Debian Security Advisories DSA-6225-1 to DSA-6228-1
Posted: Wed Apr 22, 2026 5:27 pm
Multiple Debian Security Advisories have been released, affecting critical components across desktop, server, and networking environments. These updates address vulnerabilities in **Firefox ESR**, **PackageKit**, **strongSwan**, and **cpp-httplib**.
Immediate updates are strongly recommended.
---
DSA-6225-1 – firefox-esr
A large number of vulnerabilities (CVE-2026-6746 → CVE-2026-6786) were identified.
###
Impact
* Remote code execution
* Spoofing
* Information disclosure
* Privilege escalation
###
Fixed Versions
* Debian 12 (bookworm): `140.10.0esr-1~deb12u1`
* Debian 13 (trixie): `140.10.0esr-1~deb13u1`
---
DSA-6226-1 – packagekit
A **TOCTOU race condition** was discovered in PackageKit.
### Impact
* Local privilege escalation
### Fixed Versions
* Debian 12: `1.2.6-5+deb12u1`
* Debian 13: `1.3.1-1+deb13u1`
---
DSA-6227-1 – strongSwan
Multiple vulnerabilities were fixed in **strongSwan**, an IKE/IPsec VPN suite.
### Impact
* Infinite loops (DoS conditions)
* Application crashes
* Heap-based buffer overflows
* Potential remote code execution
###
Notable issues include:
* TLS parsing flaws (libtls)
* PKCS#7 processing issues (libstrongswan)
* EAP-SIM/AKA handling vulnerabilities (libsimaka)
These issues are especially critical for systems relying on VPN infrastructure.
---
DSA-6228-1 – cpp-httplib
Security issues were found in **cpp-httplib**, a lightweight HTTP/HTTPS library.
### Impact
* Denial of service (DoS)
### Fixed Version
* Debian 13 (trixie): `0.18.7-1+deb13u1`
---
Overall Risk Assessment
These advisories affect:
* Browsers (user-facing attack surface)
* System services (privilege escalation risk)
* VPN infrastructure (network security layer)
* Application libraries (backend services)
This combination makes the update **high priority across all environments**.
---
Update Instructions
Apply all updates immediately:
```bash
sudo apt update
sudo apt upgrade
```
Or target specific packages:
```bash
sudo apt install --only-upgrade firefox-esr packagekit strongswan cpp-httplib
```
Recommendations
* Patch systems without delay
* Restart affected services (especially VPN and browser sessions)
* Review exposed services (VPN endpoints, web services)
* Monitor logs for unusual activity
---
**Stay updated. Stay secure.**
— Admin
TUX Network
Immediate updates are strongly recommended.
---
DSA-6225-1 – firefox-esrA large number of vulnerabilities (CVE-2026-6746 → CVE-2026-6786) were identified.
###
Impact* Remote code execution
* Spoofing
* Information disclosure
* Privilege escalation
###
Fixed Versions* Debian 12 (bookworm): `140.10.0esr-1~deb12u1`
* Debian 13 (trixie): `140.10.0esr-1~deb13u1`
---
DSA-6226-1 – packagekitA **TOCTOU race condition** was discovered in PackageKit.
###
Impact* Local privilege escalation
###
Fixed Versions* Debian 12: `1.2.6-5+deb12u1`
* Debian 13: `1.3.1-1+deb13u1`
---
DSA-6227-1 – strongSwanMultiple vulnerabilities were fixed in **strongSwan**, an IKE/IPsec VPN suite.
###
Impact* Infinite loops (DoS conditions)
* Application crashes
* Heap-based buffer overflows
* Potential remote code execution
###
Notable issues include:* TLS parsing flaws (libtls)
* PKCS#7 processing issues (libstrongswan)
* EAP-SIM/AKA handling vulnerabilities (libsimaka)
These issues are especially critical for systems relying on VPN infrastructure.
---
DSA-6228-1 – cpp-httplibSecurity issues were found in **cpp-httplib**, a lightweight HTTP/HTTPS library.
###
Impact* Denial of service (DoS)
###
Fixed Version* Debian 13 (trixie): `0.18.7-1+deb13u1`
---
Overall Risk AssessmentThese advisories affect:
* Browsers (user-facing attack surface)
* System services (privilege escalation risk)
* VPN infrastructure (network security layer)
* Application libraries (backend services)
This combination makes the update **high priority across all environments**.
---
Update InstructionsApply all updates immediately:
```bash
sudo apt update
sudo apt upgrade
```
Or target specific packages:
```bash
sudo apt install --only-upgrade firefox-esr packagekit strongswan cpp-httplib
```
Recommendations* Patch systems without delay
* Restart affected services (especially VPN and browser sessions)
* Review exposed services (VPN endpoints, web services)
* Monitor logs for unusual activity
---
**Stay updated. Stay secure.**
— Admin
TUX Network