Redis, OpenJPEG2, Dosbox Updates for Debian
Posted on: 07/11/2019 07:12 AM

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 8 LTS:
DLA 1850-1: redis security update
DLA 1851-1: openjpeg2 security update

Debian GNU/Linux 9 and 10:
DSA 4478-1: dosbox security update

DLA 1850-1: redis security update



Package : redis
Version : 2:2.8.17-1+deb8u7
CVE ID : CVE-2019-10192
Debian Bug : #931625

It was discovered that there were two heap buffer overflows in the
Hyperloglog functionality provided by the Redis in-memory key-value
database.

For Debian 8 "Jessie", these issues have been fixed in redis version
2:2.8.17-1+deb8u7.

We recommend that you upgrade your redis packages.





DLA 1851-1: openjpeg2 security update



Package : openjpeg2
Version : 2.1.0-2+deb8u7
CVE ID : CVE-2016-9112 CVE-2018-20847
Debian Bug : 931294 844551

Two security vulnerabilities were discovered in openjpeg2, a JPEG 2000
image library.

CVE-2016-9112

A floating point exception or divide by zero in the function
opj_pi_next_cprl may lead to a denial-of-service.

CVE-2018-20847

An improper computation of values in the function
opj_get_encoding_parameters can lead to an integer overflow.
This issue was partly fixed by the patch for CVE-2015-1239.

For Debian 8 "Jessie", these problems have been fixed in version
2.1.0-2+deb8u7.

We recommend that you upgrade your openjpeg2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DSA 4478-1: dosbox security update



- -------------------------------------------------------------------------
Debian Security Advisory DSA-4478-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 10, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : dosbox
CVE ID : CVE-2019-7165 CVE-2019-12594

Two vulnerabilities were discovered in the DOSBox emulator, which could
result in the execution of arbitrary code on the host running DOSBox
when running a malicious executable in the emulator.

For the oldstable distribution (stretch), these problems have been fixed
in version 0.74-4.2+deb9u2.

For the stable distribution (buster), these problems have been fixed in
version 0.74-2-3+deb10u1.

We recommend that you upgrade your dosbox packages.

For the detailed security status of dosbox please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dosbox

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/







Printed from Linux Compatible (https://www.linuxcompatible.org/news/story/redisopenjpeg2dosbox_updates_for_debian.html)