[SECURITY] [DLA 2802-1] elfutils security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian LTS Advisory DLA-2802-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk October 30, 2021 https://wiki.debian.org/LTS - - Package: elfutils Version: 0.168-1+deb9u1 CVE ID : CVE-2018-16062 CVE-2018-16402 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7150 CVE-2019-7665 Debian Bug : 907562 911083 911413 911414 920909 921880 Several vulnerabilities were fixed in elfutils, a collection of utilities and libraries to handle ELF objects. CVE-2018-16062 dwarf_getaranges in dwarf_getaranges.c in libdw allowed a denial of service (heap-based buffer over-read) via a crafted file. CVE-2018-16402 libelf/elf_end.c in allowed to cause a denial of service (double free and application crash) because it tried to decompress twice. CVE-2018-18310 An invalid memory address dereference libdwfl allowed a denial of service (application crash) via a crafted file. CVE-2018-18520 A use-after-free in recursive ELF ar files allowed a denial of service (application crash) via a crafted file. CVE-2018-18521 A divide-by-zero in arlib_add_symbols() allowed a denial of service (application crash) via a crafted file. CVE-2019-7150 A segmentation fault could occur due to dwfl_segment_report_module() not checking whether the dyn data read from a core file is truncated. CVE-2019-7665 NT_PLATFORM core notes contain a zero terminated string allowed a denial of service (application crash) via a crafted file. For Debian 9 stretch, these problems have been fixed in version 0.168-1+deb9u1. We recommend that you upgrade your elfutils packages. For the detailed security status of elfutils please refer to its security tracker page at: https://security-tracker.debian.org/tracker/elfutils Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmF9vtQACgkQiNJCh6LY mLHAEBAAwwivTd/8/95a5Qx23D8BmAcxIdld6HXKw6XWqsidCFyj4ZebGXJfSN33 V8PHzRmIaXNNAxJktLZDjNzKBSMWv1ztTDaHJg95vyHxLenS1Eck+4Z7Swg0NGwE M4CNC1j9f9CKtFOspxVcOxvkEL6zUt45lSK6V2frHnBSJICed/imLnmytagxKrXY w68JDvmXzNpE+fF4DqlS3bTmzUD5LMh1zrzSbYVH2koaX/5sMPAZ6sr7Lm5W6Psz 24agaZXFNsBR8DPHEjE3D7Emy1mIlO97TN5wofS+Due3OgUNK3k/d39pnFbZiaL2 mHlC5HVGa7jJvd3F/08UPgfwUdnOu/Om9ozjlAeo58qG4Nv0YQpHvim0HATy2zl5 Wldi37cpLYfr5JVV3ry6BfzwdMvERvImOrO4jJJDIkzXCVC8bAiecyj5ybsKHPYM TnbdqAn4vKjhaSeV1a8iZBe89l62xfEK56k1KT2HvJyWu55PRAZThUxza7dIpfyo HerS5H274A+AseGjS+9ErQ3Uz+sWgLIIAubleDeaiGsu5BbeDQNW4VRhfL8vCdXR ZPk1jwhCCDSsJ/bfi3I/1nvcs0bYKYAkmaXtjiqJ2Ru1BmCsS2j1doqqd6jMQkpI 2P9AsX5tMZWv2m0Jey1rQWOLXa7ASS33uGPq3NZp7Q1qCUEheR8= =wPI4 -END PGP SIGNATURE-
[SECURITY] [DLA 2799-1] opencv security update
- Debian LTS Advisory DLA-2799-1debian-...@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany October 29, 2021 https://wiki.debian.org/LTS - Package: opencv Version: 2.4.9.1+dfsg1-2+deb9u1 CVE ID : CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599 CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606 CVE-2017-12862 CVE-2017-12863 CVE-2017-12864 CVE-2017-17760 CVE-2017-1000450 CVE-2018-5268 CVE-2018-5269 CVE-2019-14493 CVE-2019-15939 Debian Bug : 886282 885843 875342 872044 872043 Several security vulnerabilities have been discovered in OpenCV, the Open Computer Vision Library. Buffer overflows, NULL pointer dereferences and out-of-bounds write errors may lead to a denial-of-service or other unspecified impact. For Debian 9 stretch, these problems have been fixed in version 2.4.9.1+dfsg1-2+deb9u1. We recommend that you upgrade your opencv packages. For the detailed security status of opencv please refer to its security tracker page at: https://security-tracker.debian.org/tracker/opencv Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS signature.asc Description: This is a digitally signed message part
