Debian LTS: DLA-3017-1: openldap security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Jacek Konieczny discovered a SQL injection vulnerability in the back-sql backend to slapd in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, allowing an attacker to alter the database during an LDAP search operations when a specially crafted search filter

Debian LTS: DLA-3016-1: rsyslog security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Several vulnerabilities were discovered in rsyslog, a system and kernel logging daemon. When a log server is configured to accept logs from remote clients through specific modules such as 'imptcp', an attacker can cause a denial of service (DoS) and possibly execute code

Debian LTS: DLA-3018-1: libpgjava security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was found that libpgjava, the official PostgreSQL JDBC Driver, would be vulnerable if an attacker controlled jdbc url or properties. The JDBC driver did not verify if certain classes implemented the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary

Debian LTS: DLA-3014-1: elog security update

data:image/svg+xml,%3Csvg%20xmlns=%22https://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A vulnerability was reported in src:elog, a logbook system to manage notes through a Web interface. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook. Authentication is not