Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1180-1 libpam-tacplus security update
Debian GNU/Linux 11 (Bullseye) LTS:
[SECURITY] [DLA 3888-1] php-twig security update
[SECURITY] [DLA 3889-1] pymongo security update
[SECURITY] [DLA 3888-1] php-twig security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3888-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
September 16, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : php-twig
Version : 2.14.3-1+deb11u3
CVE ID : CVE-2024-45411
Debian Bug : 1081561
A possible sandbox bypass has been fixed in php-twig,
a template engine for PHP
For Debian 11 bullseye, this problem has been fixed in version
2.14.3-1+deb11u3.
We recommend that you upgrade your php-twig packages.
For the detailed security status of php-twig please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php-twig
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
ELA-1180-1 libpam-tacplus security update
Package : libpam-tacplus
Version : 1.3.8-2+deb10u2 (buster)
Related CVEs :
CVE-2016-20014
Missing zeroing of a structure has been fixed in libpam-tacplus, a PAM module for using TACACS+ as an authentication service.
[SECURITY] [DLA 3889-1] pymongo security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3889-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Bastien Roucariès
September 16, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : pymongo
Version : 3.11.0-1+deb11u1
CVE ID : CVE-2024-5629
pymongo a python interface to the MongoDB document-oriented database
was vulnerable.
An out-of-bounds read in the 'bson' module allowed deserialization of
malformed BSON provided by a Server to raise an exception which may contain
arbitrary application memory.
For Debian 11 bullseye, this problem has been fixed in version
3.11.0-1+deb11u1.
We recommend that you upgrade your pymongo packages.
For the detailed security status of pymongo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pymongo
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS