Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1822 djvulibre security update 27 May 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: djvulibre Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-32493 CVE-2021-32492 CVE-2021-32491 CVE-2021-32490 CVE-2021-3500 CVE-2019-18804 CVE-2019-15145 CVE-2019-15144 CVE-2019-15143 CVE-2019-15142 Reference: ESB-2021.1765 ESB-2020.1291 ESB-2019.4434 Original Bulletin: https://lists.debian.org/debian-lts-announce/2021/05/msg00022.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2667-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Sylvain Beucler May 26, 2021 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : djvulibre Version : 3.5.27.1-7+deb9u1 CVE ID : CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 CVE-2019-18804 CVE-2021-3500 CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 Debian Bug : 945114 988215 Several vulnerabilities were discovered in djvulibre, a library and set of tools to handle documents in the DjVu format. An attacker could crash document viewers and possibly execute arbitrary code through crafted DjVu files. For Debian 9 stretch, these problems have been fixed in version 3.5.27.1-7+deb9u1. We recommend that you upgrade your djvulibre packages. For the detailed security status of djvulibre please refer to its security tracker page at: https://security-tracker.debian.org/tracker/djvulibre Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmCubUYACgkQDTl9HeUl XjCJZA/+Oivd5tB7z7VTT61KEZLAkfhjCB3iYZhcJ6Uqs599ZXNjXyewPQejhbRn tELWwE3y5s60lFH98kDMImHMmKVg2UvQabnIpCnUOIcJ8QKduwrE79gV7sxHzjvD ItbKtChMPo61QgtLcnajrFmBlrn3hV2ATEp2qBT65TW5vFeiPoYdP796IG71nMp0 V4fkxSKoy36bYYRprbHntzo0QGzf1fbgD6te3WMDYDIn3FQuWxSwGIxn1YH1YN6W K1PbfdzHNYL6njLm04VrLegQPlhF+LV3fcRPHCTQhJwy0Nlrj5O7iQR+kOT0GJ9p HdjW+L5K2RY2poefaxFLCtXJBaBoiQTgpFpll9SyCu8Dx3D0tk33uOqfJlwH+a9z +zRqK/XKyoZe0WFu+Agy0k+bVfUbzZFf0Y6PZ+HsqM0vO/5F15Y3XO46ELAZMMRW HebGPcm+6mf5NIlMqYdn8k2t+JyTDKNVpFTD45Pja4NrIrB9u1dxg1qMNeaXKn0A PSW1z1n1wXnEARyUABpnbMrpU7DEzPlphLm3QlLL5NJ1PZGEOPPyCQfm4iAPPbaJ cchxy84hApEcyQAjcp6AZW4lRmX0XVULP2/Ay2YvV94se1gaCg2VzlqKUfJeI40X yodjj7gD2/eKVUzYRQE0jGgljhbmgS/20TXmyzqk4QuBEkclbdk= =k93n - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYK8WCuNLKJtyKPYoAQi6phAAoK/JR3u1wN/tyQJdxehcv4qFlQMvxCCR tUiLx+MSbQCpbk2S5E4y9v6GyLvDidnSLWhVskQjfCBG3hpP+Aq8Vdub15aNcMYY YH6pLxA50fh31JFgdXgn/JXhxrComGoJzlo9X4O8VdKeXUbt5rhc6aQwm0x4m73N bNDoTFq1wdPyVU/5fKdRi74wQew8XAp7qHT3smgOd85maFFYloaftp3KNNJitLOS zzhHlssQvJKLP2pzGZB/OjhQyNYhEeph0E6LJWecH96/ztbU4Gt0H8JHqc5svFOt xQlXtRUfmdxKbDU5UGJNYs0q1xq+HzvkCy4rJudaSQ+r3PCQLsCV5Tc6WCsrQ+Ot WA1BdCStfemSnkEtwmqYC9dB2XkmyRHu3Sns6GxSnOwm7VM/nGGWyuUz4BqtyQUO NaHkKCDXNPBulqo/pjYkc4k2Ljnzdoms7D/kEDVHin3RbGvrKmELx+4ksW/jcGkK fdL0rVo5qrPhFYf+0vNsPr0v9z/XIqy13uM2QSEFLznddZASi4NAtY8uUwuOCnWb hIH8rdkrThd1b+qEUoKA+VzUXu2cFDbuxaGE9BHlgyQAIXnlj7bgFGoJINrs5dts t4CNJJlXopJwANITjMSbk1ygk1ko25tJbsNlBw0KEGSDVrBjdBuWpMGYCMGA5bAr Jb6A6GpGu8c= =1Mku -----END PGP SIGNATURE-----