It was discovered that there was an issue in libpam-tacplus (a security module for using the TACACS+ authentication service) where shared secrets such as private server keys were being added in the clear to various logs.
Several security vulnerabilities have been discovered in lrzip, a compression program. Heap-based and stack buffer overflows, use-after-free and infinite loops would allow attackers to cause a denial of service or possibly other unspecified impact via a crafted file.
HTCondor, a distributed workload management system, has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to
Miroslav Lichvar reported that the ptp4l program in linuxptp, an implementation of the Precision Time Protocol (PTP), does not validate the messageLength field of incoming messages, allowing a remote attacker to
This update ships updated CPU microcode for some types of Intel CPUs and provides mitigations for security vulnerabilities which could result in privilege escalation in combination with VT-d and various side channel attacks.
It was discovered that the previous upload of the package rabbitmq-server versioned 3.6.6-1+deb9u1 introduced a regression in function fmt_strip_tags. Big thanks to Christoph Haas for the reporting an issue and for testing the update.