-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5032-1                   [email protected]
https://www.debian.org/security/                           Florian Weimer
December 28, 2021                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : djvulibre
CVE ID         : CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 
                 CVE-2019-18804 CVE-2021-3500 CVE-2021-3630 CVE-2021-32490 
                 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493
Debian Bug     : 945114 988215


Several vulnerabilities were discovered in djvulibre, a library and
set of tools to handle documents in the DjVu format. An attacker could
crash document viewers and possibly execute arbitrary code through
crafted DjVu files.

For the oldstable distribution (buster), these problems have been fixed
in version 3.5.27.1-10+deb10u1.

For the stable distribution (bullseye), these problems have been fixed in
version 3.5.28-2.

We recommend that you upgrade your djvulibre packages.

For the detailed security status of djvulibre please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/djvulibre

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

Debian: DSA-5032-1: djvulibre security update

December 28, 2021

Several vulnerabilities were discovered in djvulibre, a library and set of tools to handle documents in the DjVu format

Summary

Several vulnerabilities were discovered in djvulibre, a library and
set of tools to handle documents in the DjVu format. An attacker could
crash document viewers and possibly execute arbitrary code through
crafted DjVu files.

For the oldstable distribution (buster), these problems have been fixed
in version 3.5.27.1-10+deb10u1.

For the stable distribution (bullseye), these problems have been fixed in
version 3.5.28-2.

We recommend that you upgrade your djvulibre packages.

For the detailed security status of djvulibre please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/djvulibre

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

Severity

Package : djvulibre

CVE ID : CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145

CVE-2019-18804 CVE-2021-3500 CVE-2021-3630 CVE-2021-32490

CVE-2021-32491 CVE-2021-32492 CVE-2021-32493

Debian Bug : 945114 988215

Related News

Severe Chromium DoS, Info Disclosure Vulns Fixed

Sep 30, 2023

Critical Node.js Info Disclosure, Code Execution Bugs Fixed

Sep 23, 2023

Critical PHP Info Disclosure, Code Execution Bugs Fixed

Sep 7, 2023

Multiple Severe, Remotely Exploitable Chromium Vulns Fixed

Sep 15, 2023

News

Cloud Security
Cryptography
Desktop Security
Firewall
Government
Hacks/Cracks
IoT Security
Network Security
Organizations/Events
Privacy
Security Projects
Security Trends
Security Vulnerabilities
Server Security
Vendors/Products

Advisories

ArchLinux
CentOS
Debian
Debian LTS
Fedora
Gentoo
Mageia
Oracle
openSUSE
Red Hat
RockyLinux
Scientific Linux
Slackware
SuSE
Ubuntu

HOWTOs

Harden My Filesystem
Learn Tips and Tricks
Secure My E-mail
Secure My Firewall
Secure My Network
Secure My Webserver
Strengthen My Privacy

Features

Everything You Need to Know About Linux Proxy Servers

Simple Steps for Identifying & Troubleshooting a Kernel Panic

Linux Endpoint Detection and Response (EDR): A Crucial Part of a Successful Cybersecurity Strategy

Supercharging Linux: Tips & Tricks to Beat the Threat Landscape

LinuxSecurity.com Migrates to Joomla 4 and PHP 8: Our Experience & Key Takeaways

About Us

Advertise
Legal Notice
RSS Feeds
Contact Us
Terms of Service
Privacy Policy

Powered By

231

© 2023 Guardian Digital, Inc All Rights Reserved

News
Cloud Security
Cryptography
Desktop Security
Firewall
Government
Hacks/Cracks
IoT Security
Network Security
Organizations/Events
Privacy
Security Projects
Security Trends
Security Vulnerabilities
Server Security
Vendors/Products
Advisories
ArchLinux
CentOS
Debian
Debian LTS
Fedora
Gentoo
Mageia
Oracle
openSUSE
Red Hat
RockyLinux
Scientific Linux
Slackware
SuSE
Ubuntu
HOWTOs
Harden My Filesystem
Learn Tips and Tricks
Secure My E-mail
Secure My Firewall
Secure My Network
Secure My Webserver
Strengthen My Privacy
Features
Feature Articles
Must Read Articles
Newsletters
Subscribe to Our Newsletters
Linux Security Week Archive
Linux Advisory Watch Archive
Polls
About
Advertise
Legal Notice
RSS Feeds
Contact Us
Terms of Service
Privacy Policy
Security Dictionary

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.
Accept

Advisories

ArchLinux

CentOS

Debian

Debian LTS

Fedora

Gentoo

Mageia

Oracle

openSUSE

Red Hat

RockyLinux

Scientific Linux

Slackware

SuSE

Ubuntu

openSUSE

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox

Linux Advisory Watch

Linux Security Week

Discover the Future of Linux Security with Top Experts Read Our Exclusive Interview!

Feedback

Experiencing any issues with the upgraded site? Please report it to our team. If you do choose to provide your name and email, this data will be used solely to respond to the specific issue you are reporting.

Name

Invalid Input

Email

Invalid Input

Message*

Invalid Input

Feedback

You are now being logged in using your Facebook credentials