[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[USN-3495-1] OptiPNG vulnerability



==========================================================================
Ubuntu Security Notice USN-3495-1
November 27, 2017

optipng vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

OptiPNG could be made to crash or run programs as your login if it opened a
specially crafted file.

Software Description:
- optipng: advanced PNG (Portable Network Graphics) optimizer

Details:

It was discovered that OptiPNG incorrectly handled memory. A remote
attacker could use this issue with a specially crafted image file to cause
OptiPNG to crash, resulting in a denial of service, or possibly execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  optipng                         0.7.6-1ubuntu0.17.10.1

Ubuntu 17.04:
  optipng                         0.7.6-1ubuntu0.17.04.1

Ubuntu 16.04 LTS:
  optipng                         0.7.6-1ubuntu0.16.04.1

Ubuntu 14.04 LTS:
  optipng                         0.6.4-1ubuntu0.14.04.2

In general, a standard system update will make all the necessary changes.

References:
  https://www.ubuntu.com/usn/usn-3495-1
  CVE-2017-1000229

Package Information:
  https://launchpad.net/ubuntu/+source/optipng/0.7.6-1ubuntu0.17.10.1
  https://launchpad.net/ubuntu/+source/optipng/0.7.6-1ubuntu0.17.04.1
  https://launchpad.net/ubuntu/+source/optipng/0.7.6-1ubuntu0.16.04.1
  https://launchpad.net/ubuntu/+source/optipng/0.6.4-1ubuntu0.14.04.2


Attachment: signature.asc
Description: OpenPGP digital signature

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce