ALAS-2016-646


Amazon Linux 1 Security Advisory: ALAS-2016-646
Advisory Release Date: 2016-02-09 13:30 Pacific
Advisory Updated Date: 2016-02-09 13:30 Pacific
Severity: Low

Issue Overview:

A double-free bug was discovered in pngcrush's handling of the sPLT chunk. A malicious PNG could crash the pngcrush process. (CVE-2015-7700)


Affected Packages:

pngcrush


Issue Correction:
Run yum update pngcrush to update your system.

New Packages:
i686:
    pngcrush-1.7.92-1.11.amzn1.i686
    pngcrush-debuginfo-1.7.92-1.11.amzn1.i686

src:
    pngcrush-1.7.92-1.11.amzn1.src

x86_64:
    pngcrush-debuginfo-1.7.92-1.11.amzn1.x86_64
    pngcrush-1.7.92-1.11.amzn1.x86_64