Libsndfile, Erlang, Hiredis, Haproxy updates for Debian

Debian 10423 Published by

Debian GNU/Linux has been updated with multiple security enhancements, including libsndfile, haproxy, erlang, and hiredis.

Debian GNU/Linux 8 (Jessie), 9 (Stretch), and 10 (Buster) Extended LTS:
ELA-1403-1 libsndfile security update

Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1405-1 erlang security update
ELA-1404-1 hiredis security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4135-1] haproxy security update



ELA-1403-1 libsndfile security update


Package : libsndfile

Version : 1.0.25-9.1+deb8u8 (jessie), 1.0.27-3+deb9u4 (stretch), 1.0.28-6+deb10u3 (buster)

Related CVEs :
CVE-2022-33065
CVE-2024-50612

Several security vulnerabilities have been found in libsndfile, a library for
reading/writing audio files.

CVE-2022-33065
Multiple signed integers overflow in function au_read_header in src/au.c
and in functions mat4_open and mat4_read_header in src/mat4.c in
Libsndfile, allows an attacker to cause Denial of Service or other
unspecified impacts.

CVE-2024-50612
libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote
out-of-bounds read.


ELA-1403-1 libsndfile security update



[SECURITY] [DLA 4135-1] haproxy security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4135-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
April 23, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : haproxy
Version : 2.2.9-2+deb11u7
CVE ID : CVE-2025-32464
Debian Bug : 1102673

A heap buffer overflow in sample_conv_regsub() has been fixed in the
load balancing reverse proxy HAProxy.

For Debian 11 bullseye, this problem has been fixed in version
2.2.9-2+deb11u7.

We recommend that you upgrade your haproxy packages.

For the detailed security status of haproxy please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/haproxy

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



ELA-1405-1 erlang security update


Package : erlang
Version : 19.2.1+dfsg-2+really23.3.4.18-0+deb9u4 (stretch), 1:22.2.7+dfsg-1+deb10u3 (buster)

Related CVEs :
CVE-2025-32433

A remote code execution vulnerability was discovered in the Erlang/OTP
implementation of the SSH protocol.

CVE-2025-32433
A SSH server may allow an attacker to perform unauthenticated
remote code execution (RCE). By exploiting a flaw in SSH protocol
message handling, a malicious actor could gain unauthorized access
to affected systems and execute arbitrary commands without valid
credentials.


ELA-1405-1 erlang security update



ELA-1404-1 hiredis security update


Package : hiredis
Version : 0.13.3-2+deb9u1 (stretch), 0.14.0-3+deb10u1 (buster)

Related CVEs :
CVE-2020-7105

NULL pointer dereferences due to unchecked return values of allocation functions have been fixed in hiredis, a C client library for the Redis key-value database.


ELA-1404-1 hiredis security update


HAProxy, Erlang, Yelp, Perl, libarchive, mod_auth_openidc updates for Ubuntu

Zed 0.183.10 released

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...