[SECURITY] [DSA 5300-1] pngcheck security update

2022-12-1221:54:40

lists.debian.org

pngcheck security update

cve-2020-35511

debian security advisory

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

32.2%

JSON

Debian Security Advisory DSA-5300-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
December 12, 2022 https://www.debian.org/security/faq

Package : pngcheck
CVE ID : CVE-2020-35511

Multiple security issues were discovered in pngcheck, a tool to verify
the integrity of PNG, JNG and MNG files, which could potentially result
in the execution of arbitrary code.

For the stable distribution (bullseye), this problem has been fixed in
version 3.0.3-1~deb11u1.

We recommend that you upgrade your pngcheck packages.

For the detailed security status of pngcheck please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pngcheck

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11arm64pngcheck-dbgsym< 3.0.3-1~deb11u1pngcheck-dbgsym_3.0.3-1~deb11u1_arm64.deb
Debian11arm64pngcheck< 3.0.3-1~deb11u1pngcheck_3.0.3-1~deb11u1_arm64.deb
Debian10amd64pngcheck< 3.0.3-1~deb10u2pngcheck_3.0.3-1~deb10u2_amd64.deb
Debian10armhfpngcheck< 3.0.3-1~deb10u2pngcheck_3.0.3-1~deb10u2_armhf.deb
Debian11armelpngcheck-dbgsym< 3.0.3-1~deb11u1pngcheck-dbgsym_3.0.3-1~deb11u1_armel.deb
Debian11armhfpngcheck< 3.0.3-1~deb11u1pngcheck_3.0.3-1~deb11u1_armhf.deb
Debian11armhfpngcheck-dbgsym< 3.0.3-1~deb11u1pngcheck-dbgsym_3.0.3-1~deb11u1_armhf.deb
Debian11amd64pngcheck-dbgsym< 3.0.3-1~deb11u1pngcheck-dbgsym_3.0.3-1~deb11u1_amd64.deb
Debian10allpngcheck< 3.0.3-1~deb10u2pngcheck_3.0.3-1~deb10u2_all.deb
Debian11allpngcheck< 3.0.3-1~deb11u1pngcheck_3.0.3-1~deb11u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	arm64	pngcheck-dbgsym	< 3.0.3-1~deb11u1	pngcheck-dbgsym_3.0.3-1~deb11u1_arm64.deb
Debian	11	arm64	pngcheck	< 3.0.3-1~deb11u1	pngcheck_3.0.3-1~deb11u1_arm64.deb
Debian	10	amd64	pngcheck	< 3.0.3-1~deb10u2	pngcheck_3.0.3-1~deb10u2_amd64.deb
Debian	10	armhf	pngcheck	< 3.0.3-1~deb10u2	pngcheck_3.0.3-1~deb10u2_armhf.deb
Debian	11	armel	pngcheck-dbgsym	< 3.0.3-1~deb11u1	pngcheck-dbgsym_3.0.3-1~deb11u1_armel.deb
Debian	11	armhf	pngcheck	< 3.0.3-1~deb11u1	pngcheck_3.0.3-1~deb11u1_armhf.deb
Debian	11	armhf	pngcheck-dbgsym	< 3.0.3-1~deb11u1	pngcheck-dbgsym_3.0.3-1~deb11u1_armhf.deb
Debian	11	amd64	pngcheck-dbgsym	< 3.0.3-1~deb11u1	pngcheck-dbgsym_3.0.3-1~deb11u1_amd64.deb
Debian	10	all	pngcheck	< 3.0.3-1~deb10u2	pngcheck_3.0.3-1~deb10u2_all.deb
Debian	11	all	pngcheck	< 3.0.3-1~deb11u1	pngcheck_3.0.3-1~deb11u1_all.deb