Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 526
Alerts This Week
Warning Icon 1 526

Ubuntu 18.04 LTS: 3712-1 Moderate: libpng Denial Of Service

ubuntu
Calendar Grey July 11, 2018
Dist Ubuntu Esm H88
Numerous vulnerabilities have been resolved in libjpeg; it is critical to update for Ubuntu versions 16.04 through 20.04.
Several security issues were fixed in libpng.

Summary

Several security issues were fixed in libpng.

Software Description:

- libpng1.6: PNG library - development (version 1.6)

- libpng: PNG (Portable Network Graphics) file library

Details:

Patrick Keshishian discovered that libpng incorrectly handled certain

PNG files. An attacker could possibly use this to cause a denial of

service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04

LTS. (CVE-2016-10087)

Thuan Pham discovered that libpng incorrectly handled certain PNG

files. An attacker could possibly use this to cause a denial of

service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS.

(CVE-2018-13785)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  libpng16-16                     1.6.34-1ubuntu0.18.04.1

Ubuntu 17.10:
  libpng16-16                     1.6.34-1ubuntu0.17.10.1

Ubuntu 16.04 LTS:
  libpng12-0                      1.2.54-1ubuntu1.1

Ubuntu 14.04 LTS:
  libpng12-0                      1.2.50-1ubuntu2.14.04.3

In general, a standard system update will make all the necessary
changes.

References

  https://ubuntu.com/security/notices/USN-3712-1

  CVE-2016-10087, CVE-2018-13785

Severity
important
Lowest
Low
Medium
High
Critical

July 11, 2018

Package Information

  .
1
  .
1
  https://launchpad.net/ubuntu/+source/libpng/1.2.54-1ubuntu1.1
  https://launchpad.net/ubuntu/+source/libpng/1.2.50-1ubuntu2.14.04.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.