Debian 9859 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 8 LTS:
DLA 1628-2: jasper regression update
DLA 1755-1: graphicsmagick security update

Debian GNU/Linux 9:
DSA 4431-1: libssh2 security update



DLA 1628-2: jasper regression update




Package : jasper
Version : 1.900.1-debian1-2.4+deb8u6

The update of jasper issued as DLA-1628-1 caused a regression due to
the fix for CVE-2018-19542, a NULL pointer dereference in the function
jp2_decode, which could lead to a denial-of-service. In some cases not
only invalid jp2 files but also valid jp2 files were rejected.

For Debian 8 "Jessie", this problem has been fixed in version
1.900.1-debian1-2.4+deb8u6.

We recommend that you upgrade your jasper packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1755-1: graphicsmagick security update




Package : graphicsmagick
Version : 1.3.20-3+deb8u6
CVE ID : CVE-2017-10799 CVE-2019-11006 CVE-2019-11007
CVE-2019-11008 CVE-2019-11009 CVE-2019-11010
Debian Bug : 927029

Several security vulnerabilities were discovered in Graphicsmagick, a
collection of image processing tools. Heap-based buffer over-reads and
a memory leak may lead to a denial-of-service or information disclosure.

For Debian 8 "Jessie", these problems have been fixed in version
1.3.20-3+deb8u6.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DSA 4431-1: libssh2 security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4431-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 13, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libssh2
CVE ID : CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858
CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862
CVE-2019-3863
Debian Bug : 924965

Chris Coulson discovered several vulnerabilities in libssh2, a SSH2
client-side library, which could result in denial of service,
information leaks or the execution of arbitrary code.

For the stable distribution (stretch), these problems have been fixed in
version 1.7.0-1+deb9u1.

We recommend that you upgrade your libssh2 packages.

For the detailed security status of libssh2 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/libssh2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/