[SECURITY] Fedora EPEL 6 Update: optipng-0.7.6-6.el6

Mon, 09 Apr 2018 11:07:09 -0700 

--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2017-6aaee32b7e
2018-04-09 18:05:54.552132
--------------------------------------------------------------------------------

Name        : optipng
Product     : Fedora EPEL 6
Version     : 0.7.6
Release     : 6.el6
URL         : http://optipng.sourceforge.net/
Summary     : PNG optimizer and converter
Description :
OptiPNG is a PNG optimizer that recompresses image files to a smaller size,
without losing any information. This program also converts external formats
(BMP, GIF, PNM and TIFF) to optimized PNG, and performs PNG integrity checks
and corrections.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2017-1000229 and CVE-2017-16938
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1520234 - CVE-2017-1000229 optipng: integer overflow in 
tiffread.c:minitiff_read_info() leading to denial of service
        https://bugzilla.redhat.com/show_bug.cgi?id=1520234
  [ 2 ] Bug #1520227 - CVE-2017-16938 optipng: global buffer overflow in 
gifread.c:LZWReadByte when parsing malicious GIF
        https://bugzilla.redhat.com/show_bug.cgi?id=1520227
--------------------------------------------------------------------------------

This update can be installed with the "yum" update programs.  Use
su -c 'yum update optipng' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/ch-yum.html

All packages are signed with the Fedora EPEL GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
epel-package-announce mailing list -- 
epel-package-announce@lists.fedoraproject.org
To unsubscribe send an email to 
epel-package-announce-le...@lists.fedoraproject.org

Reply via email to