The following security updates has been released for Debian GNU/Linux:
Debian GNU/Linux 7 Extended LTS:
ELA-154-1 openjdk-7 security update
Debian GNU/Linux 8 LTS:
DLA 1888-1: imagemagick security update
Debian GNU/Linux 10:
DSA 4502-1: ffmpeg security update
Debian GNU/Linux 7 Extended LTS:
ELA-154-1 openjdk-7 security update
Debian GNU/Linux 8 LTS:
DLA 1888-1: imagemagick security update
Debian GNU/Linux 10:
DSA 4502-1: ffmpeg security update
ELA-154-1: openjdk-7 security update
Package openjdk-7
Version 7u231-2.6.19-1~deb7u1
Related CVE CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2816
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, information disclosure or the execution of arbitrary code.
For Debian 7 Wheezy, these problems have been fixed in version 7u231-2.6.19-1~deb7u1.
We recommend that you upgrade your openjdk-7 packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
DLA 1888-1: imagemagick security update
Package : imagemagick
Version : 8:6.8.9.9-5+deb8u17
CVE ID : CVE-2019-12974 CVE-2019-13135 CVE-2019-13295 CVE-2019-13297
CVE-2019-13304 CVE-2019-13305 CVE-2019-13306
Multiple vulnerabilities have been found in imagemagick, an image processing
toolkit.
CVE-2019-12974
NULL pointer dereference in ReadPANGOImage and ReadVIDImage (coders/pango.c
and coders/vid.c). This vulnerability might be leveraged by remote attackers
to cause denial of service via crafted image data.
CVE-2019-13135
Multiple use of uninitialized values in ReadCUTImage, UnpackWPG2Raster and
UnpackWPGRaster (coders/wpg.c and coders/cut.c). These vulnerabilities might
be leveraged by remote attackers to cause denial of service or unauthorized
disclosure or modification of information via crafted image data.
CVE-2019-13295, CVE-2019-13297
Multiple heap buffer over-reads in AdaptiveThresholdImage
(magick/threshold.c). These vulnerabilities might be leveraged by remote
attackers to cause denial of service or unauthorized disclosure or
modification of information via crafted image data.
CVE-2019-13304, CVE-2019-13305, CVE-2019-13306
Multiple stack buffer overflows in WritePNMImage (coders/pnm.c), leading to
stack buffer over write up to ten bytes. Remote attackers might leverage
these flaws to potentially perform code execution or denial of service.
For Debian 8 "Jessie", these problems have been fixed in version
8:6.8.9.9-5+deb8u17.
We recommend that you upgrade your imagemagick packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DSA 4502-1: ffmpeg security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4502-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 16, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : ffmpeg
CVE ID : CVE-2019-12730
Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.
For the stable distribution (buster), this problem has been fixed in
version 7:4.1.4-1~deb10u1.
We recommend that you upgrade your ffmpeg packages.
For the detailed security status of ffmpeg please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ffmpeg
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
