Debian 10228 Published by

The following security updates has been released for Debian GNU/Linux:

Debian GNU/Linux 8 LTS:
DLA 1886-1: openjdk-7 security update
DLA 1887-1: freetype security update

Debian GNU/Linux 9 and 10:
DSA 4501-1: libreoffice security update



DLA 1886-1: openjdk-7 security update




Package : openjdk-7
Version : 7u231-2.6.19-1~deb8u1
CVE ID : CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2816

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in denial of
service, sandbox bypass, information disclosure or the execution
of arbitrary code.

For Debian 8 "Jessie", these problems have been fixed in version
7u231-2.6.19-1~deb8u1.

We recommend that you upgrade your openjdk-7 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1887-1: freetype security update




Package : freetype
Version : 2.5.2-3+deb8u3
CVE ID : CVE-2015-9290


A buffer over-read in the t1-parser of freetype, a font engine, has been
found and fixed by checking limits more sensible.


For Debian 8 "Jessie", this problem has been fixed in version
2.5.2-3+deb8u3.

We recommend that you upgrade your freetype packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DSA 4501-1: libreoffice security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4501-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 15, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2019-9850 CVE-2019-9851 CVE-2019-9852

It was discovered that the code fixes to address CVE-2018-16858 and
CVE-2019-9848 were not complete.

For the oldstable distribution (stretch), these problems have been fixed
in version 1:5.2.7-1+deb9u10.

For the stable distribution (buster), these problems have been fixed in
version 1:6.1.5-3+deb10u3.

We recommend that you upgrade your libreoffice packages.

For the detailed security status of libreoffice please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libreoffice

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/