==========================================================Ubuntu Security Notice USN-730-1             March 06, 2009
libpng vulnerabilities
CVE-2007-5268, CVE-2007-5269, CVE-2008-1382, CVE-2008-3964,
CVE-2008-5907, CVE-2009-0040
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libpng12-0                      1.2.8rel-5ubuntu0.4

Ubuntu 7.10:
  libpng12-0                      1.2.15~beta5-2ubuntu0.2

Ubuntu 8.04 LTS:
  libpng12-0                      1.2.15~beta5-3ubuntu0.1

Ubuntu 8.10:
  libpng12-0                      1.2.27-1ubuntu0.1

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

It was discovered that libpng did not properly perform bounds checking in
certain operations. An attacker could send a specially crafted PNG image and
cause a denial of service in applications linked against libpng. This issue
only affected Ubuntu 8.04 LTS. (CVE-2007-5268, CVE-2007-5269)

Tavis Ormandy discovered that libpng did not properly initialize memory. If a
user or automated system were tricked into opening a crafted PNG image, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the program.
This issue did not affect Ubuntu 8.10. (CVE-2008-1382)

Harald van Dijk discovered an off-by-one error in libpng. An attacker could
could cause an application crash in programs using pngtest. (CVE-2008-3964)

It was discovered that libpng did not properly NULL terminate a keyword
string. An attacker could exploit this to set arbitrary memory locations to
zero. (CVE-2008-5907)

Glenn Randers-Pehrson discovered that libpng did not properly initialize
pointers. If a user or automated system were tricked into opening a crafted PNG
file, an attacker could cause a denial of service or possibly execute arbitrary
code with the privileges of the user invoking the program. (CVE-2009-0040)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:    19735 949fd37fe873e65120c79ed7d120f05d
          Size/MD5:      660 7280857d5c44750737addb4adafee14f
          Size/MD5:   510681 cac1512878fb98f2456df6dc50bc9bc7

  Architecture independent packages:

          Size/MD5:      842 21ee9c16fc1f3dbf732f0040ad75c850

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   114308 fe9a7e7c5a252631f93f18952d409b86
          Size/MD5:   247658 62cab067f6e85d0be7b307eeebaa55c9
          Size/MD5:    69562 9a979f0d9dc9604e4833aa0b61ff7376

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   111862 9d4675aaaa3ec2aacda34e041925c1df
          Size/MD5:   239802 566beec7a8d8e24eb94af2cb14686078
          Size/MD5:    67038 717ec3d7283059720ba0525afc79dcee

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   111296 9aff23cce92553dcc297553693c64ef9
          Size/MD5:   245356 b978fb399c02e38e2868a6c29e4f4d59
          Size/MD5:    66412 534a8b169f6f7ffc912c93a1b48feb79

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   108980 00944b4687ef379d1c925de99c7d3768
          Size/MD5:   240216 f4213ee280f7a2c78f49f7d94935db3a
          Size/MD5:    63956 812497bdce1af5d973adb0bec8393d1f

Updated packages for Ubuntu 7.10:

  Source archives:

          Size/MD5:    17802 70234c0a016f95a680d330c00ed767a6
          Size/MD5:      831 aea067d70d037e161b02c7c84b8d43b6
          Size/MD5:   829038 77ca14fcee1f1f4daaaa28123bd0b22d

  Architecture independent packages:

          Size/MD5:      940 89445701e08689929173dbcfe576927d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   190298 d354b4581a09da60028363e65bd6216e
          Size/MD5:   180236 8954535c44eea6dd4baae6fd411c76e9
          Size/MD5:    70894 b761c5fd1a687cfcfdc5f6a803afee2a

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   187974 031dc9442d58ec1e3e3e42fa7e4e29e4
          Size/MD5:   171708 0f48e6210f770b3e1b7f59b5bf304367
          Size/MD5:    68572 e1d4bc8c516b2fda0d0b088d43a82091

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   189454 6f27e35bdd3dc73695ab71f4517ed8b2
          Size/MD5:   173028 72c1b29825a4c0ee25c1407889c4016c
          Size/MD5:    70068 52246adc26148761838da10a1278f9ff

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   190168 bc69e2994b102798ebdbc4d2a3906a4f
          Size/MD5:   179394 98809f9342fbe95ee5555bda740dd030
          Size/MD5:    70800 c0c6648842083bc20f7675434a4d401c

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   185868 720a9587db72bc63364e541d202bb869
          Size/MD5:   173900 a2a9049485552ac8247e709b67d941b5
          Size/MD5:    66478 7189e57d035d8e4ebf1985bd00b59514

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

          Size/MD5:    18391 2a9f35d6f7a69fcce36ad8704b26d2e4
          Size/MD5:      831 32b7c81ffbe2d2957fbff29f93882e25
          Size/MD5:   829038 77ca14fcee1f1f4daaaa28123bd0b22d

  Architecture independent packages:

          Size/MD5:      946 c0ca5a7e2bb96aeb13fcaba011b15f38

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   189930 0a87561a09fdfea1544aae798bff51ad
          Size/MD5:   179762 a9f4e4d4a85afcff685323c4fdcb80fe
          Size/MD5:    70556 4c076824555bef85baed162f08afdf90

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   188652 215fc54ddc5a153950ba26d3a42d3193
          Size/MD5:   171394 376f39d2780a371e9660be083a27a49d
          Size/MD5:    69226 15b50ce121ae872dd58bdb1d2e0da902

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   189542 f126365ada9df2ea731b37e0d3d76969
          Size/MD5:   173074 2c1b02af288a645f3b2ce46d636b3559
          Size/MD5:    70150 94bbd92c0f9cc566828b3c0b617e24c0

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   190084 c66c468c68c890154e569caa528d4b40
          Size/MD5:   179312 be7f41fdd449790ac525b5b6807815dc
          Size/MD5:    70684 56de9c4a7a91494cfc0dc6c5c0da1f0b

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   185524 5706a2b50c7b44fbcec990c2b2943a0d
          Size/MD5:   173530 2dd22cb07e4d21c95635870988bd9eab
          Size/MD5:    66092 2ec57ae777558f2dc23208a128f57d23

Updated packages for Ubuntu 8.10:

  Source archives:

          Size/MD5:    15925 8a163f2089f6ef8d6c571cbf0eda1512
          Size/MD5:     1292 206c905aeb49ddf0d5004e0afaf92318
          Size/MD5:   783204 13a0de401db1972a8e68f47d5bdadd13

  Architecture independent packages:

          Size/MD5:      934 f4ead7835d85d0571a3fa097a0e63280

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   168260 3a049b2b432ef4d52394956cd3b491b1
          Size/MD5:   255486 2b6865706eac275b1360549f3050fcc1
          Size/MD5:    72834 c3309534ad5322fa6e222299c4da0b3a

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   166646 2160adb734db90aaf388c3398858ebd3
          Size/MD5:   247706 7b263a5d14791fa5c2c4ed464fea3db8
          Size/MD5:    71172 7e3050071f423115e422375d2d549271

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   167104 9ecff527d2a71d2622c3b49b2e3e622f
          Size/MD5:   248668 379bce13e320ebbd6504e113eeb11db8
          Size/MD5:    71534 257601cfb129ad1c21aff4e213beec86

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   167230 75ecf79cc491d5b8ecec24a186ed8051
          Size/MD5:   254330 d327a222704cd603864abdee0805ecea
          Size/MD5:    71718 9d879660f32c45280d083433b189023e

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   162274 4e6ed662532e8d69da8e14e120034427
          Size/MD5:   248262 91d8537dad0e04ac5abc362d5222cc3d
          Size/MD5:    66920 351736652216f25fb7fc8d61b68cb773

Ubuntu 730-1: libpng vulnerabilities

March 6, 2009
It was discovered that libpng did not properly perform bounds checking incertain operations

Summary

Update Instructions

References

Severity
libpng vulnerabilities

Package Information

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved