| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Dec 2007 13:42:42 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-550-1] Cairo vulnerability
===========================================================
Ubuntu Security Notice USN-550-1 December 03, 2007
libcairo vulnerability
CVE-2007-5503
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libcairo2 1.0.4-0ubuntu1.1
Ubuntu 6.10:
libcairo2 1.2.4-1ubuntu2.1
Ubuntu 7.04:
libcairo2 1.4.2-0ubuntu1.1
Ubuntu 7.10:
libcairo2 1.4.10-1ubuntu4.1
After a standard system upgrade you need to restart your session to effect
the necessary changes.
Details follow:
Peter Valchev discovered that Cairo did not correctly decode PNG image data.
By tricking a user or automated system into processing a specially crafted
PNG with Cairo, a remote attacker could execute arbitrary code with user
privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.0.4-0ubuntu1.1.diff.gz
Size/MD5: 21363 923fce5eeadd28210253d4abee94c021
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.0.4-0ubuntu1.1.dsc
Size/MD5: 758 1a9841f672270e575c0b969ac43770e6
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.0.4.orig.tar.gz
Size/MD5: 1475777 9002b0e69b3f94831a22d3f2a7735ce2
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-doc_1.0.4-0ubuntu1.1_all.deb
Size/MD5: 248806 d07f34dfefa986bce48832d8045b7a91
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.0.4-0ubuntu1.1_amd64.deb
Size/MD5: 379060 76ded810d17804925ad12bae5e3d245f
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.0.4-0ubuntu1.1_amd64.deb
Size/MD5: 325530 9a516ba06e5b5a27e21b66bb4347078c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.0.4-0ubuntu1.1_i386.deb
Size/MD5: 349700 ee50215cd08bf62e31cda8f17c5799f4
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.0.4-0ubuntu1.1_i386.deb
Size/MD5: 305972 55d2c047477e179c5ac7dc67ab376aa4
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.0.4-0ubuntu1.1_powerpc.deb
Size/MD5: 358682 fdf4b2bad4b64ab465869bced8865ba0
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.0.4-0ubuntu1.1_powerpc.deb
Size/MD5: 310390 cdfd66c03c826f73090c230afb4fe9ec
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.0.4-0ubuntu1.1_sparc.deb
Size/MD5: 344788 ff7a4c0a0c9d7a357412156dc9871577
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.0.4-0ubuntu1.1_sparc.deb
Size/MD5: 299764 daf1419acbbf7dc92d395ffbe00fa65c
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.2.4-1ubuntu2.1.diff.gz
Size/MD5: 24719 bcd1d3e83c5582aa19ebca95a24127a3
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.2.4-1ubuntu2.1.dsc
Size/MD5: 896 932452487483a9eb21ebef4a44f2fc82
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.2.4.orig.tar.gz
Size/MD5: 2882781 1222b2bfdf113e2c92f66b3389659f2d
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-doc_1.2.4-1ubuntu2.1_all.deb
Size/MD5: 299204 8d7d5a9983fb53561516082dcbd08bd6
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-1ubuntu2.1_amd64.deb
Size/MD5: 416736 a5c36bbdb028235421ef125a6402487e
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.2.4-1ubuntu2.1_amd64.deb
Size/MD5: 356570 092a386f6376547f3bb8ce7ce32b485b
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.2.4-1ubuntu2.1_amd64.deb
Size/MD5: 471368 3b8d4bfd594bc70b95cc41db13602af3
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.2.4-1ubuntu2.1_amd64.deb
Size/MD5: 395646 b0c1fef7e375e2d6daf5e30755e084ee
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.2.4-1ubuntu2.1_amd64.udeb
Size/MD5: 158518 26c98933ee1b5454910a0eb817bf8954
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-1ubuntu2.1_i386.deb
Size/MD5: 399522 766ec4b85a287ff9aa4e166ba18b40a1
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.2.4-1ubuntu2.1_i386.deb
Size/MD5: 348112 ce9ca18e10e1aece9aa5c2ae328e803b
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.2.4-1ubuntu2.1_i386.deb
Size/MD5: 446278 200d50c73cc849e061ed94c4bbd10895
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.2.4-1ubuntu2.1_i386.deb
Size/MD5: 385436 668a20054d0c1a507ebcfc3010432639
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.2.4-1ubuntu2.1_i386.udeb
Size/MD5: 150094 8a06ce6c6b8869b141c45d8507e3d376
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-1ubuntu2.1_powerpc.deb
Size/MD5: 400866 7342cc89dd8937eaee61eb5f4de2d09a
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.2.4-1ubuntu2.1_powerpc.deb
Size/MD5: 345188 f5ae6066dbef03c3acf524ef890d6da3
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.2.4-1ubuntu2.1_powerpc.deb
Size/MD5: 455126 e78d418d23ec0a0a9ef62392f6970f82
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.2.4-1ubuntu2.1_powerpc.deb
Size/MD5: 382980 6dc5a272d5611a181c328ec2fbac6173
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.2.4-1ubuntu2.1_powerpc.udeb
Size/MD5: 146998 6f406f0fcb4f6638e13681704dde4af0
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-1ubuntu2.1_sparc.deb
Size/MD5: 383676 cb664835cbfc7460922bb947f32fb372
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.2.4-1ubuntu2.1_sparc.deb
Size/MD5: 333126 4493ce63b9596f0efcea952ed0e68580
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.2.4-1ubuntu2.1_sparc.deb
Size/MD5: 431944 a48df7da812e0ab97eb4905c28bfee02
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.2.4-1ubuntu2.1_sparc.deb
Size/MD5: 368906 8c723281873077a45359691886e656b8
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.2.4-1ubuntu2.1_sparc.udeb
Size/MD5: 135074 0ceca57c8f30bb224c867153ac1f5a13
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.2-0ubuntu1.1.diff.gz
Size/MD5: 28909 dc5d96d605e11690a89a0cc59e042e65
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.2-0ubuntu1.1.dsc
Size/MD5: 980 09a868118408cab715afdba4a64544bf
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.2.orig.tar.gz
Size/MD5: 3081092 b254633046eafe603776d0bee791b751
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-doc_1.4.2-0ubuntu1.1_all.deb
Size/MD5: 328950 d240767edabea69fab2d1340061a8415
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.1_amd64.deb
Size/MD5: 514708 b394fa71b94e568a71e4ace24a2a1977
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.1_amd64.deb
Size/MD5: 429892 845d889c83417a8574f378694f81bbd1
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.1_amd64.deb
Size/MD5: 536802 7ed3be4626a9244c0fafb45fc010a280
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.1_amd64.deb
Size/MD5: 445778 6afcb89b07478475ac4a8979f1c1c308
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.1_amd64.udeb
Size/MD5: 213856 51637a90f27e73133b71a28ec312b76d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.1_i386.deb
Size/MD5: 488474 321045d3cc696388a577d91cb1b2247c
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.1_i386.deb
Size/MD5: 419802 89c9b3258a0f360ada145028902d09a2
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.1_i386.deb
Size/MD5: 508426 5b857c0d96578e0be3a94dc946e2b517
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.1_i386.deb
Size/MD5: 435198 ccc97bd5ac8e03b2c19cc3b3d4fc1781
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.1_i386.udeb
Size/MD5: 203914 04537f47590bc36266085f342c401d58
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.1_powerpc.deb
Size/MD5: 498194 474be7633bf6807c5feed136a9e7a675
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.1_powerpc.deb
Size/MD5: 422678 13195737993d842cff7f86fe253c74bd
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.1_powerpc.deb
Size/MD5: 520250 36577274181793f8c962581e89621281
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.1_powerpc.deb
Size/MD5: 438486 e63d2bacd6728ff18133c4cfa821863e
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.1_powerpc.udeb
Size/MD5: 206840 84b1ad8e538fd2f7c2e7244acc145d89
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.1_sparc.deb
Size/MD5: 471746 caefead3a3d701d2511f569bef6f7c5b
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.1_sparc.deb
Size/MD5: 402034 b67d2c0dc7b8463c5dc490f61a67b99d
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.1_sparc.deb
Size/MD5: 491938 1d6e659088b0640d97e3706388f8395e
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.1_sparc.deb
Size/MD5: 416758 4d7530c925a14f982b46c3d21e736540
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.1_sparc.udeb
Size/MD5: 186118 7b18ab17c8e4362d52fd339ea1ecdf45
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.10-1ubuntu4.1.diff.gz
Size/MD5: 35570 12f55e0fce101397b1030e3085e787e9
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.10-1ubuntu4.1.dsc
Size/MD5: 1013 563489e7174346f4fbbd0503a3c0f9ed
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.10.orig.tar.gz
Size/MD5: 3216689 5598a5e500ad922e37b159dee72fc993
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-doc_1.4.10-1ubuntu4.1_all.deb
Size/MD5: 407584 264885e31177e66f213e1105cf87b1f7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.1_amd64.deb
Size/MD5: 571828 988ad2fddde5034618d78dce50b2ac34
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.1_amd64.deb
Size/MD5: 488860 8702b2a50e6a7021c7ed56dcea3c7f10
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.1_amd64.deb
Size/MD5: 632534 9ee7fd807a87bf3cbe6a582f7ceaee45
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.1_amd64.deb
Size/MD5: 536752 b07df53c9796fa11031fa9cb1188285d
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.1_amd64.udeb
Size/MD5: 195644 4db32d0439a5d30782c2862a6a238a13
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.1_i386.deb
Size/MD5: 546244 dcdca233fd9dfe301bdc4eb003958e73
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.1_i386.deb
Size/MD5: 479388 f72bfa5554759ab7121f86dff86e1b96
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.1_i386.deb
Size/MD5: 601014 e6ad6e1a08cd5eb80b3004727a502b6e
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.1_i386.deb
Size/MD5: 523870 7904ff1c74a8fb55504e02eb7ea83a05
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.1_i386.udeb
Size/MD5: 186260 e23492f349678781988ab526a5f5b371
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.1_powerpc.deb
Size/MD5: 554614 4aa9520c327bc96bf0f33e740584a4b8
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.1_powerpc.deb
Size/MD5: 478798 c25f183b7bd4291d8de295b98dceecfa
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.1_powerpc.deb
Size/MD5: 613700 13bf3f4c94d3cfb6141f20beccbaaa76
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.1_powerpc.deb
Size/MD5: 528254 693491287b6695c4487604199f285dd6
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.1_powerpc.udeb
Size/MD5: 186174 39dd373e44b1e0e3138c78e313ba332a
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.1_sparc.deb
Size/MD5: 543434 f26a9fd33bba743ce57168a92e6fab15
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.1_sparc.deb
Size/MD5: 470870 44c50c6a3b2a3b6b22e7c9df743f1ede
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.1_sparc.deb
Size/MD5: 584514 3cb9245c5f4acd9b78177dadd3a43279
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.1_sparc.deb
Size/MD5: 505054 2272a6ba6f78bf385f9cc1d21cfd078c
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.1_sparc.udeb
Size/MD5: 177480 4d618844733ed433ca2afc74a52e47a6
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists