ALAS2-2020-1450


Amazon Linux 2 Security Advisory: ALAS-2020-1450
Advisory Release Date: 2020-07-14 02:27 Pacific
Advisory Updated Date: 2020-07-17 00:48 Pacific
Severity: Medium
References: CVE-2019-9210 

Issue Overview:

In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.) (CVE-2019-9210 )


Affected Packages:

advancecomp


Issue Correction:
Run yum update advancecomp to update your system.

New Packages:
aarch64:
    advancecomp-1.15-22.amzn2.aarch64
    advancecomp-debuginfo-1.15-22.amzn2.aarch64

i686:
    advancecomp-1.15-22.amzn2.i686
    advancecomp-debuginfo-1.15-22.amzn2.i686

src:
    advancecomp-1.15-22.amzn2.src

x86_64:
    advancecomp-1.15-22.amzn2.x86_64
    advancecomp-debuginfo-1.15-22.amzn2.x86_64