Atop and Ruby updates for Debian

Debian 10396 Published by

Debian GNU/Linux has been updated with two security updates: Atop for Debian 11 LTS and Ruby 2.1 for Debian 8 ELTS

[DLA 4117-1] atop security update
ELA-1381-1 ruby2.1 security update




[SECURITY] [DLA 4117-1] atop security update


-------------------------------------------------------------------------
Debian LTS Advisory DLA-4117-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Carlos Henrique Lima Melara
April 06, 2025 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : atop
Version : 2.6.0-2+deb11u1
CVE ID : CVE-2025-31160

It was discovered that Atop, a monitor tool for system resources and
process activity, always tried to connect to the port of atopgpud
(an additional daemon gathering GPU statistics not shipped in Debian)
while performing insufficient sanitising of the data read from this
port.

With this update, additional validation is added and by default atop
no longer tries to connect to the atopgpud daemon port unless explicitly
enabled via -k.

For Debian 11 bullseye, this problem has been fixed in version
2.6.0-2+deb11u1.

We recommend that you upgrade your atop packages.

For the detailed security status of atop please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/atop

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



ELA-1381-1 ruby2.1 security update


Package : ruby2.1
Version : 2.1.5-2+deb8u16 (jessie)

Related CVEs :
CVE-2025-27219
CVE-2025-27220
CVE-2025-27221

Ruby, a popular scripting language, was affected by multiple vulnerabilities.

CVE-2025-27219
In the CGI gem, the CGI::Cookie.parse method in the CGI library
contains a potential Denial of Service (DoS) vulnerability.
The method does not impose any limit on the length of the raw cookie
value it processes. This oversight can lead to excessive
resource consumption when parsing extremely large cookies.

CVE-2025-27220
In the CGI gem, a Regular Expression Denial of Service (ReDoS)
vulnerability exists in the Util#escapeElement method.

CVE-2025-27221
In the URI gem, the URI handling methods
(URI.join, URI#merge, URI#+) have an inadvertent leakage of
authentication credentials because userinfo is retained
even after changing the host.


ELA-1381-1 ruby2.1 security update


Libdbd-MySQL-Perl and Kamailio updates for Ubuntu

Linux Kernel 6.15-rc1 released

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...