Debian GNU/Linux has released important security updates for three packages: XZ-Utils, Trafficserver, and Abseil.
For Debian GNU/Linux 11 (Bullseye) LTS, a security update has been issued for Abseil, identified as [DLA 4116-1]. The vulnerability, CVE-2025-0838, pertains to a heap buffer overflow that may occur due to insufficient bounds checking in certain methods of the Abseil C++ libraries. The issue has been addressed in version 0~20200923.3-2+deb11u1, and users are urged to upgrade their Abseil packages.
In Debian GNU/Linux 12 (Bookworm), two significant updates have been made. The first is for XZ-Utils, listed as [DSA 5895-1], which addresses CVE-2025-31115. This vulnerability was discovered in the multithreaded .xz decoder and could lead to application crashes or the execution of arbitrary code. The fix has been implemented in version 5.4.1-1. Users are encouraged to upgrade their xz-utils packages for improved security.
The second update for Debian 12 concerns Trafficserver, denoted as [DSA 5896-1]. This update addresses multiple vulnerabilities (CVE-2024-38311, CVE-2024-38479, CVE-2024-50305, CVE-2024-50306, CVE-2024-56195, and CVE-2024-56202) that could potentially result in denial of service, HTTP request smuggling, cache poisoning, or privilege escalation issues. The vulnerabilities have been fixed in version 9.2.5+ds-0+deb12u2, and users should upgrade their Trafficserver packages accordingly.
For more detailed information regarding the security status of these packages, users can visit the respective security tracker pages for XZ-Utils, Trafficserver, and Abseil. Additionally, guidance on how to apply these updates and answers to frequently asked questions about Debian security advisories can be found on the Debian security website.
In conclusion, it is crucial for users of Debian GNU/Linux to remain vigilant and regularly update their software to mitigate potential security risks. Ensuring that packages like XZ-Utils, Trafficserver, and Abseil are up to date will help protect systems from known vulnerabilities
For Debian GNU/Linux 11 (Bullseye) LTS, a security update has been issued for Abseil, identified as [DLA 4116-1]. The vulnerability, CVE-2025-0838, pertains to a heap buffer overflow that may occur due to insufficient bounds checking in certain methods of the Abseil C++ libraries. The issue has been addressed in version 0~20200923.3-2+deb11u1, and users are urged to upgrade their Abseil packages.
In Debian GNU/Linux 12 (Bookworm), two significant updates have been made. The first is for XZ-Utils, listed as [DSA 5895-1], which addresses CVE-2025-31115. This vulnerability was discovered in the multithreaded .xz decoder and could lead to application crashes or the execution of arbitrary code. The fix has been implemented in version 5.4.1-1. Users are encouraged to upgrade their xz-utils packages for improved security.
The second update for Debian 12 concerns Trafficserver, denoted as [DSA 5896-1]. This update addresses multiple vulnerabilities (CVE-2024-38311, CVE-2024-38479, CVE-2024-50305, CVE-2024-50306, CVE-2024-56195, and CVE-2024-56202) that could potentially result in denial of service, HTTP request smuggling, cache poisoning, or privilege escalation issues. The vulnerabilities have been fixed in version 9.2.5+ds-0+deb12u2, and users should upgrade their Trafficserver packages accordingly.
For more detailed information regarding the security status of these packages, users can visit the respective security tracker pages for XZ-Utils, Trafficserver, and Abseil. Additionally, guidance on how to apply these updates and answers to frequently asked questions about Debian security advisories can be found on the Debian security website.
In conclusion, it is crucial for users of Debian GNU/Linux to remain vigilant and regularly update their software to mitigate potential security risks. Ensuring that packages like XZ-Utils, Trafficserver, and Abseil are up to date will help protect systems from known vulnerabilities
XZ-Utils, Trafficserver, Abseil updates for Debian
Debian GNU/Linux has been updated with security updates for XZ-Utils, Trafficserver, and Abseil:
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4116-1] abseil security update
Debian GNU/Linux 12 (Bookworm):
[DSA 5895-1] xz-utils security update
[DSA 5896-1] trafficserver security updateXZ-Utils, Trafficserver, Abseil updates for Debian @ Linux Compatible
