Debian 10163 Published by

The following security updates are available for Debian GNU/Linux:

Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1180-1 libpam-tacplus security update

Debian GNU/Linux 11 (Bullseye) LTS:
[SECURITY] [DLA 3888-1] php-twig security update
[SECURITY] [DLA 3889-1] pymongo security update




[SECURITY] [DLA 3888-1] php-twig security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3888-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
September 16, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : php-twig
Version : 2.14.3-1+deb11u3
CVE ID : CVE-2024-45411
Debian Bug : 1081561

A possible sandbox bypass has been fixed in php-twig,
a template engine for PHP

For Debian 11 bullseye, this problem has been fixed in version
2.14.3-1+deb11u3.

We recommend that you upgrade your php-twig packages.

For the detailed security status of php-twig please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php-twig

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



ELA-1180-1 libpam-tacplus security update

Package : libpam-tacplus
Version : 1.3.8-2+deb10u2 (buster)

Related CVEs :
CVE-2016-20014

Missing zeroing of a structure has been fixed in libpam-tacplus, a PAM module for using TACACS+ as an authentication service.

ELA-1180-1 libpam-tacplus security update


[SECURITY] [DLA 3889-1] pymongo security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3889-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Bastien Roucariès
September 16, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : pymongo
Version : 3.11.0-1+deb11u1
CVE ID : CVE-2024-5629

pymongo a python interface to the MongoDB document-oriented database
was vulnerable.

An out-of-bounds read in the 'bson' module allowed deserialization of
malformed BSON provided by a Server to raise an exception which may contain
arbitrary application memory.

For Debian 11 bullseye, this problem has been fixed in version
3.11.0-1+deb11u1.

We recommend that you upgrade your pymongo packages.

For the detailed security status of pymongo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pymongo

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS