Debian 10260 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 7 Extended LTS:
ELA-143-1 libonig security update

Debian GNU/Linux 9 and 10:
DSA 4483-1: libreoffice security update



ELA-143-1 libonig security update

Package: libonig
Version: 5.9.1-1+deb7u2
Related CVE: CVE-2019-13224
A use-after-free in onig_new_deluxe() in regext.c allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe().

For Debian 7 Wheezy, these problems have been fixed in version 5.9.1-1+deb7u2.

We recommend that you upgrade your libonig packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

DSA 4483-1: libreoffice security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-4483-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 16, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2019-9848 CVE-2019-9849

Two security issues have been discovered in LibreOffice:

CVE-2019-9848

Nils Emmerich discovered that malicious documents could execute
arbitrary Python code via LibreLogo.

CVE-2019-9849

Matei Badanoiu discovered that the stealth mode did not apply to
bullet graphics.

For the oldstable distribution (stretch), these problems have been fixed
in version 1:5.2.7-1+deb9u9.

For the stable distribution (buster), these problems have been fixed in
version 1:6.1.5-3+deb10u2.

We recommend that you upgrade your libreoffice packages.

For the detailed security status of libreoffice please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libreoffice

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/