lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20071210203629.GD8789@outflux.net>
Date: Mon, 10 Dec 2007 12:36:29 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-550-2] Cairo regression

=========================================================== 
Ubuntu Security Notice USN-550-2          December 10, 2007
libcairo regression
https://launchpad.net/bugs/NNNNNN
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.04:
  libcairo2                       1.4.2-0ubuntu1.2

Ubuntu 7.10:
  libcairo2                       1.4.10-1ubuntu4.2

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

USN-550-1 fixed vulnerabilities in Cairo.  The upstream fixes were incomplete,
and under certain situations, applications using Cairo would crash with a
floating point error.  This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Peter Valchev discovered that Cairo did not correctly decode PNG image data.
 By tricking a user or automated system into processing a specially crafted
 PNG with Cairo, a remote attacker could execute arbitrary code with user
 privileges.


Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.2-0ubuntu1.2.diff.gz
      Size/MD5:    29170 a64d5accaf670a3a042a0716291394d7
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.2-0ubuntu1.2.dsc
      Size/MD5:      980 f4568de7fd8d8e64448dd1132927061f
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.2.orig.tar.gz
      Size/MD5:  3081092 b254633046eafe603776d0bee791b751

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-doc_1.4.2-0ubuntu1.2_all.deb
      Size/MD5:   329056 b1575fd670eb3855e96edf52f3cf7ab0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.2_amd64.deb
      Size/MD5:   515040 59fc61a32d6c5ca65df42f268268f379
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.2_amd64.deb
      Size/MD5:   430266 6d63671bf6d432855a177a76cab4f1d0
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.2_amd64.deb
      Size/MD5:   537122 59f7f0831b4553b99b533958b2a5637d
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.2_amd64.deb
      Size/MD5:   446134 17a75ebfeaa43eca5075260f7322e604
    http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.2_amd64.udeb
      Size/MD5:   214084 e25a10d4d4e773a7a6a81e4222116497

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.2_i386.deb
      Size/MD5:   488790 979721dacfc63ff1e87c97d104355108
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.2_i386.deb
      Size/MD5:   420138 074aafcb523bc8b393ff13513ed94f81
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.2_i386.deb
      Size/MD5:   508712 6a177d9cffabeb7b46d0b1b1d83408bd
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.2_i386.deb
      Size/MD5:   435692 ff8716999c992cde0d53c0a4cd7776fb
    http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.2_i386.udeb
      Size/MD5:   204116 519465ff73b0dead2e18ecef8090c41f

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.2_powerpc.deb
      Size/MD5:   498406 cac5ffc403e3d286be56aa4c7dfcac03
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.2_powerpc.deb
      Size/MD5:   422954 313dccc5f8880eb99d2bd520dd6b1981
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.2_powerpc.deb
      Size/MD5:   520498 0c0472153c4b798e2219c3e72643818a
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.2_powerpc.deb
      Size/MD5:   438856 645c36b71f069a29c78e71517ebc9253
    http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.2_powerpc.udeb
      Size/MD5:   206976 d4d191ab373dae4bc9b61b4c72aefef4

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.2_sparc.deb
      Size/MD5:   472108 0317c9ca17ab5428f9e1f359cfb2fa06
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.2_sparc.deb
      Size/MD5:   402336 44be030c98706251b3e414f3e89a9154
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.2_sparc.deb
      Size/MD5:   492324 634481a6f873ae9c00b8b1a416b4ea7e
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.2_sparc.deb
      Size/MD5:   417212 f96fd87530823ee7aa2e6870049eb45f
    http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.2_sparc.udeb
      Size/MD5:   186296 42df2b3d472069e4918a717c964ba7f7

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.10-1ubuntu4.2.diff.gz
      Size/MD5:    35820 a5dae2b600de79eb6d6cd7c0df613554
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.10-1ubuntu4.2.dsc
      Size/MD5:     1013 8474af5f122f83ab1f75f9ea3f8d354e
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.10.orig.tar.gz
      Size/MD5:  3216689 5598a5e500ad922e37b159dee72fc993

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-doc_1.4.10-1ubuntu4.2_all.deb
      Size/MD5:   407696 c269f047a06167c111ee0a11365cc1ea

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.2_amd64.deb
      Size/MD5:   572210 a9642cb123ccf6312916e22c27a6e3a9
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.2_amd64.deb
      Size/MD5:   489124 4924ec45a4eea3a3a275f002415653e2
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.2_amd64.deb
      Size/MD5:   632822 07662831762f20e50139b5c950731f58
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.2_amd64.deb
      Size/MD5:   536922 99d1a0202e50db78c0c4646859fea13f
    http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.2_amd64.udeb
      Size/MD5:   195802 c81baf7740526b9ed2264ab2d5be8bc0

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.2_i386.deb
      Size/MD5:   546548 529e9341682d12e757d0e5dc686cc6ec
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.2_i386.deb
      Size/MD5:   479746 5769a4e61e6422cc12839ff17925de9f
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.2_i386.deb
      Size/MD5:   601216 d54be2b3a904bfa20af22b69d8fd21ea
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.2_i386.deb
      Size/MD5:   524124 53f686c49d846e1afe5e8f89115fa1d2
    http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.2_i386.udeb
      Size/MD5:   186428 c84079451a7bfc3b85c34238aa3c78ce

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.2_powerpc.deb
      Size/MD5:   554832 1de0e3112f48e32b64840429ba621e23
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.2_powerpc.deb
      Size/MD5:   479018 4980ba793084c17f733f40bbf8e4f15e
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.2_powerpc.deb
      Size/MD5:   613880 9a7e834124d8a124f8408ed89f2353da
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.2_powerpc.deb
      Size/MD5:   528508 5ae830818a92c4838fc3951485431530
    http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.2_powerpc.udeb
      Size/MD5:   186266 098d9b7df582a4ecb9bdf77831c4336a

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.2_sparc.deb
      Size/MD5:   543772 e1ea0f5cb6745b0272a6c4d4aeb239e3
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.2_sparc.deb
      Size/MD5:   471248 a8e5991f36e20b71e6213d6c44031e37
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.2_sparc.deb
      Size/MD5:   584786 affc097d3d1a068fd5fd7f80d13005c0
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.2_sparc.deb
      Size/MD5:   505364 0a59d599ca6fb9f8047d35745c0d0db3
    http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.2_sparc.udeb
      Size/MD5:   177688 f2705635217a2476cadc8b6dc5b9eae6


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ