advancecomp-1.15-22.el7

エラータID: AXSA:2020-4556:01

Release date: 
Thursday, April 2, 2020 - 07:26
Subject: 
advancecomp-1.15-22.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

AdvanceCOMP is a set of recompression utilities for .PNG, .MNG and .ZIP files.

Security Fix(es):

* advancecomp: integer overflow in png_compress in pngex.cc (CVE-2019-9210)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.8 Release Notes linked from the References section.

CVE-2019-9210
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)

Solution: 

Update packages.

CVEs: 
CVE-2019-9210
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)
Additional Info: 

N/A

Download: 

SRPMS
  1. advancecomp-1.15-22.el7.src.rpm
    MD5: 386a9a9a44148fec3c638bb3742c51ea
    SHA-256: 753a3870842b41b4bec5438e806382b0f15d45d83d27ebdc62f91195ccb7733b
    Size: 263.15 kB

Asianux Server 7 for x86_64
  1. advancecomp-1.15-22.el7.x86_64.rpm
    MD5: aea4b604c77bf2bb56801aa751655053
    SHA-256: 8976058a8e204e93070d3abcde8539f4ba109ebd7029cf16dbf0bf9133559eab
    Size: 173.10 kB