Debian LTS: DLA-2913-1: xterm security update
xterm, an X terminal emulator, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.
Debian LTS: DLA-2914-1: zabbix security update
Thomas Chauchefoin from SonarSource discovered that in Zabbix, a server/client network monitoring system, after the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. An
Debian LTS: DLA-2912-1: libphp-adodb security update
It was found that in libphp-adodb, a PHP database abstraction layer library, an attacker can inject values into the PostgreSQL connection string by bypassing adodb_addslashes(). The function can be bypassed in phppgadmin, for example, by surrounding the username in quotes and
Debian LTS: DLA-2911-1: apng2gif security update
Several vulnerabilities have been discovered in apng2gif, a tool for converting APNG images to animated GIF format. Improper sanitization of user input can result in denial of service (application crash) or possible execution of arbitrary code if a malformed image file is processed.
Debian LTS: DLA-2909-1: strongswan security update
Zhuowei Zhang discovered a bug in the EAP authentication client code of strongSwan, an IKE/IPsec suite, that may allow to bypass the client and in some scenarios even the server authentication, or could lead to a denial-of-service attack.
Debian LTS: DLA-2908-1: librecad security update
Several security vulnerabilities have been discovered in librecad, a computer-aided design (CAD) system. Buffer overflows may lead to remote code execution if a specially crafted JWW document is processed.
Debian LTS: DLA-2907-1: apache2 security update
Two vulnerabilities have been discovered in the Apache HTTP server: CVE-2021-44224
Debian LTS: DLA-2906-1: python-django security update
It was discovered that there were two vulnerabilities in Django, a popular Python-based web development framework: - CVE-2022-22818: Possible XSS via {% debug %} template tag.
Debian LTS: DLA-2905-1: apache-log4j1.2 security update
Multiple security vulnerabilities have been discovered in Apache Log4j 1.2, a Java logging framework, when it is configured to use JMSSink, JDBCAppender, JMSAppender or Apache Chainsaw which could be exploited for remote code execution.
