Stay Secure with the Latest Linux Advisories

security advisoryfedoraheap overflow

Debian 11: 2021-b7b2f3e2e8 Critical: Libpng Memory Corruption

Add proposed patches for CVE-2021-29338 and a heap buffer overflow.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-c1ac2ee5ee 2021-06-12 01:16:57.188722 --------------------------------------------------------------------------------Name : mingw-openjpeg2 Product : Fedora 34 Version : 2.4.0 Release : 3.fc34 URL : https://github.com/uclouvain/openjpeg Summary : MinGW Windows openjpeg2 library Description : MinGW Windows openjpeg2 library. --------------------------------------------------------------------------------Update Information: Add proposed patches for CVE-2021-29338 and a heap buffer overflow. --------------------------------------------------------------------------------ChangeLog: * Thu May 27 2021 Sandro Mani - 2.4.0-3 - Apply proposed patches for CVE-2021-29338 and a heap buffer overflow (#1957616) --------------------------------------------------------------------------------References: [ 1 ] Bug #1950103 - CVE-2021-29338 mingw-openjpeg2: openjpeg2: out-of-bounds write due to an integer overflow in opj_compress.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1950103 [ 2 ] Bug #1950105 - CVE-2021-29338 openjpeg2: out-of-bounds write due to an integer overflow in opj_compress.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1950105 [ 3 ] Bug #1957618 - CVE-2021-3575 openjpeg2: openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1957618 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-c1ac2ee5ee' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora ProjectGPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Debian has rolled out a patch for mingw-libjpeg-turbo pertaining to a stack overflow and associated vulnerabilities.. mingw-openjpeg2, Fedora Updates, Buffer Overflow Fix. . Severity: Critical. LinuxSecurity.com Team

Jun 11, 2021 •Critical Fedora