[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1278596378.3058.8.camel@mdlinux.technorage.com>
Date: Thu, 08 Jul 2010 09:39:38 -0400
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-960-1] libpng vulnerabilities
===========================================================
Ubuntu Security Notice USN-960-1 July 08, 2010
libpng vulnerabilities
CVE-2010-1205, CVE-2010-2249
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libpng12-0 1.2.8rel-5ubuntu0.6
Ubuntu 8.04 LTS:
libpng12-0 1.2.15~beta5-3ubuntu0.3
Ubuntu 9.04:
libpng12-0 1.2.27-2ubuntu2.2
Ubuntu 9.10:
libpng12-0 1.2.37-1ubuntu0.2
Ubuntu 10.04 LTS:
libpng12-0 1.2.42-1ubuntu2.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
Details follow:
It was discovered that libpng did not properly handle certain malformed PNG
images. If a user or automated system were tricked into opening a crafted
PNG file, an attacker could cause a denial of service or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2010-1205)
It was discovered that libpng did not properly handle certain malformed PNG
images. If a user or automated system were tricked into processing a
crafted PNG image, an attacker could possibly use this flaw to consume all
available resources, resulting in a denial of service. (CVE-2010-2249)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.6.diff.gz
Size/MD5: 24044 8979ca6b113137fe5ee051c1c70571eb
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.6.dsc
Size/MD5: 661 92722fa973e92a99f982fe05b5826adf
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz
Size/MD5: 510681 cac1512878fb98f2456df6dc50bc9bc7
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5ubuntu0.6_all.deb
Size/MD5: 842 dcbc7d24c8426e3b3024859ec157f57e
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.6_amd64.deb
Size/MD5: 114528 aea355e99e67b76c9464f8cc49b3560d
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.6_amd64.deb
Size/MD5: 247576 f0e52e10a663f9b1b04d9371d4a2cf14
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.6_amd64.udeb
Size/MD5: 69504 6536e83152b2cf00d0d961b9b095c2d5
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.6_i386.deb
Size/MD5: 112048 b8f85cc6154602422a8841a5cad1a4a1
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.6_i386.deb
Size/MD5: 239628 fb6f6e62a9fa6114c50946c74cb2ed5d
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.6_i386.udeb
Size/MD5: 66946 501acb21d567d62608904e4272ff842d
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.6_powerpc.deb
Size/MD5: 111648 19cccb12fb968f40f04068b9da24f589
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.6_powerpc.deb
Size/MD5: 245230 ebdbfc860056170b7a165479d7905bb3
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.6_powerpc.udeb
Size/MD5: 66458 24e918a95770150b4df72530bd6de095
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.6_sparc.deb
Size/MD5: 109156 510d17affd2c0cf3f5dce5379df57d49
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.6_sparc.deb
Size/MD5: 240072 1ff11e0649a58bc7b809c86941aaafd7
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.6_sparc.udeb
Size/MD5: 63882 d7df02c540e66a536cbffca5d02645d5
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-3ubuntu0.3.diff.gz
Size/MD5: 22755 f5c0ba19b04eba8264ebb6b30c5617d6
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-3ubuntu0.3.dsc
Size/MD5: 832 d08a82b28411baa0184d3b8231fd8b61
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz
Size/MD5: 829038 77ca14fcee1f1f4daaaa28123bd0b22d
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.15~beta5-3ubuntu0.3_all.deb
Size/MD5: 940 7344fa4e61880636b014525f6e6482a1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_amd64.deb
Size/MD5: 190186 01f82b2b967c5212e834dd57c12c1a7c
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_amd64.deb
Size/MD5: 179752 c26e243dd21f5dd10b478c0415215c1c
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_amd64.udeb
Size/MD5: 70534 5f7628d9b644ae953c515d18f7de9980
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_i386.deb
Size/MD5: 188782 51354007cca0796218e3aaeba6142c41
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_i386.deb
Size/MD5: 171216 b7a092ef2f5955b380adc015bfae6c81
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_i386.udeb
Size/MD5: 69082 7612cd438ddfaab236de5f342f709b66
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_lpia.deb
Size/MD5: 189664 4825baf36c5d14b5066d548aaf050866
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_lpia.deb
Size/MD5: 172962 b16b496d6553fbf28523147617011b95
http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_lpia.udeb
Size/MD5: 70020 61f5d75c4435333ef586677a07d49915
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_powerpc.deb
Size/MD5: 190300 8ac6e4c1efb73de848d5bc5457093e7a
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_powerpc.deb
Size/MD5: 179166 d92637edf805d7d673a4440b2605dc57
http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_powerpc.udeb
Size/MD5: 70604 adf25dd26d85725ab3c74c4a80a7a541
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_sparc.deb
Size/MD5: 185622 ef3cf5486afe387d09bf05106893b371
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_sparc.deb
Size/MD5: 173422 4b2f3476b423a3c5c31ee0738bfb4458
http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_sparc.udeb
Size/MD5: 65928 ab5ac0b24d618dc432d1763a0e50ebda
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-2ubuntu2.2.diff.gz
Size/MD5: 176459 b2f27af9534f3c5b9a120680cd41ce7c
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-2ubuntu2.2.dsc
Size/MD5: 1296 b66efe2157ab6f3dad6e57b4fe9dbf13
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27.orig.tar.gz
Size/MD5: 783204 13a0de401db1972a8e68f47d5bdadd13
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.27-2ubuntu2.2_all.deb
Size/MD5: 932 1c66e49e2b875fa40c5556c19d076508
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_amd64.udeb
Size/MD5: 72852 a1bbcffd25c3ec87cbdf86be154962fc
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_amd64.deb
Size/MD5: 168576 9f40f2846c21aa5835f53ab6895ec5cf
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_amd64.deb
Size/MD5: 255784 d9060ad287e40ded1848b79284abbcc0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_i386.udeb
Size/MD5: 71102 c18134055d747d066b60218b69e99d45
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_i386.deb
Size/MD5: 166904 e8151a3f79f0fff6d98bbb0675621594
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_i386.deb
Size/MD5: 247922 ae8412d1c420f1dd63cb436382cad51f
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_lpia.udeb
Size/MD5: 71488 5179307ffe74c10515e61503e647606f
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_lpia.deb
Size/MD5: 167370 dd07d7a09484eb7711da5cd874099abe
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_lpia.deb
Size/MD5: 248872 a34333b123f4d12e7872868111942cbd
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_powerpc.udeb
Size/MD5: 71674 f742f2771d94ca29746906c1177d657d
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_powerpc.deb
Size/MD5: 167514 478378fde5c7fd14fbffa1be072aa21c
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_powerpc.deb
Size/MD5: 254642 ba3f255f4346a4483c5410d55acaac65
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_sparc.udeb
Size/MD5: 66670 ee067298bc51471f06bcf1a74b557310
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_sparc.deb
Size/MD5: 162336 ab167dcdbbd930a3d976af0ad57cbac2
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_sparc.deb
Size/MD5: 248428 8b96f4ff4f0ad8e366ed4475d3890948
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37-1ubuntu0.2.diff.gz
Size/MD5: 20129 f230ec37944a0150ffc83cfdddc7c906
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37-1ubuntu0.2.dsc
Size/MD5: 1293 fce0b2fd543aeff27d47fb91f12af053
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37.orig.tar.gz
Size/MD5: 805380 7480dbbf9f6c3297faf6fe52ec9b91ab
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.37-1ubuntu0.2_all.deb
Size/MD5: 932 cee669d58ac9660e1fe71cf9e2eeda9d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_amd64.udeb
Size/MD5: 73938 15bb328beed6ab3287967c54e4177018
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_amd64.deb
Size/MD5: 175088 f003cc7565826cfcc337ab409ffc6e8f
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_amd64.deb
Size/MD5: 265400 2d26dc0e9ddb6c2010776fbbcb82d791
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_i386.udeb
Size/MD5: 70444 a80af68dda6ff1aa3168040d33600e64
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_i386.deb
Size/MD5: 171594 3fca9df961cc3616b75f6518ab870a68
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_i386.deb
Size/MD5: 255474 1ab05dffaa25e1d9190d0ea872b0fbd8
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_lpia.udeb
Size/MD5: 71066 0495b247d489438259937bee1f17761f
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_lpia.deb
Size/MD5: 172296 730fd7a16f9496e37ffee99ea68d15a6
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_lpia.deb
Size/MD5: 257350 fff93fe6a558aef20e20b8b8f15227e7
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_powerpc.udeb
Size/MD5: 72524 8e92aaedc8e6fabafed81cca60a833e9
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_powerpc.deb
Size/MD5: 173720 055336debc8a5b9ff92e6cae9998ac94
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_powerpc.deb
Size/MD5: 264674 dbd6ca8bcdcf241c0629b7b27e0e1e5d
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_sparc.udeb
Size/MD5: 67348 44b9c2989661e116d78b809a8657a5c8
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_sparc.deb
Size/MD5: 168516 b98b4872db6f90caf0f43da67197dec0
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_sparc.deb
Size/MD5: 257634 eb673ad114284bbd9be37e1c322e1bfb
Updated packages for Ubuntu 10.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.42-1ubuntu2.1.debian.tar.bz2
Size/MD5: 19511 ac49d7354c1ab87a91dbad607733629f
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.42-1ubuntu2.1.dsc
Size/MD5: 1299 dae31f78418d5db8c3476d7562859658
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.42.orig.tar.bz2
Size/MD5: 670811 9a5cbe9798927fdf528f3186a8840ebe
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.42-1ubuntu2.1_all.deb
Size/MD5: 926 602d7036448637b45c1eacbc31e05640
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.42-1ubuntu2.1_amd64.udeb
Size/MD5: 74124 82cc493f2b3d80b10ccf3f9fa2ec4ff6
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.42-1ubuntu2.1_amd64.deb
Size/MD5: 180006 3b5339fe77bcdae97bb2a318496a192e
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.42-1ubuntu2.1_amd64.deb
Size/MD5: 271858 ae0c6a1e973dad2b0a0685fd863c096d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.42-1ubuntu2.1_i386.udeb
Size/MD5: 70692 b264bdd0086f3451e42df7f840ab894a
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.42-1ubuntu2.1_i386.deb
Size/MD5: 176510 03c3d70135e907f21b2342972d8a9b40
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.42-1ubuntu2.1_i386.deb
Size/MD5: 261728 955b40272944dd988ee39b62d8c6606c
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.42-1ubuntu2.1_powerpc.udeb
Size/MD5: 73380 ad2cda1c89c55c473121da33a40294f6
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.42-1ubuntu2.1_powerpc.deb
Size/MD5: 179272 b6623c3dcdc841a762308f889c8b478e
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.42-1ubuntu2.1_powerpc.deb
Size/MD5: 271898 fcccfdb0eb4bc3a3470a83888f8bae28
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.42-1ubuntu2.1_sparc.udeb
Size/MD5: 69258 ec2047ed5079933d6dbeb841a0207c59
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.42-1ubuntu2.1_sparc.deb
Size/MD5: 175214 142020dfd126d2335bc93bad6a714799
http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.42-1ubuntu2.1_sparc.deb
Size/MD5: 265174 06843a4a028c5533e89d5562cbeb2047
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists