The following updates has been released for Debian GNU/Linux 8 LTS:
DLA 1951-1: libtomcrypt security update
DLA 1952-1: rsyslog security update
DLA 1951-1: libtomcrypt security update
DLA 1952-1: rsyslog security update
DLA 1951-1: libtomcrypt security update
Package : libtomcrypt
Version : 1.17-6+deb8u1
CVE ID : CVE-2019-17362
It was discovered that there was a denial of service vulnerability
in the libtomcrypt cryptographic library.
An out-of-bounds read and crash could occur via carefully-crafted
"DER" encoded data (eg. by importing an X.509 certificate).
For Debian 8 "Jessie", this issue has been fixed in libtomcrypt version
1.17-6+deb8u1.
We recommend that you upgrade your libtomcrypt packages.
DLA 1952-1: rsyslog security update
Package : rsyslog
Version : 8.4.2-1+deb8u3
CVE IDs : CVE-2019-17041 CVE-2019-17042
Debian Bugs : #942065 #942067
It was discovered that there were two vulnerabilities in the rsyslog
system/kernel logging daemon in the parsers for AIX and Cisco log
messages respectfully.
For Debian 8 "Jessie", these issue have been fixed in rsyslog version
8.4.2-1+deb8u3.
We recommend that you upgrade your rsyslog packages.
