Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2224 pngquant security update 29 June 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: pngquant Publisher: Debian Operating System: Debian GNU/Linux 8 UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2016-5735 Original Bulletin: https://lists.debian.org/debian-lts-announce/2020/06/msg00028.html Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running pngquant check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : pngquant Version : 2.3.0-1+deb8u1 CVE ID : CVE-2016-5735 It was found that pngquant, a PNG (Portable Network Graphics) image optimising utility, is susceptible to a buffer overflow write issue triggered by a maliciously crafted png image, which could lead into denial of service or other issues. For Debian 8 "Jessie", this problem has been fixed in version 2.3.0-1+deb8u1. We recommend that you upgrade your pngquant packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl74jF5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEdSgg//dry52RjPkWBcJrFZi0Z19qiOkcS02RKfTy53QT0b9ILSSUO2n8whPQaJ pkNjHhMi+8aqZsW26gaFQrBxfUI5vRJEtmn3pionXU4toGXvV3o1W0gX3QrXE9OV UCWz5dgN4SLUFYkxo6TCEq64hi1FieiuvpD8b4SRv1QLqjp0OwhJdWJUcw2ZykRh hpyJ6E217dKqLcrjzB+tMcRdupazgQ1ZYIAmX84+nC8MjZDBLFN3olUoq4wtjj54 RRrsDITb1+ouCs+dG/zn4TV+e2IwcXUHDJmpWE1x5hMcdzg1P9iH1k90n6YfzKCT U1aXQCmWAu1MccqeHqi4TS9x9qdv5WpOpRU/wBiM3I0kPoTY5CzqQFounz/3ngm2 KUlziuGZJGX6ypNa0H6zhh6XRAybvdrLyC6Zi2bk806Yb9STk93Opwlp7pEaC8Cd MqMoVc9XqlIyhSCMomWju0Ej6K7q2NxyaSIAWmQFr1+VFaKxMqNY9fBi/3eZ8vXp eaq8tjWkN4xOSqdd0sovh+DQqP4vuusbOsRqqrFliUMHKQMZCoigLEcdCM8Qp/Ib awPOxKKfY9AkTS7LYi+IF+mMt3yg/rzxs6GmLgVgx9gzFw//wfTyVkl/suiS8ab0 rXv9Ex+5Q45KrpaZg214URUSzRuB6bDFzW6RQTXK0OkBoIviOhw= =3gva - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXvmHd+NLKJtyKPYoAQgMLw/+KseDILWgpF7gCaIAu/YxfuOJQzR3hwqb 7z7Qojoao5rc2pwjknLa0or+xIj6qT7SOdyZrzPO0uDMHikKAaWddAol94ijYm71 KgaimdyvCVpcgEJm72bLRXbsHKxv1NDXnZnXs/sIS6z9a2pmrAduhnt00N/zkIrf hzdi3vyLa/ytpOuXxnrCgDk13HDNmlKAPEDAKl8SmCicY5jd6+g4isn4YpNga4rS yGGgdVIyBTFpINbtIEwO3yc5XaWGRMjN3/A3NCdUojmMfFcJovi+zJpVZOwuNh/0 GQ0gAs67DgqDAr5wdpnFqWYZP0RlPAGBTaDXgcLa2E595d6K6SoJJmdpshBM5M8B zZJPX8ciz03vUpWSGR5pNP+20UIiWlsY+rWxnt+o9M8ExfCd8ekIL+khewbCtz1O Pxch9CM0Kg38BenNsiUJozyXFWRR+dEU9Kh9xZbRxLNPK4ck2MTdFNH0/vh9tpBa e5MCknBxkAaehPWizhkr8Bfvq5GX5Y4JT8eQNnzJbJInEi7mH+qkDwTFhcbWqIaq JJBPjHt6Lj+a1Z2Yq86tBaCL5PgnrMW/2dq5/y5d87dGhoHvoJrBGBaJoBNLEjcx HzTZ7Y5jyuvr1FSNqxPITv2ZrdTFmkttfWgn1F8ZygKkZ1ZZqTKlWT4Vuf8E4ZNe yXH50G1fe24= =Kx1z -----END PGP SIGNATURE-----