Advisories » MGASA-2017-0447

Updated optipng packages fix security vulnerability

Publication date: 10 Dec 2017
Modification date: 10 Dec 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-1000229 , CVE-2017-16938

Description

- CVE-2017-1000229: Fix integer overflow bug in function
  minitiff_read_info() allows an attacker to remotely execute code or
  cause denial of service.
- CVE-2017-16938: Fix a global buffer overflow that allows attackers to
  cause DoS via a maliciously crafted GIF file.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22099
• https://sourceforge.net/p/optipng/bugs/65/
• https://sourceforge.net/p/optipng/bugs/69/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000229
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16938

SRPMS

6/core

• optipng-0.7.6-1.1.mga6

5/core

• optipng-0.7.6-1.1.mga5