Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3620 opencv security update 1 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: opencv Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-15939 CVE-2019-14493 CVE-2018-5269 CVE-2018-5268 CVE-2017-1000450 CVE-2017-17760 CVE-2017-12864 CVE-2017-12863 CVE-2017-12862 CVE-2017-12606 CVE-2017-12605 CVE-2017-12604 CVE-2017-12603 CVE-2017-12601 CVE-2017-12599 CVE-2017-12598 CVE-2017-12597 CVE-2016-1516 Reference: ESB-2018.2124 ESB-2018.1457 Original Bulletin: http://www.debian.org/lts/security/2021/dla-2799 - --------------------------BEGIN INCLUDED TEXT-------------------- - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2799-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany October 29, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : opencv Version : 2.4.9.1+dfsg1-2+deb9u1 CVE ID : CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599 CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606 CVE-2017-12862 CVE-2017-12863 CVE-2017-12864 CVE-2017-17760 CVE-2017-1000450 CVE-2018-5268 CVE-2018-5269 CVE-2019-14493 CVE-2019-15939 Debian Bug : 886282 885843 875342 872044 872043 Several security vulnerabilities have been discovered in OpenCV, the Open Computer Vision Library. Buffer overflows, NULL pointer dereferences and out-of-bounds write errors may lead to a denial-of-service or other unspecified impact. For Debian 9 stretch, these problems have been fixed in version 2.4.9.1+dfsg1-2+deb9u1. We recommend that you upgrade your opencv packages. For the detailed security status of opencv please refer to its security tracker page at: https://security-tracker.debian.org/tracker/opencv Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmF9VvpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQ+8g/+P+uqkZrgGEOSnFzvAiZMDJ0O9FFaUn0boSv7dI4jwnnBwlP3oQLx/HVD r//oFfA4Sr/Pajxg2WYD4lid9FF8hNPQnY+B5uj7REHbecovnrrR94bds1otZeuI 154CD/ylQeNrymeO6g8SyZ57dH6jSo4HKcxE6XKXWVCL/OEGkgHF9GAsg/uoKekE qLRlDnOFEvjop+N5ElIH886RQIA+a34e1AnaeA6umytzPipXzvU8/VBrq86RBuaC ocOSXfhVqWhdU51vQi8H23np3xT3aBiEtwbSVBK74bT1jKQa7kDgo8tbeW5qKAE6 QT1T24KAe/kaxzEQ6qyX5Bg+cCNYNcgYs6wIMMQhOu9TY87etCM/X4bu3/PTEc9U oeNSwM4vhSxJ+s+B2IQxQb399DjODMVedCbnHKkGwHSn7C7pEWyGJ+2+rulJWU0O ZzQQEtlaRMVAYFFb4q7TsT7ueg5ROXAK7edof1YgaWJb+otXKl2Kqt5wsoPDyaBS 0Y52+TOeI8W8ja6OQsGd0JQJxmaM8XC5QlwEsWGoBiXSWLmFX2ultRsgIh1FZ3ej 28upyitth2Xi5MnLsnRgNqaYgqaAup+gyDDg0o1guqzLg0X3XMPaNbg+f6O5NIld TEn7z4z3u/DODZ6g6yLYVzzMTu3Z0UsPZgqtQ8mt9gKCDQExpMA= =HDwq - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYX8+z+NLKJtyKPYoAQhxZw//b6mPznmSA/bJpUPlsgdqcKkpdsNj12Mf MNDWhiK9Iy8m7PYpiEccK8AYqXRVhnTvKQm9IwNJWNJf7cflxR0You05q0g13x26 U94gaQXGsj3ZzPgCCAmTRtXicyD6i5P0zVnp7q1m0rMTKbelPzb19ytf9FnJ26rO 5d1btkIjlE1DNc3HbM5uJVpN5Bscqmhs2PrTLDjGpW6vcLvDSrHtmkcldtr6ZwUT zbVQwJeHV1LxOXUoyencvp+7wqf3v81y0oZP6ccCP0pXyxYRWo4fRhJzB/FRcrpz xNvTk1U0XfAuoCBwVGAIu0RUAQZBrZzHr2gElisEizTzYdNaRafkKV1gndJUhKpv lgWa57wWzs1XxQbUj8hh5v8KDWVrG6eF468y795wWymi0sC2GnvIJAl0a36TxfI8 ZPLaAxAc3O5wTQ5M6NXqPRneUDr6ZO1zFLpSVz10RJn20LbA/ATJ2CWlekH5PALx fO4WAvIJRnz559vX+6KrUKQJls2HLC/Q/PleqzeHmJaLU3ju3WlQ0NkqLSg5QR5n AW0Iv6mR13IwMLjHML1Xp2e5gkjofCzjDFZy2rUn1FCuQPpMCBfn+ul5A46pRy9H CYCkURqKAhLKRSqpwWdRIoZJyCkDa2GKyrq8mX/WHRwsAO7/qXC/K5SLbdxBW19O PSZGqZKBbc8= =kHri -----END PGP SIGNATURE-----