Debian 9858 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 8 LTS:
DLA 1850-1: redis security update
DLA 1851-1: openjpeg2 security update

Debian GNU/Linux 9 and 10:
DSA 4478-1: dosbox security update



DLA 1850-1: redis security update




Package : redis
Version : 2:2.8.17-1+deb8u7
CVE ID : CVE-2019-10192
Debian Bug : #931625

It was discovered that there were two heap buffer overflows in the
Hyperloglog functionality provided by the Redis in-memory key-value
database.

For Debian 8 "Jessie", these issues have been fixed in redis version
2:2.8.17-1+deb8u7.

We recommend that you upgrade your redis packages.




DLA 1851-1: openjpeg2 security update




Package : openjpeg2
Version : 2.1.0-2+deb8u7
CVE ID : CVE-2016-9112 CVE-2018-20847
Debian Bug : 931294 844551

Two security vulnerabilities were discovered in openjpeg2, a JPEG 2000
image library.

CVE-2016-9112

A floating point exception or divide by zero in the function
opj_pi_next_cprl may lead to a denial-of-service.

CVE-2018-20847

An improper computation of values in the function
opj_get_encoding_parameters can lead to an integer overflow.
This issue was partly fixed by the patch for CVE-2015-1239.

For Debian 8 "Jessie", these problems have been fixed in version
2.1.0-2+deb8u7.

We recommend that you upgrade your openjpeg2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DSA 4478-1: dosbox security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4478-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 10, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : dosbox
CVE ID : CVE-2019-7165 CVE-2019-12594

Two vulnerabilities were discovered in the DOSBox emulator, which could
result in the execution of arbitrary code on the host running DOSBox
when running a malicious executable in the emulator.

For the oldstable distribution (stretch), these problems have been fixed
in version 0.74-4.2+deb9u2.

For the stable distribution (buster), these problems have been fixed in
version 0.74-2-3+deb10u1.

We recommend that you upgrade your dosbox packages.

For the detailed security status of dosbox please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dosbox

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/