[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 981-1] apng2gif security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : apng2gif
Version        : 1.5-1+deb7u1
CVE ID         : CVE-2017-6960
Debian Bug     : #854367

It was discovered that apng2gif was vulnerable to an integer overflow
resulting in a heap-based buffer over-read/write. A remote attacker
could use this flaw to cause a denial of service (application crash)
via a crafted APNG file.

For Debian 7 "Wheezy", these problems have been fixed in version
1.5-1+deb7u1.

We recommend that you upgrade your apng2gif packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErLe2fxl/mzIVM0McrJCsPsUkBl4FAlk3p8MACgkQrJCsPsUk
Bl4g4Q//Vs+SxqSSCtU3BwKik5no/0Kc1rEXHH2Mc8CFdcsu4bYfkRn8eSJKa98k
v02YrHYQqTM9sFmjXjYQIdh/pyPAUU51bqXLQOSn89RbdW5z0DCGYkEpYoSZoxG5
egsL33o0zCLckRFhAYBR7QC8z1bcBh3HpW5DSJdyano7sePNCbzkF3+pkaJFmn0a
MJWT+cEwD+F4R1jSq9EHxT2ecrwP+BAWCmTgzYpF43qLXH8znnXJhKI9Sxv6+GOH
J7MX5xhFZKOQKd9NKc14Y9yBMzV+PGJRvD0e1wqd/E1YXhaAxrD2AlDOc07HFK6B
+bJ6/lRSBWpyOLDhnsig0m/Ji6x7rNDmZoHmOkY4Dj7d2Y4O16ztn0s54gvO/DVh
OrOhhUFKDHuZ3z2hmFK9vdw/p9R+4a5nI2Ci55ggIgXZ69+hvtpoMNlADVG1iXFW
11LRjac3F1tP7iHRtCRXY9HdHwb4D82/a/+9vV6hOPhvistCSwxFQ118elPbq05a
p/mubHey1MSM1Iqo0AICBxye+NzC+++QDXbUEWeXvhyDEwz+5mIAr3WuxBpyXuno
tz0wh9p6hvmNfYLo/lz09uLo++Ze0x0c5gCroYJSZA/3S52zQBbwo0+i86/qDG3d
AYY1Vj4ZfiM8jZxPi/x25tlIovCx2r5fq1GszcJwr8EWgLd0EM4=
=anaS
-----END PGP SIGNATURE-----
Reply to: