Debian 10230 Published by

The following security updates has been released for Debian GNU/Linux 8 LTS:

DLA 1470-1: confuse security update
DLA-1469-1: libxcursor security update



DLA 1470-1: confuse security update

Package : confuse
Version : 2.7-5+deb8u1
CVE ID : CVE-2018-14447
Debian Bug : 904159

An out of bound read was discoverd in libConfuse, a configuration file parser
library.

CVE-2018-14447

An out of bound read in trim_whitespace, fixed thanks to
Sebastian Roland .

For Debian 8 "Jessie", this problem has been fixed in version
2.7-5+deb8u1.

We recommend that you upgrade your confuse packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA-1469-1: libxcursor security update




Package : libxcursor
Version : 1:1.1.14-1+deb8u2
CVE ID : CVE-2015-9262
Debian Bug : #906012

It was discovered that there was a denial of service or (potentially code
execution) vulnerability in libxcursor, a library designed to help locate
and load cursors for the X Window System.

For Debian 8 "Jessie", this issue has been fixed in libxcursor version
1:1.1.14-1+deb8u2.

We recommend that you upgrade your libxcursor packages.