You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa optipng

Sigurnosni nedostatak programskog paketa optipng

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3495-1
November 27, 2017

optipng vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10
– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

OptiPNG could be made to crash or run programs as your login if it opened a
specially crafted file.

Software Description:
– optipng: advanced PNG (Portable Network Graphics) optimizer

Details:

It was discovered that OptiPNG incorrectly handled memory. A remote
attacker could use this issue with a specially crafted image file to cause
OptiPNG to crash, resulting in a denial of service, or possibly execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
optipng 0.7.6-1ubuntu0.17.10.1

Ubuntu 17.04:
optipng 0.7.6-1ubuntu0.17.04.1

Ubuntu 16.04 LTS:
optipng 0.7.6-1ubuntu0.16.04.1

Ubuntu 14.04 LTS:
optipng 0.6.4-1ubuntu0.14.04.2

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3495-1
CVE-2017-1000229

Package Information:
https://launchpad.net/ubuntu/+source/optipng/0.7.6-1ubuntu0.17.10.1
https://launchpad.net/ubuntu/+source/optipng/0.7.6-1ubuntu0.17.04.1
https://launchpad.net/ubuntu/+source/optipng/0.7.6-1ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/optipng/0.6.4-1ubuntu0.14.04.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJaHGs7AAoJEGVp2FWnRL6ToeIP/0eygRjroy+zrUzcec6AjNVB
wq3YZTeBwDtopdXKYb04WEIWzRWLkObeCEvXDR5Tu/sNi3EH8UFqwTxXMEVFDAu6
du7lFFiyarbPb7/FtsDs1COCirpBw5Wtujdl1rDxMTWpbSJWDSNTuKPI9V52vwwO
i0PLJk2wHAdZl2B0NGodwpTXA3jxPOA1VqvlyAJ3Q4397PSL0BYEAZPJGKV945I+
8Zz21lwJ9YRA3FjoFre3mdGGg4cCtVRgW+OsCXDEV/0cx0nfFT+rnHRs14/soHTg
juT+hS9p+NHW//obLq/gZVt9xajiXE73w/rJ2iizr8rIsck8jHQfrVj086sgkqSV
Ks1HJkf/qexlQYT/am6i0W4V98sVTPkuxj63Z42Ek1b1XCPlvwKP9GmJerNMeacU
ESBeis6XkEWd5QfLnR60JMId7h9oCCdZaamLcG5dUuB+RJOWoBKac4+pFPt4b8D4
yv3iAIKdAVA3ht9zZSB6p0FHZgSSsEjBFdY5hQNTGYtWNHRCdVF7ZCjAI/dDHrry
os8LLoQsAgRUKLi/TXDyRqEpXY91noZLD1knB8tf9nLH7rFv77daKBVQ+7S+wAi+
5RTt5cGztO54ZCtMNaqW+uwCSismmU1OCZbKHAxcg8gep6NoZPLbT3vCgZlNUfK4
yGgnOBuc6MgZM9OvtcoE
=lsgA
—–END PGP SIGNATURE—–

AutorDanijel Kozinovic
Cert idNCERT-REF-2017-11-0173-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa postgresql-common

Otkriveni su sigurnosni nedostaci u programskom paketu postgresql-common za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim lokalnim napadačima omogućuju stjecanje uvećanih...

Close