drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in OptiPNG
Name: |
Mehrere Probleme in OptiPNG |
|
ID: |
USN-2951-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 15.10 |
|
Datum: |
Mo, 18. April 2016, 16:41 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2191 |
|
Applikationen: |
OptiPNG |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1613865128895271843== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Vbxt2NfSPMeqEIOTsp2DHuHjqbhfpsRUl"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Vbxt2NfSPMeqEIOTsp2DHuHjqbhfpsRUl Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2951-1 April 18, 2016
optipng vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
OptiPNG could be made to crash or run programs as your login if it opened a specially crafted file.
Software Description: - optipng: advanced PNG (Portable Network Graphics) optimizer
Details:
Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service. (CVE-2015-7801)
Gustavo Grieco discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service. (CVE-2015-7802)
Hans Jerry Illikainen discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2191)
Henri Salo discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-3981)
Henri Salo discovered that OptiPNG incorrectly handled memory. A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-3982)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: optipng 0.7.5-1ubuntu0.1
Ubuntu 14.04 LTS: optipng 0.6.4-1ubuntu0.14.04.1
Ubuntu 12.04 LTS: optipng 0.6.4-1ubuntu0.12.04.1
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2951-1 CVE-2015-7801, CVE-2015-7802, CVE-2016-2191, CVE-2016-3981, CVE-2016-3982
Package Information: https://launchpad.net/ubuntu/+source/optipng/0.7.5-1ubuntu0.1 https://launchpad.net/ubuntu/+source/optipng/0.6.4-1ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/optipng/0.6.4-1ubuntu0.12.04.1
--Vbxt2NfSPMeqEIOTsp2DHuHjqbhfpsRUl Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJXFN1wAAoJEGVp2FWnRL6T7L4P/j+UsfxaWzaZkMt6DgdWrmna O2d/n3jQB74B4hZy2KeBqa+QMlwAwkmRzSIlH4S7TFVCOQScKH6ZNT88cg3r1O+u zMSZ4SOtyMv2Us+XtABojQewT2pplG9VX09aFP0gQG7u35mM7uEZCZUoyuw2ZISG mMHPC/SoTaC3Zx5RFH6aOH2TNtgsI8XEsCAN5PgNWZqbaC4p4AMMLV6EgYoAq1J5 n/Dzk1ChWYkiHJCICWzOrHahQpEYnijqi8KgsDuRElr3yFwGzbS93pR+5+ajpsmp cq7A6Zj0ejjWPAJXVnrikK6Db8yPxVQtcSACDN5iJFeXyQBD7pThiLyPOuwdSlTB 1tuh8/VoZMHt8UoOfw81I2hpdn1BwQgu8jGojkfa8QX+9ifKbrJ+Gc7ANLgXOh9h pCup+eT0tHJi66RUZS1mYySqqASm6dWg04Lf3Wlwa78Xboc/sdewpY3fseGfrv16 BZBfSigpMz8IotjR1plaFnqJzg7C7XUXOss2Nzrq2CtmZw1ck7+TzP9KYWjoD2AZ fVOsk6+ZymSFe900CGsj8iTq2SlENFvzslQSN/qmVJlOshw6rlL5V0OgEJ5jd11J nCTPKeQgOJ+QDRkOktdCzasCaoNiQsyN0eeZtE+HAlXAvPjX/h9P1kITvxipJ3HR G3DuX6fLtdNorwvMFAof =2mlr -----END PGP SIGNATURE-----
--Vbxt2NfSPMeqEIOTsp2DHuHjqbhfpsRUl--
--===============1613865128895271843== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1613865128895271843==--
|
|
|
|