Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2224
pngquant security update
29 June 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: pngquant
Publisher: Debian
Operating System: Debian GNU/Linux 8
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2016-5735
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2020/06/msg00028.html
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running pngquant check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : pngquant
Version : 2.3.0-1+deb8u1
CVE ID : CVE-2016-5735
It was found that pngquant, a PNG (Portable Network Graphics) image
optimising utility, is susceptible to a buffer overflow write issue
triggered by a maliciously crafted png image, which could lead into
denial of service or other issues.
For Debian 8 "Jessie", this problem has been fixed in version
2.3.0-1+deb8u1.
We recommend that you upgrade your pngquant packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl74jF5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdSgg//dry52RjPkWBcJrFZi0Z19qiOkcS02RKfTy53QT0b9ILSSUO2n8whPQaJ
pkNjHhMi+8aqZsW26gaFQrBxfUI5vRJEtmn3pionXU4toGXvV3o1W0gX3QrXE9OV
UCWz5dgN4SLUFYkxo6TCEq64hi1FieiuvpD8b4SRv1QLqjp0OwhJdWJUcw2ZykRh
hpyJ6E217dKqLcrjzB+tMcRdupazgQ1ZYIAmX84+nC8MjZDBLFN3olUoq4wtjj54
RRrsDITb1+ouCs+dG/zn4TV+e2IwcXUHDJmpWE1x5hMcdzg1P9iH1k90n6YfzKCT
U1aXQCmWAu1MccqeHqi4TS9x9qdv5WpOpRU/wBiM3I0kPoTY5CzqQFounz/3ngm2
KUlziuGZJGX6ypNa0H6zhh6XRAybvdrLyC6Zi2bk806Yb9STk93Opwlp7pEaC8Cd
MqMoVc9XqlIyhSCMomWju0Ej6K7q2NxyaSIAWmQFr1+VFaKxMqNY9fBi/3eZ8vXp
eaq8tjWkN4xOSqdd0sovh+DQqP4vuusbOsRqqrFliUMHKQMZCoigLEcdCM8Qp/Ib
awPOxKKfY9AkTS7LYi+IF+mMt3yg/rzxs6GmLgVgx9gzFw//wfTyVkl/suiS8ab0
rXv9Ex+5Q45KrpaZg214URUSzRuB6bDFzW6RQTXK0OkBoIviOhw=
=3gva
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXvmHd+NLKJtyKPYoAQgMLw/+KseDILWgpF7gCaIAu/YxfuOJQzR3hwqb
7z7Qojoao5rc2pwjknLa0or+xIj6qT7SOdyZrzPO0uDMHikKAaWddAol94ijYm71
KgaimdyvCVpcgEJm72bLRXbsHKxv1NDXnZnXs/sIS6z9a2pmrAduhnt00N/zkIrf
hzdi3vyLa/ytpOuXxnrCgDk13HDNmlKAPEDAKl8SmCicY5jd6+g4isn4YpNga4rS
yGGgdVIyBTFpINbtIEwO3yc5XaWGRMjN3/A3NCdUojmMfFcJovi+zJpVZOwuNh/0
GQ0gAs67DgqDAr5wdpnFqWYZP0RlPAGBTaDXgcLa2E595d6K6SoJJmdpshBM5M8B
zZJPX8ciz03vUpWSGR5pNP+20UIiWlsY+rWxnt+o9M8ExfCd8ekIL+khewbCtz1O
Pxch9CM0Kg38BenNsiUJozyXFWRR+dEU9Kh9xZbRxLNPK4ck2MTdFNH0/vh9tpBa
e5MCknBxkAaehPWizhkr8Bfvq5GX5Y4JT8eQNnzJbJInEi7mH+qkDwTFhcbWqIaq
JJBPjHt6Lj+a1Z2Yq86tBaCL5PgnrMW/2dq5/y5d87dGhoHvoJrBGBaJoBNLEjcx
HzTZ7Y5jyuvr1FSNqxPITv2ZrdTFmkttfWgn1F8ZygKkZ1ZZqTKlWT4Vuf8E4ZNe
yXH50G1fe24=
=Kx1z
-----END PGP SIGNATURE-----