Debian: DSA-4992-1: php7.4 security update
An out-of-bounds read and write flaw was discovered in the PHP-FPM code, which could result in escalation of privileges from local unprivileged user to the root user.
Debian: DSA-4991-1: mailman security update
Several vulnerabilities were discovered in mailman, a web-based mailing list manager, which could result in arbitrary content injection via the options and private archive login pages, and CSRF attacks or privilege escalation via the user options page.
Debian: DSA-4990-1: ffmpeg security update
Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
Debian: DSA-4989-1: strongswan security update
Researchers at the United States of America National Security Agency (NSA) identified two denial of services vulnerability in strongSwan, an IKE/IPsec suite.
Debian: DSA-4988-1: libreoffice security update
Two security issues have been discovered in LibreOffice's support for digital signatures in ODF documents, which could result in incorrect signature indicators/timestamps being presented.
Debian: DSA-4987-1: squashfs-tools security update
Richard Weinberger reported that unsquashfs in squashfs-tools, the tools to create and extract Squashfs filesystems, does not check for duplicate filenames within a directory. An attacker can take advantage of this flaw for writing to arbitrary files to the filesystem if a malformed
Debian: DSA-4984-1: tomcat9 security update
Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in denial of service. For the oldstable distribution (buster), these problems have been fixed
Debian: DSA-4985-1: wordpress security update
Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform Cross-Site Scripting (XSS) attacks or impersonate other users.
Debian: DSA-4984-1: flatpak security update
It was discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could be bypassed for a Flatpak app with direct access to AF_UNIX sockets, by manipulating the VFS using mount-related syscalls that are not blocked by Flatpak's denylist
