PHP-Twig, Libpam-Tacplus, Pymongo updates for Debian

Debian 10138 Published by

The following security updates are available for Debian GNU/Linux:

Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1180-1 libpam-tacplus security update

Debian GNU/Linux 11 (Bullseye) LTS:
[SECURITY] [DLA 3888-1] php-twig security update
[SECURITY] [DLA 3889-1] pymongo security update




[SECURITY] [DLA 3888-1] php-twig security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3888-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
September 16, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : php-twig
Version : 2.14.3-1+deb11u3
CVE ID : CVE-2024-45411
Debian Bug : 1081561

A possible sandbox bypass has been fixed in php-twig,
a template engine for PHP

For Debian 11 bullseye, this problem has been fixed in version
2.14.3-1+deb11u3.

We recommend that you upgrade your php-twig packages.

For the detailed security status of php-twig please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php-twig

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



ELA-1180-1 libpam-tacplus security update

Package : libpam-tacplus
Version : 1.3.8-2+deb10u2 (buster)

Related CVEs :
CVE-2016-20014

Missing zeroing of a structure has been fixed in libpam-tacplus, a PAM module for using TACACS+ as an authentication service.

ELA-1180-1 libpam-tacplus security update


[SECURITY] [DLA 3889-1] pymongo security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3889-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Bastien Roucariès
September 16, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : pymongo
Version : 3.11.0-1+deb11u1
CVE ID : CVE-2024-5629

pymongo a python interface to the MongoDB document-oriented database
was vulnerable.

An out-of-bounds read in the 'bson' module allowed deserialization of
malformed BSON provided by a Server to raise an exception which may contain
arbitrary application memory.

For Debian 11 bullseye, this problem has been fixed in version
3.11.0-1+deb11u1.

We recommend that you upgrade your pymongo packages.

For the detailed security status of pymongo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pymongo

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


OpenSSH, Dovecot, ClamAV, Python, Nginx, Curl updates for Ubuntu

macOS Sequoia released

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...