the Debian LTS wiki.
In summary, these updates reflect Debian's ongoing commitment to security and system integrity by addressing critical vulnerabilities and enhancing the functionality of essential software packages. Users should remain vigilant and apply updates promptly to mitigate security risks
For Debian GNU/Linux 8 (Jessie), 9 (Stretch), and 10 (Buster), the notable update is ELA-1369-1, which introduces a new timezone database (tzdata 2025b). This update includes a new timezone for the Aysén Region in Chile, specifically the America/Coyhaique zone, which changes its offset from -04/-03 to -03.
In the LTS version (Debian 11 Bullseye), multiple security advisories have been issued:
1. [DLA 4105-1] tzdata: This update also includes tzdata 2025b, fixing the same timezone issue noted above.
2. [DLA 4108-1] tomcat9: A security vulnerability identified as CVE-2025-24813 was patched. This flaw allowed potential unauthorized access to sensitive files and possible remote code execution under certain conditions, particularly when specific servlet configurations were enabled.
3. [DLA 4107-1] openjpeg2: This update addresses multiple vulnerabilities (CVE-2021-3575, CVE-2021-29338, CVE-2022-1122, CVE-2024-56826, CVE-2024-56827) that could lead to denial of service or arbitrary code execution when handling malformed images.
4. [DLA 4106-1] jetty9: Several security vulnerabilities (CVE-2024-6762, CVE-2024-8184, CVE-2024-9823) were resolved, which could allow remote attackers to force the server into an OutOfMemory state through crafted requests.
Users are advised to upgrade their respective packages to ensure their systems are secure. Detailed security status and guidance on applying these updates can be found on the Debian security tracker and the Debian LTS wiki.
In summary, these updates reflect Debian's ongoing commitment to security and system integrity by addressing critical vulnerabilities and enhancing the functionality of essential software packages. Users should remain vigilant and apply updates promptly to mitigate security risks
TzData, Tomcat9, OpenJPEG2, Jetty updates for Debian
Debian GNU/Linux has been updated with multiple updates for TzData, Tomcat9, OpenJPEG2, and Jetty:
Debian GNU/Linux 8 (Jessie), 9 (Stretch), and 10 (Buster) Extended LTS:
ELA-1369-1 tzdata new timezone database
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4105-1] tzdata new timezone database
[DLA 4108-1] tomcat9 security update
[DLA 4107-1] openjpeg2 security update
[DLA 4106-1] jetty9 security updateTzData, Tomcat9, OpenJPEG2, Jetty updates for Debian @ Linux Compatible
