Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.1822
djvulibre security update
27 May 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: djvulibre
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-32493 CVE-2021-32492 CVE-2021-32491
CVE-2021-32490 CVE-2021-3500 CVE-2019-18804
CVE-2019-15145 CVE-2019-15144 CVE-2019-15143
CVE-2019-15142
Reference: ESB-2021.1765
ESB-2020.1291
ESB-2019.4434
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2021/05/msg00022.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2667-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Sylvain Beucler
May 26, 2021 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : djvulibre
Version : 3.5.27.1-7+deb9u1
CVE ID : CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145
CVE-2019-18804 CVE-2021-3500 CVE-2021-32490 CVE-2021-32491
CVE-2021-32492 CVE-2021-32493
Debian Bug : 945114 988215
Several vulnerabilities were discovered in djvulibre, a library and
set of tools to handle documents in the DjVu format. An attacker could
crash document viewers and possibly execute arbitrary code through
crafted DjVu files.
For Debian 9 stretch, these problems have been fixed in version
3.5.27.1-7+deb9u1.
We recommend that you upgrade your djvulibre packages.
For the detailed security status of djvulibre please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/djvulibre
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmCubUYACgkQDTl9HeUl
XjCJZA/+Oivd5tB7z7VTT61KEZLAkfhjCB3iYZhcJ6Uqs599ZXNjXyewPQejhbRn
tELWwE3y5s60lFH98kDMImHMmKVg2UvQabnIpCnUOIcJ8QKduwrE79gV7sxHzjvD
ItbKtChMPo61QgtLcnajrFmBlrn3hV2ATEp2qBT65TW5vFeiPoYdP796IG71nMp0
V4fkxSKoy36bYYRprbHntzo0QGzf1fbgD6te3WMDYDIn3FQuWxSwGIxn1YH1YN6W
K1PbfdzHNYL6njLm04VrLegQPlhF+LV3fcRPHCTQhJwy0Nlrj5O7iQR+kOT0GJ9p
HdjW+L5K2RY2poefaxFLCtXJBaBoiQTgpFpll9SyCu8Dx3D0tk33uOqfJlwH+a9z
+zRqK/XKyoZe0WFu+Agy0k+bVfUbzZFf0Y6PZ+HsqM0vO/5F15Y3XO46ELAZMMRW
HebGPcm+6mf5NIlMqYdn8k2t+JyTDKNVpFTD45Pja4NrIrB9u1dxg1qMNeaXKn0A
PSW1z1n1wXnEARyUABpnbMrpU7DEzPlphLm3QlLL5NJ1PZGEOPPyCQfm4iAPPbaJ
cchxy84hApEcyQAjcp6AZW4lRmX0XVULP2/Ay2YvV94se1gaCg2VzlqKUfJeI40X
yodjj7gD2/eKVUzYRQE0jGgljhbmgS/20TXmyzqk4QuBEkclbdk=
=k93n
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYK8WCuNLKJtyKPYoAQi6phAAoK/JR3u1wN/tyQJdxehcv4qFlQMvxCCR
tUiLx+MSbQCpbk2S5E4y9v6GyLvDidnSLWhVskQjfCBG3hpP+Aq8Vdub15aNcMYY
YH6pLxA50fh31JFgdXgn/JXhxrComGoJzlo9X4O8VdKeXUbt5rhc6aQwm0x4m73N
bNDoTFq1wdPyVU/5fKdRi74wQew8XAp7qHT3smgOd85maFFYloaftp3KNNJitLOS
zzhHlssQvJKLP2pzGZB/OjhQyNYhEeph0E6LJWecH96/ztbU4Gt0H8JHqc5svFOt
xQlXtRUfmdxKbDU5UGJNYs0q1xq+HzvkCy4rJudaSQ+r3PCQLsCV5Tc6WCsrQ+Ot
WA1BdCStfemSnkEtwmqYC9dB2XkmyRHu3Sns6GxSnOwm7VM/nGGWyuUz4BqtyQUO
NaHkKCDXNPBulqo/pjYkc4k2Ljnzdoms7D/kEDVHin3RbGvrKmELx+4ksW/jcGkK
fdL0rVo5qrPhFYf+0vNsPr0v9z/XIqy13uM2QSEFLznddZASi4NAtY8uUwuOCnWb
hIH8rdkrThd1b+qEUoKA+VzUXu2cFDbuxaGE9BHlgyQAIXnlj7bgFGoJINrs5dts
t4CNJJlXopJwANITjMSbk1ygk1ko25tJbsNlBw0KEGSDVrBjdBuWpMGYCMGA5bAr
Jb6A6GpGu8c=
=1Mku
-----END PGP SIGNATURE-----