Debian LTS: DLA-2835-1: rsyslog security update
Two heap overflows were fixed in the rsyslog logging daemon. CVE-2019-17041
Debian LTS: DLA-2834-1: uriparser security update
Out-of-bounds read for an incomplete URI with an IPv6 address containing an embedded IPv4 address has been fixed in uriparser, a library to parse Uniform Resource Identifiers (URIs).
Debian LTS: DLA-2833-1: rsync security update
In rsync, a remote file-copying tool, remote attackers were able to bypass the argument-sanitization protection mechanism by passing additional --protect-args.
Debian LTS: DLA-2832-1: opensc security update
Several vulnerabilities were fixed in the OpenSC smart card utilities. CVE-2019-15945
Debian LTS: DLA-2831-1: libntlm security update
Stack-based buffer over-reads for crafted NTLM requests were fixed in libntlm, a library that implements Microsoft's NTLM authentication. For Debian 9 stretch, this problem has been fixed in version
Debian LTS: DLA-2830-1: tar security update
An infinite loop when --sparse is used with file shrinkage during read access was fixed in the GNU tar archiving utility. For Debian 9 stretch, this problem has been fixed in version
Debian LTS: DLA-2829-1: libvpx security update
An out-of-bounds buffer read on truncated key frames in vp8_decode_frame has been fixed in libvpx, a popular library for the VP8 and VP9 video codecs. For Debian 9 stretch, this problem has been fixed in version
Debian LTS: DLA-2828-1: libvorbis security update
Several vulnerabilities were fixed in libvorbis, a popular library for the Vorbis audio codec. CVE-2017-14160
Debian LTS: DLA-2827-1: bluez security update
Several vulnerabilities were discovered in BlueZ, the Linux Bluetooth protocol stack. An attacker could cause a denial-of-service (DoS) or leak information.