[SECURITY] [DLA 1714-1] libsdl2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: libsdl2 Version: 2.0.2+dfsg1-6+deb8u1 CVE ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 Multiple buffer overflow security issues have been found in libsdl2, a library that allows low level access to a video frame buffer, audio output, mouse, and keyboard. For Debian 8 "Jessie", these problems have been fixed in version 2.0.2+dfsg1-6+deb8u1. We recommend that you upgrade your libsdl2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlyJNhQACgkQhj1N8u2c KO/fzA//aM3cIep8QmGoKooPi5hUGkLc25bcpTu/mXf2VyGajqYTdHHg+eB1Xyvw IE3JT9sGseajaL4ZLQUlxJ46eNmgEaGCC1l7K0N3WlNq730OrX9vhC1d1txLXKtf gv1xNUbypiOhVCDF8qHrn+yt26L4b/Sto+zXkoYOKZfh1PwI6oGw+vfipP9+hcZK 3Gf9hvc2vJDKfmTl4z3cefMgF2ul8DByyUfA3z1AVKtJ7B54SxyBtmFxjd82FWL5 fHLJQqzAbDcMCFTNAkF3ubp4NLEt6tOMuFJyDZpf7PA+wg4fW1g84x9YN6qaZKjB xjcL1lAYXJjf+HnAxhNx2y0wQNotkDfcArD99lYQKVriPruesCH6WlB8s+zIQGqG +FgeJQN8JMHA4KZRRXWPocr+/CjWySkH3C1twdhpqDq4NQH/Eyz6I7+J6kW0nlmh c5uzWoSBszDpxjmVqQV4pzldEAYWb6nfQsiemXqdvqzeRm5PxUPcDHZsoo2Ld5k1 J5no+hNJ1h4kd+4lBvfthyIlDfWj7eCkf96BAnbpzfk8Y/D631FYMwth5Oh0gndx 6F3OK7hYYd1DTuQldK/JOPExGMkSyb6Tql8mNt2QD7qXCnWNaysipfWFZtSceMi4 dPH9iue7qb98CjcQynxJMec7R1QUO5Uyi5XJ7jIzWuzTuBIXE0c= =v6An -END PGP SIGNATURE-
[SECURITY] [DLA 1713-1] libsdl1.2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: libsdl1.2 Version: 1.2.15-10+deb8u1 CVE ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 Multiple buffer overflow security issues have been found in libsdl1.2, a library that allows low level access to a video frame buffer, audio output, mouse, and keyboard. For Debian 8 "Jessie", these problems have been fixed in version 1.2.15-10+deb8u1. We recommend that you upgrade your libsdl1.2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlyJNWQACgkQhj1N8u2c KO8Ocg/+Ot3VshogOxkcAU0ndoRh9cFT2zwhMgycJi1I/68HbMjsdjOOdj/ZiZBR D3RcPSttnDuH5k1o4ZGHHZRh9w+XDobeJIk101KeQn5EIMw70fAizyvcl4d9MeOc jZjC4TsO0UxiSWS0mUta2ljwz+B8w6bGXiG90+ZCV9n2MjIiKfR3U/YXenFWrgtU sqXm6ee0jzireZC+VvB/KDJMJ8nnx1Uwr6L3sVB7NN5OXxcZLxvRukVkcVJnZ1ff WmARmkU9PahmOZXP++p55U8XEGLg4D4xugPe+RnaJre6EvloOZkSYqETXWuqL8ml nleJguFQ6XJr14mLYRLTdOHq+rfxp07l2Ir2MoCthgzOdOG4fy0G38hbQWs3aot0 ZXyYY74YAhFV6XedIPSxliEyre7abXdsnYUJ83plfNzSCksbGsGKEfG6dTJOolq0 3oe7Ti2pJM4miOsEGSQQggMD+VhgpqypKU8xnjd0IEVyht61WnOMwPdoEaLFddfU KWVEmw7mcaz9DeMnZEeLfnHz/LzdMhQgl/YcrFNxpFocgSQAp1NHPlEYzYiIbMy7 wBMvY9W9jLnl+0A6Lz7xsFQqKrS4Fmv/8dTZ71TblGRu5/g7oSE88dyDDNMIQY8z T9aphZXLFMpWiavPoByINQKITzlJMdIr9UcAf9EKdACnIiGQ7TQ= =1n0s -END PGP SIGNATURE-
[SECURITY] [DLA 1712-1] libsndfile security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libsndfile Version: 1.0.25-9.1+deb8u4 CVE ID : CVE-2019-3832 It was found that the fix for CVE-2018-19758 was incomplete. That has been addressed in this update. The description for CVE-2018-19758 follows: A heap-buffer-overflow vulnerability was discovered in libsndfile, the library for reading and writing files containing sampled sound. This flaw might be triggered by remote attackers to cause denial of service (out of bounds read and application crash). For Debian 8 "Jessie", this problem has been fixed in version 1.0.25-9.1+deb8u4. We recommend that you upgrade your libsndfile packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlyI/X4ACgkQnUbEiOQ2 gwLyHQ//WB9Vd6+C3BR1Cfx29xUmeLx4GiXjGLZdcEVotH6sRsgG6DQKfQenqDMi sgRPwO3/4AlEl3LI7RBsPApc6jY38G4rMa1csIh8iVcrJkM6lGY5xiHHd1uBRZRw OoboMQiVTDv0skJtnHVg8ZOta1hafE0lgMAXW7PW/iLNiQIBs3lKKAd87tsXDLXn JcYPrNwXeMe6mzZ7JZ+zl/pVWmQfnMw/IYyRUbD8iOQBrbRQE38UTIHRdVRwS1Op fwpYAeWeMvZNsk7Iaj38YMR6xKgn0k5qHVoSDgetw+tS5v4Kx5KfPTiq3ZzbIhFU 8onySMKPO5k9LVfDijODek/bAjCHO7E1F9W7WvU4ZesCmXZmGMI29xl3K98zh5RK E7IR6UzlJSWVd+G0IPAE917q0+16tNXnppiuoUZLmQj1AdZPnEHU4vNvRkHXZ0Zh aerGDqrZ/3+SuLZKaC6Zc4d6oDsE+eFl8z1tZLdOE7iI701o5O91uhp8QB54OvzA mMu1WitpWfhWEhO6D17x7GPsuu6NIukBgW4V5HZxDBsZ7eat7RYfGMh6LyM6uQNV MqK/xf+OHk2Hj2H0B5bcxsInWL0nyDbqdJXwxLbt3X+Kwx0OxHUw1bi7G+jVRHHg sX0ehGo1KZR9RGAs/F/CeGvJ9q3v+QHvh6/W/rFiMbbCHqpeB/g= =HiS7 -END PGP SIGNATURE-
[SECURITY] [DLA 1711-1] systemd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: systemd Version: 215-17+deb8u11 CVE ID : CVE-2019-3815 Debian Bug : 924060 A memory leak was discovered in the backport of fixes for CVE-2018-16864 in systemd-journald. Function dispatch_message_real() in journald-server.c does not free allocated memory to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. Note that as the systemd-journald service is not restarted automatically a restart of the service or more safely a reboot is advised. For Debian 8 "Jessie", this problem has been fixed in version 215-17+deb8u11. We recommend that you upgrade your systemd packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlyI+3hfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQBCBAAuRxc5S6w7gbiX2rWJVEALcDOR1o3tVzgJ2nWEoRhSVo7Ugnon8CWTMCs aYzXrZL1lIxwTjTGx0LtjIj4C1A/47uK4jugHG/k9eosxlmHPkp5BcYJiHubpetv poXPT0GjnvDv/ARynsrF9Rq7M3pkx9Kq55SiNqixol3M9sHHBvZiKIbseSo89KDo Zk+V2bhlgs574BsG04cuTZQoia23fIlL//NslH9xA+t5fUH/bu38HVp6vRe3rMEg zV1uV3XNKv0IFc7HeAbZM3okKSK6MKaITaprWzsOUPlTkcUqu45mlFyWCsXymTGv 4EXqcHOhg2Z20bSKQMhhN0g2T+Vqsecand3AXwHnhPaKTu5qFuEXujZf7cLD5BoU qTI2lU2yr95K43ZIQ+kxWE+HkoxZgqVh7DSxR7lWAYHv/n8tGFCXVZ2oHynKNwi0 unNHUjsKbvfdym0uBR/o9SzYNXUfDZoAo7QDtecl1wBfAVjWMkrjO4xOfUmjdcj4 02CH5zoTOw1oOI/0SRkGwauXxfPPosi09rE6iL+pcdTu0LpmR4p+5VV5CNGOPE6f V2bqJTRREye2BMV4lnq9QQlZ3MgaVRNZGvqH/ut2nGZKCvBpIOPqp1yWgfntcFrA yjGP0raxkpBhg+6W2paw/x50vpSdQsBNjRtxXQmR0WabJVBUN0A= =YPDI -END PGP SIGNATURE-
[SECURITY] [DLA 1710-1] xmltooling security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: xmltooling Version: 1.5.3-2+deb8u4 CVE ID : CVE-2019-9628 Debian Bug : 924346 Ross Geerlings discovered that the XMLTooling library didn't correctly handle exceptions on malformed XML declarations, which could result in denial of service against the application using XMLTooling. For Debian 8 "Jessie", this problem has been fixed in version 1.5.3-2+deb8u4. We recommend that you upgrade your xmltooling packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Feri -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAlyI4rQACgkQOsj3Fkd+ 2yPbrg/+N8TNv3YeULHw4Om7AW2tFEm48rapz1ZmZJ+gd4ATtNkW35wGBMeU+tN5 R7U4FAlRmzyiJJpqq9Lj9l03iGh71tgYYfabaTZi5WasjHL4cugtul5fyuuOMKmO SUVlFYFjLt7BEN618QhaBiUf4xfsZrLYPeM+ipwFhqj7LrQwUGMfTJRr3n+L5od2 xVEKTugfkHKmiqcNpOcE11iwaBlzvgmUrMY8LfVJHGU80BF/OMA8xQ1UQjhK9Hzr jE5nNfo5pJOIFLr7yRvbe/16dGemX4v2w0kvSntFAM7E2g1cwB2s8V8eTVtVsGPA MbBePYdB1USKaetKmL3cZN+f2tyzFw7qdIywO1MLu3rN7mWAfR5Gyvau4e4mdhI1 lvePCl+eP/3bWGZJFKaCqxiFIhpLBro//+0Zt4+riCIer4xvFOz+b+Z4lO981wxv EvCjHygQOTwbDgrvxgbThffHjaNGyP3thsrEQTSovXzNE2kq2gjQu/tDv1yy9oPp 07Dhq84NiDaONEchDg793oYvEh55V+wds1GOcV8GmrD3p4cITgdgh/p0g91IufoH vaIeu/lH/bgCSRrRjvWd1njH0Z9n579CbLgaIGtl2EgfrMkSi39hA7TFXgTPI2ji 0eI9XXQu5EHg/SY0NdUpZPHAJoXOps93CN+1fHg8mtXAu6Jzqyk= =jRrR -END PGP SIGNATURE-
[SECURITY] [DLA 1709-1] waagent security update
Package: waagent Version: 2.2.18-3~deb8u2 CVE ID : CVE-2019-0804 Francis McBratney discovered that the Windows Azure Linux Agent created swap files with world-readable permissions, resulting in information disclosure. For Debian 8 "Jessie", this problem has been fixed in version 2.2.18-3~deb8u2. We recommend that you upgrade your waagent packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS signature.asc Description: PGP signature