Xen and OpenJPEG2 Updates for Debian 8 LTS
Posted on: 10/08/2019 03:21 PM

The following updates has been released for Debian GNU/Linux 8 LTS:

DLA 1949-1: xen security update
DLA 1950-1: openjpeg2 security update

DLA 1949-1: xen security update
Package : xen
Version : 4.4.4lts5-0+deb8u1
CVE ID : CVE-2018-19961 CVE-2018-19962 CVE-2018-19966
XSA ID : XSA-275 XSA-280 XSA-285 XSA-287 XSA-288

Multiple vulnerabilities have been discovered in the Xen hypervisor, which
could result in denial of service, informations leaks or privilege
escalation.

For Debian 8 "Jessie", these problems have been fixed in version
4.4.4lts5-0+deb8u1.

We recommend that you upgrade your xen packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1950-1: openjpeg2 security update
Package : openjpeg2
Version : 2.1.0-2+deb8u8
CVE ID : CVE-2018-21010
Debian Bug : 939553

A heap buffer overflow vulnerability was discovered in openjpeg2, the
open-source JPEG 2000 codec. This vulnerability is caused by insufficient
validation of width and height of image components in color_apply_icc_profile
(src/bin/common/color.c). Remote attackers might leverage this vulnerability
via a crafted JP2 file, leading to denial of service (application crash) or any
other undefined behavior.

For Debian 8 "Jessie", this problem has been fixed in version
2.1.0-2+deb8u8.

We recommend that you upgrade your openjpeg2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS




Printed from Linux Compatible (https://www.linuxcompatible.org/news/story/xen_and_openjpeg2_updates_for_debian_8_lts.html)