The following updates has been released for Debian GNU/Linux:
Debian GNU/Linux 8 LTS:
DLA 1850-1: redis security update
DLA 1851-1: openjpeg2 security update
Debian GNU/Linux 9 and 10:
DSA 4478-1: dosbox security update
Debian GNU/Linux 8 LTS:
DLA 1850-1: redis security update
DLA 1851-1: openjpeg2 security update
Debian GNU/Linux 9 and 10:
DSA 4478-1: dosbox security update
DLA 1850-1: redis security update
Package : redis
Version : 2:2.8.17-1+deb8u7
CVE ID : CVE-2019-10192
Debian Bug : #931625
It was discovered that there were two heap buffer overflows in the
Hyperloglog functionality provided by the Redis in-memory key-value
database.
For Debian 8 "Jessie", these issues have been fixed in redis version
2:2.8.17-1+deb8u7.
We recommend that you upgrade your redis packages.
DLA 1851-1: openjpeg2 security update
Package : openjpeg2
Version : 2.1.0-2+deb8u7
CVE ID : CVE-2016-9112 CVE-2018-20847
Debian Bug : 931294 844551
Two security vulnerabilities were discovered in openjpeg2, a JPEG 2000
image library.
CVE-2016-9112
A floating point exception or divide by zero in the function
opj_pi_next_cprl may lead to a denial-of-service.
CVE-2018-20847
An improper computation of values in the function
opj_get_encoding_parameters can lead to an integer overflow.
This issue was partly fixed by the patch for CVE-2015-1239.
For Debian 8 "Jessie", these problems have been fixed in version
2.1.0-2+deb8u7.
We recommend that you upgrade your openjpeg2 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
DSA 4478-1: dosbox security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4478-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 10, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : dosbox
CVE ID : CVE-2019-7165 CVE-2019-12594
Two vulnerabilities were discovered in the DOSBox emulator, which could
result in the execution of arbitrary code on the host running DOSBox
when running a malicious executable in the emulator.
For the oldstable distribution (stretch), these problems have been fixed
in version 0.74-4.2+deb9u2.
For the stable distribution (buster), these problems have been fixed in
version 0.74-2-3+deb10u1.
We recommend that you upgrade your dosbox packages.
For the detailed security status of dosbox please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dosbox
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/