Two critical vulnerabilities in Luanti (CVE-2026-40959, CVSS 9.3, and CVE-2026-40960, CVSS 8.1) could lead to incomplete mod restrictions or sandbox escape. For Debian stable (trixie), these issues are fixed in version 5.10.0+dfsg-5+deb13u1.
[SECURITY] [DSA 6217-1] luanti security update To : debian-security-announce@lists.debian.org Subject : [SECURITY] [DSA 6217-1] luanti security update From : Moritz Muehlenhoff < jmm@debian.org > Date : Fri, 17 Apr 2026 21:19:23 +0000 Message-id : < [🔎] aeKj23UIW5ueIcTj@seger.debian.org > Reply-to : debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6217-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 17, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : luanti CVE ID : CVE-2026-40959 CVE-2026-40960 Two security issues were discovered in Luanti, a multiplayer infinite-world block sandbox game, which could result in incomplete restrictions for installed mods or sandbox escape. For the stable distribution (trixie), these problems have been fixed in version 5.10.0+dfsg-5+deb13u1. We recommend that you upgrade your luanti packages. For the detailed security status of luanti please refer to its security tracker page at: https://security-tracker.debian.org/tracker/luanti Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmniol0ACgkQEMKTtsN8 TjZ+9RAAlyIQIa+mz1TE9G8nPL/ZniRlYcK6mcIHKp4TfKCq+QrhUA6/6IDmJio4 xIInN6Y0ygbfAOYEVxDXJIL9wr9YKpRebrw31Jm4CnWn0wzY/ZyPIm6TdKawMV4N dJl+lmHx8TDBpHh0hezB693J7U5Q16PxjF0HNT16wub7aTC4mkbiHd9UrMRYsnqA yiZV4OJzuUUbE+L96CIYwdi8cP4nvvQEclOWq6Ihc1tcprgtHIdzZjFe+0rHfy4A 2KW6GDmabU96Z/ZsmHnRvzd8c4b4b3YzanWpNTBzelR3444D4LvgvZFnzahfRsQd HxAurOBdEISEjcagmAmC23zxnKkElBcFrBl9HbG29Ti7S3361vW4liDTp/XF7EYK lNMzio0RZDCmr5T5gDKo/jZvEeMmDaVpuRoRJC/lgYlHa67my7rl6CNypX4QG6Gr n71z9IfJzlbd4HAzLBzgWvynG36YXd0VWoAy3VvQDIlq2eDPHAj7Eh0zTv94vN7L G4bmoaXAaIAyD/Oc1muaKAaS42ji9OAfMdAZ8SMarCsRztbQ6WKV58k9p5+b0bVQ OxwpRaH06FOxXeT+TLdHzWZKS1OARruG3w2DFwCt7EpOgS6AKqYMbchSSLcwqbdm XF7pUOGe4JrDBwzTkffk2Y/PsMM+ANB2LhNbd36iLC8yfI8+SJ4= =+HhT -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6216-1] opam security update Previous by thread: [SECURITY] [DSA 6216-1] opam security update Index(es): Date Thread