[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041023011750.GO5391@alcor.net>
From: mdz at canonical.com (Matt Zimmerman)
Subject: [USN-1-1] PNG library vulnerabilities
===========================================================
Ubuntu Security Notice 1-1 October 22, 2004
PNG library vulnerabilities
CAN-2004-0955
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libpng12-0
libpng12-dev
libpng10-0
libpng10-dev
The problem can be corrected by upgrading the affected package to version
1.2.5.0-7ubuntu1 (libpng12-0 and libpng12-dev) or 1.0.15-6ubuntu1
(libpng10-0 and libpng10-dev). In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
Several integer overflow vulnerabilities were discovered in the PNG library.
These vulnerabilities could be exploited by an attacker by providing a
specially crafted PNG image which, when processed by the PNG library, could
result in the execution of program code provided by the attacker.
The PNG library is used by a variety of software packages for different
purposes, so the exact nature of the exposure will vary depending on the
software involved.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.0.15.orig.tar.gz
Size/MD5 checksum: 502477 ec2a949b603cba9660f823006b80b088
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng3/libpng3_1.2.5.0-7ubuntu1.diff.gz
Size/MD5 checksum: 14478 681d8f91035b645b1c8266651b2c38aa
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng3/libpng3_1.2.5.0.orig.tar.gz
Size/MD5 checksum: 505988 0cec860559f2f5f7145da3c6851bacb7
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng3/libpng3_1.2.5.0-7ubuntu1.dsc
Size/MD5 checksum: 649 2571afe213df2c2dde45531ca308df7b
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.0.15-6ubuntu1.diff.gz
Size/MD5 checksum: 14754 aebf1d31433bce584e7c3c6bfbf615fe
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.0.15-6ubuntu1.dsc
Size/MD5 checksum: 624 6ae0f6ba400182bdce210b84e7450076
Architecture-independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng3/libpng3_1.2.5.0-7ubuntu1_all.deb
Size/MD5 checksum: 938 caeda701d831b9c25644fa81763a0f5e
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng2_1.0.15-6ubuntu1_all.deb
Size/MD5 checksum: 936 85270f44a5c007519009792d3aac298e
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng2-dev_1.0.15-6ubuntu1_all.deb
Size/MD5 checksum: 1164 804c624d1cac4a58d42da83c225c8c6a
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng3/libpng3-dev_1.2.5.0-7ubuntu1_all.deb
Size/MD5 checksum: 930 13f95dbbce7f602efaa1b2d98dc7d264
amd64 architecture (AMD and Intel x86-64)
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng3/libpng12-0-udeb_1.2.5.0-7ubuntu1_amd64.udeb
Size/MD5 checksum: 73376 29f810ada0ca82adb4a10131c5a556d9
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1.0.15-6ubuntu1_amd64.deb
Size/MD5 checksum: 196096 45fa86a8e931d86c9267afd4f3aa48d6
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng3/libpng12-0_1.2.5.0-7ubuntu1_amd64.deb
Size/MD5 checksum: 112856 6a6e0bea984f0dd728948cf84eab1d4e
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng3/libpng12-dev_1.2.5.0-7ubuntu1_amd64.deb
Size/MD5 checksum: 246614 f8ee42dc7a90c3d9e7e9467c1be4e5fc
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0.15-6ubuntu1_amd64.deb
Size/MD5 checksum: 109846 2f5b591155653664b1c63f1282cd20c0
i386 architecture (Intel ia32)
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng3/libpng12-0_1.2.5.0-7ubuntu1_i386.deb
Size/MD5 checksum: 108280 e24d3796d30f2bbf3223fc04df1d6970
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1.0.15-6ubuntu1_i386.deb
Size/MD5 checksum: 185296 842d33740c4669252ea0ca6cf5cc940b
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng3/libpng12-0-udeb_1.2.5.0-7ubuntu1_i386.udeb
Size/MD5 checksum: 69288 e3b243a4de3eeab9d98166e3c41d3905
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng3/libpng12-dev_1.2.5.0-7ubuntu1_i386.deb
Size/MD5 checksum: 235496 ca046adddb8f32f59bfdce42695e39df
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0.15-6ubuntu1_i386.deb
Size/MD5 checksum: 105174 63225f7373d0356bf64642003ed2bdb7
powerpc architecture (PowerPC)
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng3/libpng12-0_1.2.5.0-7ubuntu1_powerpc.deb
Size/MD5 checksum: 115164 7c483c678026b25440a600e5986d0690
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0.15-6ubuntu1_powerpc.deb
Size/MD5 checksum: 112286 68b538d1c5ce3c432a58b1f376790e99
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng3/libpng12-0-udeb_1.2.5.0-7ubuntu1_powerpc.udeb
Size/MD5 checksum: 76046 97ffcc478268e08742cad6227fb15344
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng3/libpng12-dev_1.2.5.0-7ubuntu1_powerpc.deb
Size/MD5 checksum: 250596 f5901c8e0800329f24e33ecc15599249
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1.0.15-6ubuntu1_powerpc.deb
Size/MD5 checksum: 200242 3bc5f0b755a906b505fa3e0a48263f22
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041022/0f322da1/attachment.bin
Powered by blists - more mailing lists