lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041023011750.GO5391@alcor.net>
From: mdz at canonical.com (Matt Zimmerman)
Subject: [USN-1-1] PNG library vulnerabilities

===========================================================
Ubuntu Security Notice 1-1                 October 22, 2004
PNG library vulnerabilities
CAN-2004-0955
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libpng12-0
libpng12-dev
libpng10-0
libpng10-dev

The problem can be corrected by upgrading the affected package to version
1.2.5.0-7ubuntu1 (libpng12-0 and libpng12-dev) or 1.0.15-6ubuntu1
(libpng10-0 and libpng10-dev).  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Several integer overflow vulnerabilities were discovered in the PNG library.
These vulnerabilities could be exploited by an attacker by providing a
specially crafted PNG image which, when processed by the PNG library, could
result in the execution of program code provided by the attacker.

The PNG library is used by a variety of software packages for different
purposes, so the exact nature of the exposure will vary depending on the
software involved.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.0.15.orig.tar.gz
      Size/MD5 checksum:   502477 ec2a949b603cba9660f823006b80b088
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng3/libpng3_1.2.5.0-7ubuntu1.diff.gz
      Size/MD5 checksum:    14478 681d8f91035b645b1c8266651b2c38aa
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng3/libpng3_1.2.5.0.orig.tar.gz
      Size/MD5 checksum:   505988 0cec860559f2f5f7145da3c6851bacb7
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng3/libpng3_1.2.5.0-7ubuntu1.dsc
      Size/MD5 checksum:      649 2571afe213df2c2dde45531ca308df7b
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.0.15-6ubuntu1.diff.gz
      Size/MD5 checksum:    14754 aebf1d31433bce584e7c3c6bfbf615fe
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.0.15-6ubuntu1.dsc
      Size/MD5 checksum:      624 6ae0f6ba400182bdce210b84e7450076

  Architecture-independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng3/libpng3_1.2.5.0-7ubuntu1_all.deb
      Size/MD5 checksum:      938 caeda701d831b9c25644fa81763a0f5e
    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng2_1.0.15-6ubuntu1_all.deb
      Size/MD5 checksum:      936 85270f44a5c007519009792d3aac298e
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng2-dev_1.0.15-6ubuntu1_all.deb
      Size/MD5 checksum:     1164 804c624d1cac4a58d42da83c225c8c6a
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng3/libpng3-dev_1.2.5.0-7ubuntu1_all.deb
      Size/MD5 checksum:      930 13f95dbbce7f602efaa1b2d98dc7d264

  amd64 architecture (AMD and Intel x86-64)

    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng3/libpng12-0-udeb_1.2.5.0-7ubuntu1_amd64.udeb
      Size/MD5 checksum:    73376 29f810ada0ca82adb4a10131c5a556d9
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1.0.15-6ubuntu1_amd64.deb
      Size/MD5 checksum:   196096 45fa86a8e931d86c9267afd4f3aa48d6
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng3/libpng12-0_1.2.5.0-7ubuntu1_amd64.deb
      Size/MD5 checksum:   112856 6a6e0bea984f0dd728948cf84eab1d4e
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng3/libpng12-dev_1.2.5.0-7ubuntu1_amd64.deb
      Size/MD5 checksum:   246614 f8ee42dc7a90c3d9e7e9467c1be4e5fc
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0.15-6ubuntu1_amd64.deb
      Size/MD5 checksum:   109846 2f5b591155653664b1c63f1282cd20c0

  i386 architecture (Intel ia32)

    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng3/libpng12-0_1.2.5.0-7ubuntu1_i386.deb
      Size/MD5 checksum:   108280 e24d3796d30f2bbf3223fc04df1d6970
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1.0.15-6ubuntu1_i386.deb
      Size/MD5 checksum:   185296 842d33740c4669252ea0ca6cf5cc940b
    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng3/libpng12-0-udeb_1.2.5.0-7ubuntu1_i386.udeb
      Size/MD5 checksum:    69288 e3b243a4de3eeab9d98166e3c41d3905
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng3/libpng12-dev_1.2.5.0-7ubuntu1_i386.deb
      Size/MD5 checksum:   235496 ca046adddb8f32f59bfdce42695e39df
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0.15-6ubuntu1_i386.deb
      Size/MD5 checksum:   105174 63225f7373d0356bf64642003ed2bdb7

  powerpc architecture (PowerPC)

    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng3/libpng12-0_1.2.5.0-7ubuntu1_powerpc.deb
      Size/MD5 checksum:   115164 7c483c678026b25440a600e5986d0690
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0.15-6ubuntu1_powerpc.deb
      Size/MD5 checksum:   112286 68b538d1c5ce3c432a58b1f376790e99
    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng3/libpng12-0-udeb_1.2.5.0-7ubuntu1_powerpc.udeb
      Size/MD5 checksum:    76046 97ffcc478268e08742cad6227fb15344
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng3/libpng12-dev_1.2.5.0-7ubuntu1_powerpc.deb
      Size/MD5 checksum:   250596 f5901c8e0800329f24e33ecc15599249
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1.0.15-6ubuntu1_powerpc.deb
      Size/MD5 checksum:   200242 3bc5f0b755a906b505fa3e0a48263f22
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041022/0f322da1/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ