Debian LTS: DLA-2733-1: tomcat8 security update
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2021-30640
Debian LTS: DLA-2732-1: openexr security update
Several vulnerabilities were discovered in OpenEXR, a library and tools for the OpenEXR high dynamic-range (HDR) image format. An attacker could cause a denial of service (DoS) through application crash, and possibly execute code.
Debian LTS: DLA-2731-1: wordpress security update
One security issue affects WordPress, a weblog manager, versions between 3.7 and 5.7. This update fixes the following security issues: Object injection in PHPMailer (CVE-2020-36326 and CVE-2018-19296).
Debian LTS: DLA-2730-1: libpam-tacplus security update
It was discovered that there was an issue in libpam-tacplus (a security module for using the TACACS+ authentication service) where shared secrets such as private server keys were being added in the clear to various logs.
Debian LTS: DLA-2725-1: lrzip security update
Several security vulnerabilities have been discovered in lrzip, a compression program. Heap-based and stack buffer overflows, use-after-free and infinite loops would allow attackers to cause a denial of service or possibly other unspecified impact via a crafted file.
Debian LTS: DLA-2724-1: condor security update
HTCondor, a distributed workload management system, has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to
Debian LTS: DLA-2723-1: linuxptp security update
Miroslav Lichvar reported that the ptp4l program in linuxptp, an implementation of the Precision Time Protocol (PTP), does not validate the messageLength field of incoming messages, allowing a remote attacker to
Debian LTS: DLA-2722-1: libsndfile security update
An issue has been found in libsndfile, a library for reading/writing audio files. A crafted WAV file can trigger a heap buffer overflow and might allow exectution of arbitrary code.
Debian LTS: DLA-2721-1: drupal7 security update
The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. The vulnerability is mitigated by the fact that Drupal core's use of
