Debian LTS: DLA-2992-1: openvpn security update
Several issues were discovered in OpenVPN, a Virtual Private Network server and client, that could lead to authentication bypass when using deferred auth plugins.
Debian LTS: DLA-2991-1: twisted security update
The Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling.
Debian LTS: DLA-2990-1: jackson-databind security update
It was discovered that the implementation of UntypedObjectDeserializer in jackson-databind, a fast and powerful JSON library for Java, was prone to a denial of service attack when deeply nested object and array values were processed.
Debian LTS: DLA-2989-1: ghostscript security update
A security vulnerability was found in Ghostscript, the GPL PostScript/PDF interpreter. It was discovered that some privileged Postscript operators remained accessible from various places. For instance a specially crafted PostScript file could use this flaw in order to have access to the file
Debian LTS: DLA-2988-1: tinyxml security update
An issue has been found in tinyxml, a C++ XML parsing library. Crafted XML messages could lead to an infinite loop in
Debian LTS: DLA-2987-1: libarchive security update
Three issues have been found in libarchive, a multi-format archive and compression library.
Debian LTS: DLA-2986-1: golang-1.8 security update
Several vulnerabilities were discovered in the Go programming language. An attacker could trigger a denial-of-service (DoS) or invalid cryptographic computation.
Debian LTS: DLA-2985-1: golang-1.7 security update
Several vulnerabilities were discovered in the Go programming language. An attacker could trigger a denial-of-service (DoS) or invalid cryptographic computation.
Debian LTS: DLA-2984-1: condor security update
Jaime Frey discovered a flaw in HTCondor, a distributed workload management system. An attacker need only have READ-level authorization to a vulnerable daemon using the CLAIMTOBE authentication method. This means they are able to run tools like condor_q or condor_status. Many pools do not restrict who can
