Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.3620
opencv security update
1 November 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: opencv
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-15939 CVE-2019-14493 CVE-2018-5269
CVE-2018-5268 CVE-2017-1000450 CVE-2017-17760
CVE-2017-12864 CVE-2017-12863 CVE-2017-12862
CVE-2017-12606 CVE-2017-12605 CVE-2017-12604
CVE-2017-12603 CVE-2017-12601 CVE-2017-12599
CVE-2017-12598 CVE-2017-12597 CVE-2016-1516
Reference: ESB-2018.2124
ESB-2018.1457
Original Bulletin:
http://www.debian.org/lts/security/2021/dla-2799
- --------------------------BEGIN INCLUDED TEXT--------------------
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2799-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Markus Koschany
October 29, 2021 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : opencv
Version : 2.4.9.1+dfsg1-2+deb9u1
CVE ID : CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599
CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605
CVE-2017-12606 CVE-2017-12862 CVE-2017-12863 CVE-2017-12864
CVE-2017-17760 CVE-2017-1000450 CVE-2018-5268 CVE-2018-5269
CVE-2019-14493 CVE-2019-15939
Debian Bug : 886282 885843 875342 872044 872043
Several security vulnerabilities have been discovered in OpenCV, the Open
Computer Vision Library. Buffer overflows, NULL pointer dereferences and
out-of-bounds write errors may lead to a denial-of-service or other
unspecified impact.
For Debian 9 stretch, these problems have been fixed in version
2.4.9.1+dfsg1-2+deb9u1.
We recommend that you upgrade your opencv packages.
For the detailed security status of opencv please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/opencv
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmF9VvpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQ+8g/+P+uqkZrgGEOSnFzvAiZMDJ0O9FFaUn0boSv7dI4jwnnBwlP3oQLx/HVD
r//oFfA4Sr/Pajxg2WYD4lid9FF8hNPQnY+B5uj7REHbecovnrrR94bds1otZeuI
154CD/ylQeNrymeO6g8SyZ57dH6jSo4HKcxE6XKXWVCL/OEGkgHF9GAsg/uoKekE
qLRlDnOFEvjop+N5ElIH886RQIA+a34e1AnaeA6umytzPipXzvU8/VBrq86RBuaC
ocOSXfhVqWhdU51vQi8H23np3xT3aBiEtwbSVBK74bT1jKQa7kDgo8tbeW5qKAE6
QT1T24KAe/kaxzEQ6qyX5Bg+cCNYNcgYs6wIMMQhOu9TY87etCM/X4bu3/PTEc9U
oeNSwM4vhSxJ+s+B2IQxQb399DjODMVedCbnHKkGwHSn7C7pEWyGJ+2+rulJWU0O
ZzQQEtlaRMVAYFFb4q7TsT7ueg5ROXAK7edof1YgaWJb+otXKl2Kqt5wsoPDyaBS
0Y52+TOeI8W8ja6OQsGd0JQJxmaM8XC5QlwEsWGoBiXSWLmFX2ultRsgIh1FZ3ej
28upyitth2Xi5MnLsnRgNqaYgqaAup+gyDDg0o1guqzLg0X3XMPaNbg+f6O5NIld
TEn7z4z3u/DODZ6g6yLYVzzMTu3Z0UsPZgqtQ8mt9gKCDQExpMA=
=HDwq
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYX8+z+NLKJtyKPYoAQhxZw//b6mPznmSA/bJpUPlsgdqcKkpdsNj12Mf
MNDWhiK9Iy8m7PYpiEccK8AYqXRVhnTvKQm9IwNJWNJf7cflxR0You05q0g13x26
U94gaQXGsj3ZzPgCCAmTRtXicyD6i5P0zVnp7q1m0rMTKbelPzb19ytf9FnJ26rO
5d1btkIjlE1DNc3HbM5uJVpN5Bscqmhs2PrTLDjGpW6vcLvDSrHtmkcldtr6ZwUT
zbVQwJeHV1LxOXUoyencvp+7wqf3v81y0oZP6ccCP0pXyxYRWo4fRhJzB/FRcrpz
xNvTk1U0XfAuoCBwVGAIu0RUAQZBrZzHr2gElisEizTzYdNaRafkKV1gndJUhKpv
lgWa57wWzs1XxQbUj8hh5v8KDWVrG6eF468y795wWymi0sC2GnvIJAl0a36TxfI8
ZPLaAxAc3O5wTQ5M6NXqPRneUDr6ZO1zFLpSVz10RJn20LbA/ATJ2CWlekH5PALx
fO4WAvIJRnz559vX+6KrUKQJls2HLC/Q/PleqzeHmJaLU3ju3WlQ0NkqLSg5QR5n
AW0Iv6mR13IwMLjHML1Xp2e5gkjofCzjDFZy2rUn1FCuQPpMCBfn+ul5A46pRy9H
CYCkURqKAhLKRSqpwWdRIoZJyCkDa2GKyrq8mX/WHRwsAO7/qXC/K5SLbdxBW19O
PSZGqZKBbc8=
=kHri
-----END PGP SIGNATURE-----