Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-2868-1:B6C79
HistoryDec 29, 2021 - 9:42 p.m.

[SECURITY] [DLA 2868-1] advancecomp security update

2021-12-2921:42:32
lists.debian.org
15
advancecomp
recompression utilities
cve-2018-1056
cve-2019-8379
cve-2019-8383
cve-2019-9210
debian 9 stretch
security update

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.003

Percentile

68.1%

JSON

Debian LTS Advisory DLA-2868-1 [email protected]
https://www.debian.org/lts/security/ Adrian Bunk
December 29, 2021 https://wiki.debian.org/LTS

Package : advancecomp
Version : 1.20-1+deb9u1
CVE ID : CVE-2018-1056 CVE-2019-8379 CVE-2019-8383 CVE-2019-9210
Debian Bug : 889270 923416 928729 928730

Several vulnerabilities have been fixed in the AdvanceCOMP recompression
utilities.

CVE-2018-1056

Out-of-bounds heap buffer read in advzip.

CVE-2019-8379

NULL pointer dereference in be_uint32_read().

CVE-2019-8383

Invalid memory access in adv_png_unfilter_8().

CVE-2019-9210

Integer overflow in advpng with invalid PNG size.

For Debian 9 stretch, these problems have been fixed in version
1.20-1+deb9u1.

We recommend that you upgrade your advancecomp packages.

For the detailed security status of advancecomp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/advancecomp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9alladvancecomp< 1.20-1+deb9u1advancecomp_1.20-1+deb9u1_all.deb

Related

nessus 28
freebsd 1
openvas 13
osv 8
oraclelinux 2
debian 2
ubuntucve 4
redhat 2
fedora 5
centos 2
amazon 3
ubuntu 4
nvd 4
redhatcve 4
cve 4
cbl_mariner 2
alpinelinux 1
debiancve 4
mageia 3
cvelist 4
prion 4
veracode 3
nessus
nessus
Debian DLA-2868-1 : advancecomp - LTS security update
2021-12-30 00:00:00
NewStart CGSL CORE 5.04 / MAIN 5.04 : advancecomp Multiple Vulnerabilities (NS-SA-2020-0069)
2020-12-09 00:00:00
NewStart CGSL CORE 5.05 / MAIN 5.05 : advancecomp Multiple Vulnerabilities (NS-SA-2020-0101)
2020-12-09 00:00:00
freebsd
freebsd
advancecomp -- multiple vulnerabilities
2018-07-29 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2868-1)
2021-12-30 00:00:00
Debian: Security Advisory (DLA-1702-1)
2019-03-03 00:00:00
Ubuntu: Security Advisory (USN-5671-1)
2022-10-13 00:00:00
osv
osv
advancecomp - security update
2021-12-29 00:00:00
advancecomp - security update
2019-03-02 00:00:00
advancecomp vulnerabilities
2022-10-12 07:21:41
oraclelinux
oraclelinux
advancecomp security update
2020-04-06 00:00:00
advancecomp security update
2019-08-13 00:00:00
debian
debian
[SECURITY] [DLA 1702-1] advancecomp security update
2019-03-02 22:21:35
[SECURITY] [DLA 1281-1] advancecomp security update
2018-02-13 16:32:31
ubuntucve
ubuntucve
CVE-2019-8383
2019-02-17 00:00:00
CVE-2019-9210
2019-02-27 00:00:00
CVE-2019-8379
2019-02-17 00:00:00
redhat
redhat
(RHSA-2019:2332) Low: advancecomp security update
2019-08-06 08:26:12
(RHSA-2020:1037) Moderate: advancecomp security update
2020-03-31 09:11:17
fedora
fedora
[SECURITY] Fedora 30 Update: advancecomp-2.1-11.fc30
2019-06-19 22:46:11
[SECURITY] Fedora 30 Update: advancecomp-2.1-10.fc30
2019-03-29 19:27:24
[SECURITY] Fedora 29 Update: advancecomp-2.1-9.fc29
2019-03-16 19:17:53
centos
centos
advancecomp security update
2019-08-30 02:32:37
advancecomp security update
2020-04-08 17:41:47
amazon
amazon
Medium: mercurial
2019-10-21 18:01:00
Low: advancecomp
2019-10-21 18:01:00
Medium: advancecomp
2020-07-14 02:27:00
ubuntu
ubuntu
AdvanceCOMP vulnerabilities
2022-10-12 00:00:00
AdvanceCOMP vulnerability
2019-04-04 00:00:00
AdvanceCOMP vulnerability
2019-04-23 00:00:00
nvd
nvd
CVE-2019-9210
2019-02-27 14:29:00
CVE-2019-8379
2019-02-17 02:29:00
CVE-2019-8383
2019-02-17 02:29:00
redhatcve
redhatcve
CVE-2019-9210
2019-03-01 16:20:02
CVE-2019-8379
2019-10-12 02:24:15
CVE-2019-8383
2019-10-12 02:24:16
cve
cve
CVE-2019-9210
2019-02-27 14:29:00
CVE-2019-8379
2019-02-17 02:29:00
CVE-2019-8383
2019-02-17 02:29:00
cbl_mariner
cbl_mariner
CVE-2019-9210 affecting package advancecomp for versions less than 2.1-14
2023-05-25 10:22:04
CVE-2019-9210 affecting package advancecomp for versions less than 2.1-14
2023-05-25 10:22:04
alpinelinux
alpinelinux
CVE-2019-9210
2019-02-27 14:29:00
debiancve
debiancve
CVE-2019-9210
2019-02-27 14:29:00
CVE-2019-8379
2019-02-17 02:29:00
CVE-2019-8383
2019-02-17 02:29:00
mageia
mageia
Updated advancecomp packages fix security vulnerability
2019-04-05 21:12:59
Updated advancecomp packages fix security vulnerability
2020-01-05 18:37:51
Updated advancecomp packages fix security vulnerability
2018-02-25 02:25:24
cvelist
cvelist
CVE-2019-9210
2019-02-27 14:00:00
CVE-2019-8379
2019-02-17 02:00:00
CVE-2019-8383
2019-02-17 02:00:00
prion
prion
Integer overflow
2019-02-27 14:29:00
Null pointer dereference
2019-02-17 02:29:00
Code injection
2019-02-17 02:29:00
veracode
veracode
Denial Of Service (DoS)
2020-04-01 00:38:18
Denial Of Service (DoS)
2019-08-08 00:07:36
Denial Of Service (DoS)
2019-08-08 00:07:36

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.003

Percentile

68.1%

JSON
Related for DEBIAN:DLA-2868-1:B6C79
nessus28freebsd1openvas13osv8oraclelinux2debian2ubuntucve4redhat2fedora5centos2amazon3ubuntu4nvd4redhatcve4cve4cbl_mariner2alpinelinux1debiancve4mageia3cvelist4prion4veracode3