Openrazer and Libbpf updates for Debian 11 LTS

Debian 10420 Published 6 days ago by Philipp Esselbach

News

Debian GNU/Linux 11 (Bullseye) LTS has been updated with two security updates for Openrazer and Libbpf:

[DLA 4136-1] openrazer security update
[DLA 4137-1] libbpf security update

[SECURITY] [DLA 4136-1] openrazer security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4136-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
April 24, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : openrazer
Version : 2.9.0+dfsg-1+deb11u1
CVE ID : CVE-2022-23467 CVE-2022-29021 CVE-2022-29022 CVE-2022-29023
CVE-2025-32776

Multiple vulnerabilities have been fixed in the OpenRazer drivers for
devices from Razer, a company selling hardware mainly targeted at gamers.

CVE-2022-23467

out-of-bounds read

CVE-2022-29021

buffer overflow in the razerkbd driver

CVE-2022-29022

buffer overflow in the razeraccessory driver

CVE-2022-29023

buffer overflow in the razermouse driver

CVE-2025-32776

out-of-bounds read

For Debian 11 bullseye, these problems have been fixed in version
2.9.0+dfsg-1+deb11u1.

We recommend that you upgrade your openrazer packages.

For the detailed security status of openrazer please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openrazer

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[SECURITY] [DLA 4137-1] libbpf security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4137-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
April 24, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : libbpf
Version : 0.3-2+deb11u1
CVE ID : CVE-2022-3534 CVE-2022-3606
Debian Bug : 1023717

Two vulnerabilities have been fixed in libbpf, a library for interacting
with eBPF in the Linux kernel.

CVE-2022-3534

use-after-free in btf_dump_name_dups()

CVE-2022-3606

null-pointer dereference in find_prog_by_sec_insn()

For Debian 11 bullseye, these problems have been fixed in version
0.3-2+deb11u1.

We recommend that you upgrade your libbpf packages.

For the detailed security status of libbpf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libbpf

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Linux kernel, OpenSSH, Twig updates for Ubuntu

Pop!_OS 24.04 LTS Alpha 7 released

Openrazer and Libbpf updates for Debian 11 LTS

[SECURITY] [DLA 4136-1] openrazer security update

[SECURITY] [DLA 4137-1] libbpf security update

Windows

Linux

macOS

Community