Debian 10386 Published by

Debian GNU/Linux has been updated with security updates, including Node.js for Debian 10 ELTS and proftpd-dfsg for Debian 12:

ELA-1338-1 nodejs security update
[DLA 4077-1] proftpd-dfsg security update




ELA-1338-1 nodejs security update


Package : nodejs
Version : 10.24.0~dfsg-1~deb10u5 (buster)

Related CVEs :
CVE-2025-23085

Node.js a popular implementation JavaScript runtime was
affected by vulnerability.
A memory leak could occur when a remote peer (client) abruptly closes a HTTP/2
socket without sending a GOAWAY notification.
Additionally, if an invalid header was detected by nghttp2, causing the connection
to be terminated by the peer, the same leak was triggered.
This flaw could lead to increased memory consumption and potential denial of service
under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js


ELA-1338-1 nodejs security update



[SECURITY] [DLA 4077-1] proftpd-dfsg security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4077-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Bastien Roucari??s
March 02, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : proftpd-dfsg
Version : 1.3.7a+dfsg-12+deb11u5
CVE ID : CVE-2024-57392
Debian Bug : 1090813

proftpd a popular FTP server was affected by a vulnerability.

CVE-2024-57392:

Buffer Overflow vulnerability in Proftpd allowed a remote
attacker to execute arbitrary code and can cause a
Denial of Service (DoS) on the FTP service by sending a
maliciously crafted message to the ProFTPD service port.

Moreover this release include some bug fixes:
- - upstream issue #1171
"Downloading a file contains the contents of another file."
- - Fix the computation of he RADIUS Message-Authenticator
signature to conform more properly to RFC 2869. Fix
Blastradius breakage.

For Debian 11 bullseye, this problem has been fixed in version
1.3.7a+dfsg-12+deb11u5.

We recommend that you upgrade your proftpd-dfsg packages.

For the detailed security status of proftpd-dfsg please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/proftpd-dfsg

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS