Firefox-ESR, Linux Kernel, Commons-VFS, Thunderbird updates for Debian

Debian 10391 Published by

Debian GNU/Linux has been updated with multiple security enhancements, including updates for Firefox-ESR, Linux Kernel, Commons-VFS, and Thunderbird:

Debian GNU/Linux 8 (Jessie), 9 (Stretch), and 10 (Buster) Extended LTS:
ELA-1370-1 linux-5.10 security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4109-1] firefox-esr security update
[DLA 4111-1] commons-vfs security update
[DLA 4110-1] thunderbird security update

Debian GNU/Linux 12 (Bookworm):
[DSA 5889-1] firefox-esr security update



[SECURITY] [DLA 4109-1] firefox-esr security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4109-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
April 02, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : firefox-esr
Version : 128.9.0esr-1~deb11u1
CVE ID : CVE-2025-3028 CVE-2025-3029 CVE-2025-3030

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in spoofing or the execution
of arbitrary code.

For Debian 11 bullseye, these problems have been fixed in version
128.9.0esr-1~deb11u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



ELA-1370-1 linux-5.10 security update


Package : linux-5.10
Version : 5.10.234-1~deb8u2 (jessie), 5.10.234-1~deb9u1 (stretch), 5.10.234-1~deb10u1 (buster)

Related CVEs :
CVE-2023-52530
CVE-2024-26921
CVE-2024-27017
CVE-2024-27072
CVE-2024-35965
CVE-2024-35966
CVE-2024-36476
CVE-2024-36899
CVE-2024-38538
CVE-2024-38544
CVE-2024-38588
CVE-2024-38591
CVE-2024-39497
CVE-2024-40953
CVE-2024-41016
CVE-2024-41060
CVE-2024-41080
CVE-2024-42315
CVE-2024-43098
CVE-2024-44931
CVE-2024-44940
CVE-2024-46695
CVE-2024-46809
CVE-2024-46841
CVE-2024-46849
CVE-2024-46853
CVE-2024-46854
CVE-2024-46858
CVE-2024-46865
CVE-2024-47143
CVE-2024-47670
CVE-2024-47671
CVE-2024-47672
CVE-2024-47674
CVE-2024-47679
CVE-2024-47684
CVE-2024-47685
CVE-2024-47692
CVE-2024-47696
CVE-2024-47697
CVE-2024-47698
CVE-2024-47699
CVE-2024-47701
CVE-2024-47705
CVE-2024-47706
CVE-2024-47707
CVE-2024-47709
CVE-2024-47710
CVE-2024-47712
CVE-2024-47713
CVE-2024-47718
CVE-2024-47723
CVE-2024-47735
CVE-2024-47737
CVE-2024-47739
CVE-2024-47740
CVE-2024-47742
CVE-2024-47748
CVE-2024-47749
CVE-2024-47756
CVE-2024-47757
CVE-2024-48881
CVE-2024-49851
CVE-2024-49858
CVE-2024-49860
CVE-2024-49863
CVE-2024-49867
CVE-2024-49868
CVE-2024-49875
CVE-2024-49877
CVE-2024-49878
CVE-2024-49879
CVE-2024-49881
CVE-2024-49882
CVE-2024-49883
CVE-2024-49884
CVE-2024-49889
CVE-2024-49890
CVE-2024-49892
CVE-2024-49894
CVE-2024-49895
CVE-2024-49896
CVE-2024-49900
CVE-2024-49902
CVE-2024-49903
CVE-2024-49907
CVE-2024-49913
CVE-2024-49930
CVE-2024-49933
CVE-2024-49936
CVE-2024-49938
CVE-2024-49944
CVE-2024-49948
CVE-2024-49949
CVE-2024-49952
CVE-2024-49955
CVE-2024-49957
CVE-2024-49958
CVE-2024-49959
CVE-2024-49962
CVE-2024-49963
CVE-2024-49965
CVE-2024-49966
CVE-2024-49969
CVE-2024-49973
CVE-2024-49974
CVE-2024-49975
CVE-2024-49977
CVE-2024-49981
CVE-2024-49982
CVE-2024-49983
CVE-2024-49985
CVE-2024-49995
CVE-2024-49996
CVE-2024-50001
CVE-2024-50006
CVE-2024-50007
CVE-2024-50008
CVE-2024-50010
CVE-2024-50013
CVE-2024-50015
CVE-2024-50024
CVE-2024-50033
CVE-2024-50035
CVE-2024-50036
CVE-2024-50039
CVE-2024-50040
CVE-2024-50044
CVE-2024-50045
CVE-2024-50046
CVE-2024-50049
CVE-2024-50055
CVE-2024-50058
CVE-2024-50059
CVE-2024-50072
CVE-2024-50074
CVE-2024-50082
CVE-2024-50083
CVE-2024-50095
CVE-2024-50096
CVE-2024-50099
CVE-2024-50103
CVE-2024-50115
CVE-2024-50116
CVE-2024-50117
CVE-2024-50121
CVE-2024-50127
CVE-2024-50131
CVE-2024-50134
CVE-2024-50142
CVE-2024-50148
CVE-2024-50150
CVE-2024-50151
CVE-2024-50153
CVE-2024-50167
CVE-2024-50171
CVE-2024-50179
CVE-2024-50180
CVE-2024-50184
CVE-2024-50185
CVE-2024-50188
CVE-2024-50192
CVE-2024-50193
CVE-2024-50194
CVE-2024-50195
CVE-2024-50198
CVE-2024-50199
CVE-2024-50201
CVE-2024-50202
CVE-2024-50205
CVE-2024-50208
CVE-2024-50209
CVE-2024-50210
CVE-2024-50218
CVE-2024-50229
CVE-2024-50230
CVE-2024-50233
CVE-2024-50234
CVE-2024-50236
CVE-2024-50237
CVE-2024-50251
CVE-2024-50262
CVE-2024-50264
CVE-2024-50265
CVE-2024-50267
CVE-2024-50268
CVE-2024-50269
CVE-2024-50273
CVE-2024-50278
CVE-2024-50279
CVE-2024-50282
CVE-2024-50287
CVE-2024-50290
CVE-2024-50292
CVE-2024-50295
CVE-2024-50296
CVE-2024-50299
CVE-2024-50301
CVE-2024-50302
CVE-2024-50304
CVE-2024-52332
CVE-2024-53042
CVE-2024-53052
CVE-2024-53057
CVE-2024-53059
CVE-2024-53060
CVE-2024-53061
CVE-2024-53063
CVE-2024-53066
CVE-2024-53096
CVE-2024-53097
CVE-2024-53099
CVE-2024-53101
CVE-2024-53103
CVE-2024-53104
CVE-2024-53112
CVE-2024-53119
CVE-2024-53121
CVE-2024-53124
CVE-2024-53125
CVE-2024-53127
CVE-2024-53130
CVE-2024-53131
CVE-2024-53135
CVE-2024-53136
CVE-2024-53138
CVE-2024-53140
CVE-2024-53141
CVE-2024-53142
CVE-2024-53145
CVE-2024-53146
CVE-2024-53148
CVE-2024-53150
CVE-2024-53155
CVE-2024-53156
CVE-2024-53157
CVE-2024-53158
CVE-2024-53161
CVE-2024-53164
CVE-2024-53171
CVE-2024-53172
CVE-2024-53173
CVE-2024-53174
CVE-2024-53181
CVE-2024-53183
CVE-2024-53184
CVE-2024-53194
CVE-2024-53197
CVE-2024-53198
CVE-2024-53214
CVE-2024-53217
CVE-2024-53226
CVE-2024-53227
CVE-2024-53237
CVE-2024-53239
CVE-2024-53240
CVE-2024-53241
CVE-2024-53680
CVE-2024-53685
CVE-2024-53690
CVE-2024-54031
CVE-2024-55916
CVE-2024-56531
CVE-2024-56532
CVE-2024-56533
CVE-2024-56539
CVE-2024-56548
CVE-2024-56558
CVE-2024-56562
CVE-2024-56567
CVE-2024-56568
CVE-2024-56569
CVE-2024-56570
CVE-2024-56574
CVE-2024-56576
CVE-2024-56581
CVE-2024-56586
CVE-2024-56587
CVE-2024-56589
CVE-2024-56593
CVE-2024-56594
CVE-2024-56595
CVE-2024-56596
CVE-2024-56597
CVE-2024-56598
CVE-2024-56600
CVE-2024-56601
CVE-2024-56602
CVE-2024-56603
CVE-2024-56605
CVE-2024-56606
CVE-2024-56610
CVE-2024-56615
CVE-2024-56616
CVE-2024-56619
CVE-2024-56623
CVE-2024-56629
CVE-2024-56630
CVE-2024-56631
CVE-2024-56633
CVE-2024-56634
CVE-2024-56636
CVE-2024-56637
CVE-2024-56642
CVE-2024-56643
CVE-2024-56644
CVE-2024-56645
CVE-2024-56648
CVE-2024-56650
CVE-2024-56659
CVE-2024-56661
CVE-2024-56662
CVE-2024-56670
CVE-2024-56672
CVE-2024-56681
CVE-2024-56688
CVE-2024-56690
CVE-2024-56691
CVE-2024-56694
CVE-2024-56698
CVE-2024-56700
CVE-2024-56704
CVE-2024-56705
CVE-2024-56716
CVE-2024-56720
CVE-2024-56723
CVE-2024-56724
CVE-2024-56728
CVE-2024-56739
CVE-2024-56747
CVE-2024-56748
CVE-2024-56754
CVE-2024-56756
CVE-2024-56759
CVE-2024-56763
CVE-2024-56766
CVE-2024-56767
CVE-2024-56769
CVE-2024-56770
CVE-2024-56779
CVE-2024-56780
CVE-2024-57791
CVE-2024-57792
CVE-2024-57802
CVE-2024-57807
CVE-2024-57850
CVE-2024-57874
CVE-2024-57884
CVE-2024-57887
CVE-2024-57889
CVE-2024-57890
CVE-2024-57892
CVE-2024-57896
CVE-2024-57900
CVE-2024-57901
CVE-2024-57902
CVE-2024-57904
CVE-2024-57906
CVE-2024-57907
CVE-2024-57908
CVE-2024-57910
CVE-2024-57911
CVE-2024-57912
CVE-2024-57913
CVE-2024-57922
CVE-2024-57929
CVE-2024-57931
CVE-2024-57938
CVE-2024-57940
CVE-2024-57946
CVE-2024-57948
CVE-2024-57951
CVE-2025-21638
CVE-2025-21639
CVE-2025-21640
CVE-2025-21646
CVE-2025-21648
CVE-2025-21653
CVE-2025-21664
CVE-2025-21666
CVE-2025-21669
CVE-2025-21678
CVE-2025-21683
CVE-2025-21687
CVE-2025-21688
CVE-2025-21689
CVE-2025-21692
CVE-2025-21694
CVE-2025-21697
CVE-2025-21699

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.


ELA-1370-1 linux-5.10 security update



[SECURITY] [DLA 4111-1] commons-vfs security update


-------------------------------------------------------------------------
Debian LTS Advisory DLA-4111-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Markus Koschany
April 02, 2025 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : commons-vfs
Version : 2.1-2+deb11u1
CVE ID : CVE-2025-27553
Debian Bug : 1101204

Arnout Engelen discovered a Relative Path Traversal vulnerability in
Commons VFS, a Java library that provides a single API for accessing
various different file systems. A local or remote attacker may use this
flaw to access files and directories outside of a root folder.

For Debian 11 bullseye, this problem has been fixed in version
2.1-2+deb11u1.

We recommend that you upgrade your commons-vfs packages.

For the detailed security status of commons-vfs please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/commons-vfs

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



[SECURITY] [DLA 4110-1] thunderbird security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4110-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
April 02, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : thunderbird
Version : 1:128.9.0esr-1~deb11u1
CVE ID : CVE-2025-3028 CVE-2025-3029 CVE-2025-3030

Multiple security issues were discovered in Thunderbird, which could
result in spoofing or the execution of arbitrary code.

For Debian 11 bullseye, these problems have been fixed in version
1:128.9.0esr-1~deb11u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



[SECURITY] [DSA 5889-1] firefox-esr security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5889-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 02, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2025-3028 CVE-2025-3029 CVE-2025-3030

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code or spoofing.

For the stable distribution (bookworm), these problems have been fixed in
version 128.9.0esr-1~deb12u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

InspIRCd, Vim, Nginx, Linux kernel updates for Ubuntu

macOS Sequoia 15.5, iOS 18.5, visionOS 2.5, tvOS 18.5, and watchOS 11.5 Beta 1 released

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...