Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
203
security advisorysoftware updatesegmentation faultMageia 8: MGASA-2023-0041 Moderate: Advancecomp Segmentation Fault
Segmentation fault on invalid MNG size References: - https://bugs.mageia.org/show_bug.cgi?id=31499 - https://lists.fedoraproject.org/archives/list/
Feb 07, 2023
Mageia
172
security advisorydenial of servicesoftware updateUbuntu 22.10: USN-5840-1 Low: DNF Package Manager Vulnerability
Several security issues were fixed in AdvanceCOMP.. =========================================================================Ubuntu Security Notice USN-5838-1 February 01, 2023 advancecomp vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: Several security issues were fixed in AdvanceCOMP. Software Description: - advancecomp: collection of recompression utilities Details: It was discovered that AdvanceCOMP did not properly manage memory while performing read operations on MNG file. If a user were tricked into opening a specially crafted MNG file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service. (CVE-2022-35014, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020) It was discovered that AdvanceCOMP did not properly manage memory while performing read operations on ZIP file. If a user were tricked into opening a specially crafted ZIP file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service. (CVE-2022-35015, CVE-2022-35016) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: advancecomp 2.3-1ubuntu0.22.10.1 Ubuntu 22.04 LTS: advancecomp 2.1-2.1ubuntu2.1 Ubuntu 20.04 LTS: advancecomp 2.1-2.1ubuntu0.20.04.1 Ubuntu 18.04 LTS: advancecomp 2.1-1ubuntu0.18.04.3 Ubuntu 16.04 ESM: advancecomp 1.20-1ubuntu0.2+esm2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5838-1 CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020 Package Information: https://launchpad.net/ubuntu/+source/advancecomp/2.3-1ubuntu0.22.10.1 https://launchpad.net/ubuntu/+source/advancecomp/2.1-2.1ubuntu2.1 https://launchpad.net/ubuntu/+source/advancecomp/2.1-2.1ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/advancecomp/2.1-1ubuntu0.18.04.3 . Multiple vulnerabilities in AdvanceCOMP tackled in Ubuntu USN-5838-1 notification affecting various versions.. AdvanceCOMP Security Update, Ubuntu Security Notice, Denial of Service Fix. . Severity: Low. LinuxSecurity.com Team
Feb 01, 2023
•Low
Ubuntu
203
security advisorycriticalbug fixMageia 8 MGASA-2022-0479 Critical: Advancecomp Security Issues Resolved
advancecomp has been updated to fix a number of bugs and security issues. References: - https://bugs.mageia.org/show_bug.cgi?id=31234 - https://lists.fedoraproject.org/archives/list/
Dec 18, 2022
•Critical
Mageia
172
security advisorydenial of servicecritical issueUbuntu 18.04 LTS: USN-5671-1 Critical AdvanceCOMP Denial of Service
Several security issues were fixed in AdvanceCOMP.. =========================================================================Ubuntu Security Notice USN-5671-1 October 12, 2022 advancecomp vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: Several security issues were fixed in AdvanceCOMP. Software Description: - advancecomp: collection of recompression utilities Details: It was discovered that AdvanceCOMP did not properly manage memory of function be_uint32_read() under certain circumstances. If a user were tricked into opening a specially crafted binary file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service. (CVE-2019-8379) It was discovered that AdvanceCOMP did not properly manage memory of function adv_png_unfilter_8() under certain circumstances. If a user were tricked into opening a specially crafted PNG file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service. (CVE-2019-8383) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: advancecomp 2.1-1ubuntu0.18.04.2 Ubuntu 16.04 ESM: advancecomp 1.20-1ubuntu0.2+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5671-1 CVE-2019-8379, CVE-2019-8383 Package Information: https://launchpad.net/ubuntu/+source/advancecomp/2.1-1ubuntu0.18.04.2 . Recent updates addressed critical vulnerabilities in AdvanceCOMP for Ubuntu 18.04 LTS and 16.04 ESM. Noteworthy observations on memory oversight defects.. AdvanceCOMP Security, Ubuntu Update, Denial of Service Fix, Memory Management. . Severity: Critical. LinuxSecurity.com Team
Oct 12, 2022
•Critical
Ubuntu
197
security advisorydebianmemory accessDebian LTS: DLA-2868-1 Critical: AdvanceCOMP Memory Access Issues
Several vulnerabilities have been fixed in the AdvanceCOMP recompression utilities. CVE-2018-1056 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2868-1
Dec 29, 2021
•Critical
Debian LTS
200
security advisorymoderateinteger overflowScientific Linux 7: SLSA-2020-1037-1 Moderate: advancecomp Integer Overflow
advancecomp: integer overflow in png_compress in pngex.cc SL7 x86_64 advancecomp-1.15-22.el7.x86_64.rpm advancecomp-debuginfo-1.15-22.el7.x86_64.rpm - Scientific Linux Development Team. Synopsis: Moderate: advancecomp security update Advisory ID: SLSA-2020:1037-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2019-9210 -- * advancecomp: integer overflow in png_compress in pngex.cc -- SL7 x86_64 advancecomp-1.15-22.el7.x86_64.rpm advancecomp-debuginfo-1.15-22.el7.x86_64.rpm - Scientific Linux Development Team . Caution notice issued for advancecomp concerning potential integer overflow vulnerabilities in png_compress function on Scientific Linux 7 x86_64 systems.. advancecomp, integer, overflow, security update, Scientific Linux. . LinuxSecurity.com Team
Apr 20, 2020
Scientific Linux
98
security advisorysecurity updateRed Hat Enterprise LinuxRed Hat Enterprise Linux 7: RHSA-2020:1037-01 moderate integer overflow
An update for advancecomp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: advancecomp security update Advisory ID: RHSA-2020:1037-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1037 Issue date: 2020-03-31 CVE Names: CVE-2019-9210 ==================================================================== 1. Summary: An update for advancecomp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: AdvanceCOMP is a set of recompression utilities for .PNG, .MNG and .ZIP files. Security Fix(es): * advancecomp: integer overflow in png_compress in pngex.cc (CVE-2019-9210) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugsfixed (https://bugzilla.redhat.com/): 1684596 - CVE-2019-9210 advancecomp: integer overflow in png_compress in pngex.cc 6. Package List: Red Hat Enterprise Linux Server Optional (v. 7): Source: advancecomp-1.15-22.el7.src.rpm ppc64le: advancecomp-1.15-22.el7.ppc64le.rpm advancecomp-debuginfo-1.15-22.el7.ppc64le.rpm x86_64: advancecomp-1.15-22.el7.x86_64.rpm advancecomp-debuginfo-1.15-22.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): Source: advancecomp-1.15-22.el7.src.rpm x86_64: advancecomp-1.15-22.el7.x86_64.rpm advancecomp-debuginfo-1.15-22.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-9210 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXoOcJdzjgjWX9erEAQiU/A/8CoGJ+I9zd6IgLdJ3LuPWe1Ray+/b0MBL SKAVsVW6+8/dDf2S7CQZJZ8A/Jt0Lms19OWw61Ss7TRfpVZJ/NK1MNHVKH3U3/ke +up0IvlxgO621ptsEtnl/sQQQfMuO7qiAY7d6VsKHbNBry7o0mbxMToszQ8u9hDH YPINJIGT4mYWHKIMBbNtI9Wz6SYt/7fojfmve66uOgzsBGNdgNVRRAVW4M5fI0QW NpMrjM90Y9tJzhuYv0VufOazqmjHnPVajoZJoD0T4hM1BdjJtAGRohEk21RUiS8Q 0yIHKfMPjOEeEuHpMJEslVu0KSuRjRCfTJdRHUvIORNsSD3tzzwVFqRYFXOcHanf R08iY/1GQhCPJ20yrRmZcxhEva18QeE4FVc8FczS3HTJKFLaybBJMb6GPKIwN4DB DOuDOJmAFJ722XhNKnU/OCt63wz351AWCnQ5dJ87CX2ywYsuPQTWPXOSL+/8+g0x PldiqgvR6uilXo/JXlZQgxMWqAnCsdy1feye2KXf+JpwwqTrqnlmyIERRVIQ7qua IjZ5SXW5uYK2353H9AMpdDap9PHuDyXgHBUlSaUI4lcFx6SHSZodt0wyZXLDYr4m MX5o+P16yvQp/wxmEBMdd6+wqz3R4e5roHf3zUVoi13WAjiqLwJhRhnW4OCuym0C ibbmw5GbWXg=jpDV -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 31, 2020
Red Hat
200
security advisorydenial of servicesecurity issueScientific Linux 7: SLSA-2019-2332-1 Low: Advancecomp Security Issues
advancecomp: null pointer dereference in function be_uint32_read() in endianrw.h (CVE-2019-8379) * advancecomp: denial of service in function adv_png_unfilter_8 in lib/png.c (CVE-2019-8383) SL7 x86_64 advancecomp-1.15-21.el7.x86_64.rpm advancecomp-debuginfo-1.15-21.el7.x86_64.rpm - Scientific Linux Development Team. Synopsis: Low: advancecomp security update Advisory ID: SLSA-2019:2332-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2019-8379 CVE-2019-8383 -- Security Fix(es): * advancecomp: null pointer dereference in function be_uint32_read() in endianrw.h (CVE-2019-8379) * advancecomp: denial of service in function adv_png_unfilter_8 in lib/png.c (CVE-2019-8383) -- SL7 x86_64 advancecomp-1.15-21.el7.x86_64.rpm advancecomp-debuginfo-1.15-21.el7.x86_64.rpm - Scientific Linux Development Team . Enhanceprotect software update resolving minor-level denial of service and null reference pointer issues.. advancecomp security, denial of service, Scientific Linux update, pointer issue resolution. . Severity: Low. LinuxSecurity.com Team
Aug 26, 2019
•Low
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!