Mageia 2020-0008: advancecomp security update
Summary
Updated advancecomp package fixes security vulnerability:
An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address
occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by
sending a crafted file to a binary. It allows an attacker to cause a Denial of
Service (Segmentation fault) or possibly have unspecified other impact when a
victim opens a specially crafted file (CVE-2019-8383).
References
- https://bugs.mageia.org/show_bug.cgi?id=25908
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/J23C6QSTJMQ467KAI6QG54AE4MZRLPQV/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8383
Resolution
MGASA-2020-0008 - Updated advancecomp packages fix security vulnerability
SRPMS
- 7/core/advancecomp-2.1-4.1.mga7