ALAS-2016-646

Amazon Linux 1 (EOL) Security Advisory: ALAS-2016-646
Advisory Released Date: 2016-02-09
Advisory Updated Date: 2016-02-09
Severity: Low
Issue Overview:

A double-free bug was discovered in pngcrush's handling of the sPLT chunk. A malicious PNG could crash the pngcrush process. (CVE-2015-7700)


Affected Packages:

pngcrush


Issue Correction:
Run yum update pngcrush to update your system.

New Packages:
i686:
    pngcrush-1.7.92-1.11.amzn1.i686
    pngcrush-debuginfo-1.7.92-1.11.amzn1.i686

src:
    pngcrush-1.7.92-1.11.amzn1.src

x86_64:
    pngcrush-debuginfo-1.7.92-1.11.amzn1.x86_64
    pngcrush-1.7.92-1.11.amzn1.x86_64

Additional References

Red Hat: CVE-2015-7700

Mitre: CVE-2015-7700