Debian 10261 Published by

The following updates has been released for Debian GNU/Linux 8 LTS:

DLA 1951-1: libtomcrypt security update
DLA 1952-1: rsyslog security update



DLA 1951-1: libtomcrypt security update

Package : libtomcrypt
Version : 1.17-6+deb8u1
CVE ID : CVE-2019-17362

It was discovered that there was a denial of service vulnerability
in the libtomcrypt cryptographic library.

An out-of-bounds read and crash could occur via carefully-crafted
"DER" encoded data (eg. by importing an X.509 certificate).

For Debian 8 "Jessie", this issue has been fixed in libtomcrypt version
1.17-6+deb8u1.

We recommend that you upgrade your libtomcrypt packages.

DLA 1952-1: rsyslog security update

Package : rsyslog
Version : 8.4.2-1+deb8u3
CVE IDs : CVE-2019-17041 CVE-2019-17042
Debian Bugs : #942065 #942067

It was discovered that there were two vulnerabilities in the rsyslog
system/kernel logging daemon in the parsers for AIX and Cisco log
messages respectfully.

For Debian 8 "Jessie", these issue have been fixed in rsyslog version
8.4.2-1+deb8u3.

We recommend that you upgrade your rsyslog packages.