Debian 10232 Published by

The following security updates has been released for Debian GNU/Linux:

Debian GNU/Linux 7 Extended LTS:
ELA-154-1 openjdk-7 security update

Debian GNU/Linux 8 LTS:
DLA 1888-1: imagemagick security update

Debian GNU/Linux 10:
DSA 4502-1: ffmpeg security update



ELA-154-1: openjdk-7 security update

Package openjdk-7
Version 7u231-2.6.19-1~deb7u1
Related CVE CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2816
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, information disclosure or the execution of arbitrary code.

For Debian 7 Wheezy, these problems have been fixed in version 7u231-2.6.19-1~deb7u1.

We recommend that you upgrade your openjdk-7 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

DLA 1888-1: imagemagick security update

Package : imagemagick
Version : 8:6.8.9.9-5+deb8u17
CVE ID : CVE-2019-12974 CVE-2019-13135 CVE-2019-13295 CVE-2019-13297
CVE-2019-13304 CVE-2019-13305 CVE-2019-13306

Multiple vulnerabilities have been found in imagemagick, an image processing
toolkit.

CVE-2019-12974

NULL pointer dereference in ReadPANGOImage and ReadVIDImage (coders/pango.c
and coders/vid.c). This vulnerability might be leveraged by remote attackers
to cause denial of service via crafted image data.

CVE-2019-13135

Multiple use of uninitialized values in ReadCUTImage, UnpackWPG2Raster and
UnpackWPGRaster (coders/wpg.c and coders/cut.c). These vulnerabilities might
be leveraged by remote attackers to cause denial of service or unauthorized
disclosure or modification of information via crafted image data.

CVE-2019-13295, CVE-2019-13297

Multiple heap buffer over-reads in AdaptiveThresholdImage
(magick/threshold.c). These vulnerabilities might be leveraged by remote
attackers to cause denial of service or unauthorized disclosure or
modification of information via crafted image data.

CVE-2019-13304, CVE-2019-13305, CVE-2019-13306

Multiple stack buffer overflows in WritePNMImage (coders/pnm.c), leading to
stack buffer over write up to ten bytes. Remote attackers might leverage
these flaws to potentially perform code execution or denial of service.

For Debian 8 "Jessie", these problems have been fixed in version
8:6.8.9.9-5+deb8u17.

We recommend that you upgrade your imagemagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

DSA 4502-1: ffmpeg security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4502-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 16, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ffmpeg
CVE ID : CVE-2019-12730

Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.

For the stable distribution (buster), this problem has been fixed in
version 7:4.1.4-1~deb10u1.

We recommend that you upgrade your ffmpeg packages.

For the detailed security status of ffmpeg please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ffmpeg

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/