[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2868-1] advancecomp security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2868-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
December 29, 2021                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : advancecomp
Version        : 1.20-1+deb9u1
CVE ID         : CVE-2018-1056 CVE-2019-8379 CVE-2019-8383 CVE-2019-9210
Debian Bug     : 889270 923416 928729 928730

Several vulnerabilities have been fixed in the AdvanceCOMP recompression 
utilities.

CVE-2018-1056

    Out-of-bounds heap buffer read in advzip.

CVE-2019-8379

    NULL pointer dereference in be_uint32_read().

CVE-2019-8383

    Invalid memory access in adv_png_unfilter_8().

CVE-2019-9210

    Integer overflow in advpng with invalid PNG size.

For Debian 9 stretch, these problems have been fixed in version
1.20-1+deb9u1.

We recommend that you upgrade your advancecomp packages.

For the detailed security status of advancecomp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/advancecomp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHM1kgACgkQiNJCh6LY
mLGJlBAAswPtPEg2XbjxgdH6NaMi68OB2rx5/GbSMMAoWMscFA39DdbJnRupRvXR
Q3yq6EzgcUBhFvvGku6hqiLz7f8eaavYKlDHeTye+cWdRxb5xYUmEnu+FEacDSRs
aWmSxYimMi33Mtpc3F01TWMAmyOjSAZHja+Je2FqpJ8IRL6GQHqt/e0qeYLzolUL
1hd0OpsTNKIzhcFILeH9D0w70/JAVDb91Oi8D6cukOKDnuUWK/gjyll60odOB0CH
oy5ua/ArRggTMC0be8w18NafD6wOaG9r4jVAM075FW6XP3EjxnsLD50nTIY2XhGB
UMQhx29P8QRs12E20soycMIUxkiksoBLarSbq+tRLCRo303bXY8IvO5INw1tFHuK
1xe/N7OeVLQl82p6QvxMexymYvtUB/xp/OXWn50ARgPbKTlMrsdYcvFwqjRthlsl
On6m4EnkItMFZLCCOTqaV1RdNSFLQpij1BU501nY8SdGX/Gb4ttA4nrGlLeT7q5Z
QuZ8a+9JMSI89cK1xrd2MA1u3DEhLj9jmsV2jG3yWUZRxJHYIWJ6nx/7/C0M7z1L
LGuiqQd4XMcbxeoDqb8Gab9hivxfpLKUIqD0jR0UCY60P4WbbQmcQ923qljonGZR
ew151zJv2wOHtAfCyNRpXCmN/ExyCK3/b2LRUO82zVXZK3wzDV4=
=qhuc
-----END PGP SIGNATURE-----


Reply to: