The following updates has been released for Debian GNU/Linux:
Debian GNU/Linux 7 Extended LTS:
ELA-143-1 libonig security update
Debian GNU/Linux 9 and 10:
DSA 4483-1: libreoffice security update
Debian GNU/Linux 7 Extended LTS:
ELA-143-1 libonig security update
Debian GNU/Linux 9 and 10:
DSA 4483-1: libreoffice security update
ELA-143-1 libonig security update
Package: libonig
Version: 5.9.1-1+deb7u2
Related CVE: CVE-2019-13224
A use-after-free in onig_new_deluxe() in regext.c allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe().
For Debian 7 Wheezy, these problems have been fixed in version 5.9.1-1+deb7u2.
We recommend that you upgrade your libonig packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
DSA 4483-1: libreoffice security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4483-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 16, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libreoffice
CVE ID : CVE-2019-9848 CVE-2019-9849
Two security issues have been discovered in LibreOffice:
CVE-2019-9848
Nils Emmerich discovered that malicious documents could execute
arbitrary Python code via LibreLogo.
CVE-2019-9849
Matei Badanoiu discovered that the stealth mode did not apply to
bullet graphics.
For the oldstable distribution (stretch), these problems have been fixed
in version 1:5.2.7-1+deb9u9.
For the stable distribution (buster), these problems have been fixed in
version 1:6.1.5-3+deb10u2.
We recommend that you upgrade your libreoffice packages.
For the detailed security status of libreoffice please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libreoffice
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/