Libpng Security Vulnerability [Medium Priority]


#1

Short story: You can usually fix these vulnerabilities by upgrading and updating your packages. Do this by running this in a shell:

sudo apt-get update; sudo apt-get upgrade

I would think this would be a “medium” priority for Mail-in-a-Box users, because I imagine there may be some image processing with PNG, because of NextCloud. However, I am not sure. @murgero, @JoshData, help?? :smiley: Anyway, Canonical people say this: “It was discovered that libpng incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file, a remote attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute arbitrary code.”

If we don’t even use libpng, then I will put this as a “lowest priority” as a theorical vulnerability, for the few people that choose to modify their machines.

https://usn.ubuntu.com/3962-1/

CVE-2019-7317
Ubuntu: https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7317.html
Debian: https://security-tracker.debian.org/tracker/CVE-2019-7317
Priority: Medium
(medium: “Open vulnerability that is a real problem and is exploitable for many users of the affected software. Examples include network daemon denial of service, cross-site scripting and gaining user privileges.”)