You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa advancecomp

Sigurnosni nedostaci programskog paketa advancecomp

  • Detalji os-a: WN7
  • Važnost: INF
  • Operativni sustavi: L
  • Kategorije: LRH

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Low: advancecomp security update
Advisory ID: RHSA-2019:2332-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2332
Issue date: 2019-08-06
CVE Names: CVE-2019-8379 CVE-2019-8383
=====================================================================

1. Summary:

An update for advancecomp is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server Optional (v. 7) – ppc64le, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) – x86_64

3. Description:

AdvanceCOMP is a set of recompression utilities for .PNG, .MNG and .ZIP
files.

Security Fix(es):

* advancecomp: null pointer dereference in function be_uint32_read() in
endianrw.h (CVE-2019-8379)

* advancecomp: denial of service in function adv_png_unfilter_8 in
lib/png.c (CVE-2019-8383)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1708561 – CVE-2019-8379 advancecomp: null pointer dereference in function be_uint32_read() in endianrw.h
1708563 – CVE-2019-8383 advancecomp: denial of service in function adv_png_unfilter_8 in lib/png.c

6. Package List:

Red Hat Enterprise Linux Server Optional (v. 7):

Source:
advancecomp-1.15-21.el7.src.rpm

ppc64le:
advancecomp-1.15-21.el7.ppc64le.rpm
advancecomp-debuginfo-1.15-21.el7.ppc64le.rpm

x86_64:
advancecomp-1.15-21.el7.x86_64.rpm
advancecomp-debuginfo-1.15-21.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

Source:
advancecomp-1.15-21.el7.src.rpm

x86_64:
advancecomp-1.15-21.el7.x86_64.rpm
advancecomp-debuginfo-1.15-21.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-8379
https://access.redhat.com/security/cve/CVE-2019-8383
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXUl3ydzjgjWX9erEAQgbEhAAkltZZ/JVHTPaBPU0qGI9c1gwSvSaZ1zF
yoKJoY0/xon3YZMYCKmcV5SMvkrrqCcv70fZlK1P3p8V5hU0qcT4W4Fry1TD+Bug
l1TSR5AH8JNXi5JzzZj84rgzKv+QKKNKfQlJ5aqoJXnDR269JlvKX5c8jvsEWUFP
UkK3VFVgNFtVZ063xstH+d18wouzdw2wGr9aoeI4RGl8igGVyDxQIpvd/4jrifJB
VHH286TTGePvgIqClLLAwy1Ba/pB3K/Gm81tmJ2Ai4HVNnHW68yTtI6gKc/SRKhy
VJ4RZyljBfz+LRTFZHrVym5yf3Yl0kuVLvGYPk666pcANJw8a6p62QGafvZBTPZ2
sQEE+1oRhP5osu6HogEvj5U9l2gf+CZ3Kobr0pekmuEF8oYBcO+bW/ZIGyKYp7V5
UpjvF+AVIpsTxfTRj6YFwLSI4r4rcvAUcLwDLoob4xaNVLTlzaazmWMo2k8eXOiu
l/+enYkkAIvPPEW7DnoJLBgEwF+4QaWpZk6VZeW/zbsrGtI6iqnUpIV22XHKoHR2
7ock9njugB2v2MKecazTrstsOzJEuz3SnZ9nJGCDNIrqxg63LclK5dX/8jXKgXcl
N5a0FGV7EdIx27+lGyrIYC/74h/7uAZ5j4VR5UDyqKfHd2X+qxtUMeENc4YY06Ug
JpwE+0eKfrM=
=+SE4
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

AutorZvonimir Bosnjak
Cert idNCERT-REF-2019-08-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava RHEL. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izazivanje DoS stanja, otkrivanje osjetljivih informacija,...

Close