Debian 10260 Published by

The following updates has been released for Debian GNU/Linux 8 LTS:

DLA 1949-1: xen security update
DLA 1950-1: openjpeg2 security update



DLA 1949-1: xen security update

Package : xen
Version : 4.4.4lts5-0+deb8u1
CVE ID : CVE-2018-19961 CVE-2018-19962 CVE-2018-19966
XSA ID : XSA-275 XSA-280 XSA-285 XSA-287 XSA-288

Multiple vulnerabilities have been discovered in the Xen hypervisor, which
could result in denial of service, informations leaks or privilege
escalation.

For Debian 8 "Jessie", these problems have been fixed in version
4.4.4lts5-0+deb8u1.

We recommend that you upgrade your xen packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

DLA 1950-1: openjpeg2 security update

Package : openjpeg2
Version : 2.1.0-2+deb8u8
CVE ID : CVE-2018-21010
Debian Bug : 939553

A heap buffer overflow vulnerability was discovered in openjpeg2, the
open-source JPEG 2000 codec. This vulnerability is caused by insufficient
validation of width and height of image components in color_apply_icc_profile
(src/bin/common/color.c). Remote attackers might leverage this vulnerability
via a crafted JP2 file, leading to denial of service (application crash) or any
other undefined behavior.

For Debian 8 "Jessie", this problem has been fixed in version
2.1.0-2+deb8u8.

We recommend that you upgrade your openjpeg2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS