Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 18 articles for you...
172
security advisorymoderatedenial of serviceUbuntu 20.04 LTS USN-6182-1 Moderate Pngcheck Denial Of Service
Several security issues were fixed in pngcheck.. =========================================================================Ubuntu Security Notice USN-6182-1 June 21, 2023 pngcheck vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in pngcheck. Software Description: - pngcheck: Verifies the integrity of PNG, JNG and MNG files Details: It was discovered that pngcheck incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: pngcheck 2.3.0-7ubuntu0.20.04.1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): pngcheck 2.3.0-7ubuntu0.18.04.1~esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): pngcheck 2.3.0-7ubuntu0.16.04.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6182-1 CVE-2020-27818, CVE-2020-35511 Package Information: https://launchpad.net/ubuntu/+source/pngcheck/2.3.0-7ubuntu0.20.04.1 . The Ubuntu Security Notice USN-6183-1 published on June 22, 2023, highlights vulnerabilities in the tar utility that impact various LTS versions.. pngcheck Security, Denial Of Service Fix, Ubuntu 20.04 Update, Ubuntu Security Notice, Security Advisory. . Severity: Important. LinuxSecurity.com Team
Jun 21, 2023
•Important
Ubuntu
197
security advisorymoderateupdateDebian 10 Buster DLA-3238-1 Moderate: Pngcheck Buffer Overflow
Multiple security issues were discovered in pngcheck, a tool to verify the integrity of PNG, JNG and MNG files, which could potentially result in the execution of arbitrary code. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3238-1
Dec 13, 2022
Debian LTS
87
security advisoryupdatecriticalDebian: DSA-5400-1 High: ImageMagick Buffer Overflow Vulnerability
Multiple security issues were discovered in pngcheck, a tool to verify the integrity of PNG, JNG and MNG files, which could potentially result in the execution of arbitrary code. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5300-1
Dec 12, 2022
Debian
202
security advisorymoderate severityimage processingopenSUSE 15 SP4: 2022:10154-1 Moderate: pngcheck Crash Issue
An update that contains security fixes can now be installed. . openSUSE Security Update: Security update for pngcheck ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10154-1 Rating: moderate References: Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for pngcheck fixes the following issues: pngcheck was updated to 3.0.3: Version 3.0.1: * fixed a crash bug (and probable vulnerability) in large (MNG) LOOP chunks Version 3.0.2: * fixed a divide-by-zero crash bug (and probable vulnerability) in interlaced images with extra compressed data beyond the nominal end of the image data (found by "chiba of topsec alpha lab") Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10154=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): pngcheck-3.0.3-bp154.2.3.1 References: . The latest update for pngcheck on openSUSE addresses critical stability issues and security flaws stemming from errors in image processing.. pngcheck Security Patch, openSUSE Updates, Image Processing Vulnerability. . LinuxSecurity.com Team
Oct 19, 2022
OpenSUSE
202
security advisorymoderatesecurity updateopenSUSE 15-SP3: 2022:10142-1 Moderate: pngcheck Crash Bug Fix
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for pngcheck ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10142-1 Rating: moderate References: #1202662 Cross-References: CVE-2020-35511 CVSS scores: CVE-2020-35511 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pngcheck fixes the following issues: version update to 3.0.3 [boo#1202662] * fixed a crash bug (and probable vulnerability) in large (MNG) LOOP chunks * fixed a divide-by-zero crash bug (and probable vulnerability) in interlaced images with extra compressed data beyond the nominal end of the image data (found by "chiba of topsec alpha lab") version update to 3.0.0 * tweaked color definitions slightly to work better on terminals with white/light backgrounds * fixed DHDR (pre-MNG-1.0) bug identified by Winfried * added eXIf support (GRR: added check for II/MM/unknown format) * converted static const help/usage-related strings to macros so -Werror=format-security doesn't trigger (Ben Beasley) * added (help2man-generated) man pages for all three utils added top-level LICENSE file; fixed various compiler warnings * fixed buffer-overflow vulnerability discovered by "giantbranch of NSFOCUS Security Team" * https://bugzilla.redhat.com/show_bug.cgi?id=1897485 * found and fixed four additional vulnerabilities (null-pointer dereference and three buffer overruns) * an off-by-one bug in check_magic() (Lucy Phipps) * converted two zlib-version warnings/errors to go to stderr (Lemures Lemniscati, actually from 20180318; forwarded byLP) * fixed another buffer-overflow vulnerability discovered by "giantbranch of NSFOCUS Security Team" https://bugzilla.redhat.com/show_bug.cgi?id=1905775 * removed -f ("force") option due to multiple security issues Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-10142=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64): pngcheck-3.0.3-bp153.3.3.1 References: https://www.suse.com/security/cve/CVE-2020-35511.html https://bugzilla.suse.com/1202662 . An update for pngcheck resolves a crash issue and several security vulnerabilities in openSUSE Backports SLE-15-SP3.. openSUSE pngcheck update security issues crash bug. . LinuxSecurity.com Team
Oct 05, 2022
OpenSUSE
197
security advisorydenial of servicesoftware updateDebian 9 Stretch: DLA-3032-1 Moderate: pngcheck Denial Of Service
A flaw was found in the check_chunk_name() function of pngcheck, a tool to verify the integrity of PNG, JNG and MNG files. This flaw allows an attacker who can pass a malicious file to be processed by pngcheck to cause a temporary denial of service. . -------------------------------------------------------------------------Debian LTS Advisory DLA-3032-1
May 29, 2022
Debian LTS
203
security advisorymoderateimage issueMageia 7 and 8 MGASA-2021-0210 Moderate: Pngcheck Crash Bug Fix
This update fixes a divide-by-zero crash bug (and probable vulnerability) in interlaced images with extra compressed data beyond the nominal end of the image data. (found by "chiba of topsec alpha lab") (rhbz#1949800). References: . MGASA-2021-0210 - Updated pngcheck packages fix a security vulnerability Publication date: 12 May 2021 URL: https://advisories.mageia.org/MGASA-2021-0210.html Type: security Affected Mageia releases: 7, 8 This update fixes a divide-by-zero crash bug (and probable vulnerability) in interlaced images with extra compressed data beyond the nominal end of the image data. (found by "chiba of topsec alpha lab") (rhbz#1949800). References: - https://bugs.mageia.org/show_bug.cgi?id=28879 - https://lists.fedoraproject.org/archives/list/
May 12, 2021
Mageia
89
security advisorycriticalsoftware updateFedora 34: 2021-3f001ba18b Critical: Pngcheck Undefined Behavior
New upstream release 3.0.3. Fixes #1949800, in which certain invalid PNG data could cause an integer division-by-zero, invoking undefined behavior.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-3f001ba18b 2021-05-05 01:20:25.877430 --------------------------------------------------------------------------------Name : pngcheck Product : Fedora 34 Version : 3.0.3 Release : 1.fc34 URL : http://www.libpng.org/pub/png/apps/pngcheck.html Summary : Verifies the integrity of PNG, JNG and MNG files Description : pngcheck verifies the integrity of PNG, JNG and MNG files (by checking the internal 32-bit CRCs [checksums] and decompressing the image data); it can optionally dump almost all of the chunk-level information in the image in human-readable form. For example, it can be used to print the basic statistics about an image (dimensions, bit depth, etc.); to list the color and transparency info in its palette (assuming it has one); or to extract the embedded text annotations. This is a command-line program with batch capabilities. The current release supports all PNG, MNG and JNG chunks, including the newly approved sTER stereo-layout chunk. It correctly reports errors in all but two of the images in Chris Nokleberg's brokensuite-20061204. --------------------------------------------------------------------------------Update Information: New upstream release 3.0.3. Fixes #1949800, in which certain invalid PNG data could cause an integer division-by-zero, invoking undefined behavior. --------------------------------------------------------------------------------ChangeLog: * Mon Apr 26 2021 Benjamin A. Beasley - 3.0.3-1 - New upstream release 3.0.3 (fixes #1949800) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-3f001ba18b' at the command line.For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 04, 2021
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!