|
|
Subscribe / Log in / New account

Debian alert DLA-1702-1 (advancecomp)



From:
              Markus Koschany <apo@debian.org> 


To:
              debian-lts-announce@lists.debian.org 


Subject:
              [SECURITY] [DLA 1702-1] advancecomp security update 


Date:
              Sat, 2 Mar 2019 23:21:35 +0100


Message-ID:
              <76b35f27-2517-4ce5-ee62-c0ec3037f911@debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : advancecomp
Version        : 1.19-1+deb8u1
CVE ID         : CVE-2018-1056 CVE-2019-9210
Debian Bug     : 889270 923416

Several vulnerabilities were discovered in advancecomp, a collection
of recompression utilities.

CVE-2018-1056

    Joonun Jang discovered that the advzip tool was prone to a
    heap-based buffer overflow. This might allow an attacker to cause a
    denial-of-service (application crash) or other unspecified impact
    via a crafted file.

CVE-2019-9210

    The png_compress function in pngex.cc in advpng has an integer
    overflow upon encountering an invalid PNG size, which results in
    another heap based buffer overflow.

For Debian 8 "Jessie", these problems have been fixed in version
1.19-1+deb8u1.

We recommend that you upgrade your advancecomp packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlx7Ae5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQ24g//YTMllawzgn6LrPKB5w55Pr8pm6iKh26b0of3Ne/ugryM+tpHvXm5cTol
xR0NBXQg5wLQ+IuDzOMf1WeQKt7Nh2CcLHKpw/wg0IDjgqjR2DS70U7UilyRXvBR
an3NdXytAS6OJBND3Wz5DcsTl19Bp0Qg0VOuiSuEZHu3pMsk4nT6MJTEfLCkmLuj
B+xjklWQFvO57rywi5ukFuvgCemoOJssvTQxh2qcMSu3ycUOVYVJQTc2CpENKthC
2CxjdIQ0uX8S5FkQ//L4hPqr7ljbgZwaVOXZurT6z+WsvYJMgZTaRCWVNwLu9g6y
cyhyohg4UC+itt6e1/pTmHzMkLm4aW2OBKvblq2B0kM9UrjoCGSKwd/3rtZN9/M3
UIGM6O0JClT9/MoaqMyIJQnkcOXFQNQQIWCkNFAFaoBYeQ+nxZ4yrwRWMa9YeAGn
GNg8Wsou12Xdzh1jnJvfjCtk0jCbBA7KTMSDy44wFTEGdZAeTmZn+xy2Y3cscz60
cPBzQ8Wy4wfOth0lZcX/3XnDk1tOv0YocpbT7ohGg+d1aQjScf8FGOeGZkSJG9rR
8TIa+4SrnYblhIKGVbqMtzvgMmk4h6C7q7SOrYyythHzYqGhz/M48CNwK1v2wdyz
b6NfFycsEA90DxJxfOxy5i2myhGx54qQUir0I/WYQ3Rp8YMV60c=
=dnnc
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds