Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.0503
apng2gif security update
7 February 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: apng2gif
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2017-6962 CVE-2017-6961 CVE-2017-6960
Reference: ESB-2020.3192
ESB-2020.1154
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2022/02/msg00004.html
Comment: CVSS (Max): 7.5 CVE-2017-6962 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS Source: NVD
- --------------------------BEGIN INCLUDED TEXT--------------------
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2911-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Markus Koschany
February 04, 2022 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : apng2gif
Version : 1.8-0.1~deb9u1
CVE ID : CVE-2017-6960 CVE-2017-6961 CVE-2017-6962
Debian Bug : 854447
Several vulnerabilities have been discovered in apng2gif, a tool for conver=
ting
APNG images to animated GIF format. Improper sanitization of user input can
result in denial of service (application crash) or possible execution of
arbitrary code if a malformed image file is processed.
For Debian 9 stretch, these problems have been fixed in version
1.8-0.1~deb9u1.
We recommend that you upgrade your apng2gif packages.
For the detailed security status of apng2gif please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/apng2gif
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmH9N1xfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTm2hAA0DTMxzMIEC6y49zlSdn+cQlx3NQkOPrEzMab1nxdqmRhGwz2Lv4U7Uxx
GA5RuBHospAXlvecx6+Nh8UNFol2HRgRo6eZzat5O8Qnsf9fDNSByHKbztbB+eKa
wi2rOL78+kqQ1htM/j9XwU/P0nVQfUjm5tfU2ojwmLrMrsukd+NT3slvuAY7RUna
7QLKDdrirBWqYtdZejU/7o8m4zviSWoFrAkHyY8gxUdaUCjJxnrHTFb8vp43DTh4
l1HOUHeezfKzgQ8Dc6Xyv3FeDm4DrBY+HWxfdmpb6OvjOmsm0wjqbJ2T428nlRa5
7KNB+12OdCIFuczQHp1yT2Gwj36LbDjmr9SwBaUYzwp27XDyCUiHdkVG54YewY7j
tU5DSroPOfwR3mN3bFnMdXs3/OLo8F06o8YWmTGA6KG6Lz88NNzs1EUx0pHjEc5v
V6Dc0v8WJ5a8rzwvJ7pra4twF90QldINmMjBg6ieBg5NiVrUsc2gHe2umADkgmz8
e6QHHJnB7ALZf6E1jbcbbVyIBEBJdopWyufk+eUD/6VB3vFHutp4sPMXPZvIAPTI
LNH9sZIjVbehBxlq6vO0fWp+hpXukXr2mOXjTbuk7g/c5dwvIGJXwuARu3HrJxqg
nAwiRm3Y1mUDCY+cdcVy41E/ey9f2pLq+G2keACpC6X7zh/DKTg=
=NEKf
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYgBasuNLKJtyKPYoAQiFOA//WoXCaeeMsPuIA2boPe8mXAEhaHfmcDDU
5zbt45mIt/TlSjBIXez38A5JNPYpPbsvb/31Fck3f+x6wBOtP3vTtYnpC742wa67
MqsEVr7iBvrX5iSVsGE/ZrIPSQHILk5iZI3kTnxA5w3sXMcx7BkqBhUHAtxrzCp6
7+VMIM+oUR8OWGeaSWTJ7GBxYJADxXtoafkvSm16uIDrWCH2sRwuHGrIcNecg+sA
lgWKma1B3m+Y8gAsXOAtOsbBl682RQGtREeCl3H24xvvevW7K1ybcUYRgXNSXllk
kEBFdqRmatK06e1QDNttpt/pyQnbxOP9DvC5tXdBQhcl+C2BB7IglQa14ln3u3Wx
yL6LGgrDoMeH5LOoBHm++iGsUBZaLMuCHxg0CvmTU8eKk4e5+6JtbA9YXIXLRjAy
8UIgAOAJiIgg+784Eru20L9ZxyU1by9Nz/caFXePn5t4mAUI6RIhxNPBPmz0eoef
v1vGcckC1NbL7vracmgMMF3j3/0VlUqOBbuMDNy98wnw1/T3Tg5ThMRgfiomw33y
Ns149O3hDJJtCA5P41Jt855M3ID5a0e5iwFwPWdHc1kFT2SUfPYwSp0DRsvt0blR
/N0YWtz+xpbhjQUt1ZWvYCjTSz4tvwL+pPFK8xGwsiBE93+nE6ZqgFCKeOsIaYdp
PlckdpQDRcY=
=iY9k
-----END PGP SIGNATURE-----