Ubuntu: libpng vulnerabilities

    Date25 Oct 2007
    CategoryUbuntu
    5177
    Posted ByLinuxSecurity Advisories
    It was discovered that libpng did not properly perform bounds checking and comparisons in certain operations. An attacker could send a specially crafted PNG image and cause a denial of service in applications linked against libpng.
    =========================================================== 
    Ubuntu Security Notice USN-538-1           October 25, 2007
    libpng vulnerabilities
    CVE-2007-5268, CVE-2007-5269
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 6.06 LTS
    Ubuntu 6.10
    Ubuntu 7.04
    Ubuntu 7.10
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 6.06 LTS:
      libpng12-0                      1.2.8rel-5ubuntu0.3
    
    Ubuntu 6.10:
      libpng12-0                      1.2.8rel-5.1ubuntu0.3
    
    Ubuntu 7.04:
      libpng12-0                      1.2.15~beta5-1ubuntu1.1
    
    Ubuntu 7.10:
      libpng12-0                      1.2.15~beta5-2ubuntu0.1
    
    After a standard system upgrade you need to reboot your computer to
    affect the necessary changes.
    
    Details follow:
    
    It was discovered that libpng did not properly perform bounds checking
    and comparisons in certain operations. An attacker could send a specially
    crafted PNG image and cause a denial of service in applications linked
    against libpng.
    
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.3.diff.gz
          Size/MD5:    18024 2f5479e855e43adb7194cabb883ac8a3
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.3.dsc
          Size/MD5:      652 7c59b5b568253c22b360b98bfbc2f863
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz
          Size/MD5:   510681 cac1512878fb98f2456df6dc50bc9bc7
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5ubuntu0.3_all.deb
          Size/MD5:      844 9d10a40d573885d4436e16ad88e31a3e
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.3_amd64.deb
          Size/MD5:   113974 d1bb76d97778fefd91b96248e05410a9
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.3_amd64.deb
          Size/MD5:   247608 ca6b922d488946e3aeb6091ea936c3ab
        http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.3_amd64.udeb
          Size/MD5:    69486 afb14fd4af3ca1caf81379a2dd636950
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.3_i386.deb
          Size/MD5:   111542 146e8f86ac4e94512edac4147d597221
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.3_i386.deb
          Size/MD5:   239742 0cb2cbff98db03589e504243f8bd5e72
        http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.3_i386.udeb
          Size/MD5:    66998 0f90551eba7dbb802941f10176020070
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.3_powerpc.deb
          Size/MD5:   111002 0348c21be19de5775664f5f4d4697ea6
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.3_powerpc.deb
          Size/MD5:   245356 4822cae4ce62f564fabc7b5e148d12f3
        http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.3_powerpc.udeb
          Size/MD5:    66374 8e9991e9f4ba62b457e78b7d1f3cf48f
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.3_sparc.deb
          Size/MD5:   108676 2b8c6f083b9ddf578737c732b64c501e
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.3_sparc.deb
          Size/MD5:   240148 c12737f2e1685a854e96d4ed803b0149
        http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.3_sparc.udeb
          Size/MD5:    63884 b43f766eb4a08691997c325cb29357ce
    
    Updated packages for Ubuntu 6.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5.1ubuntu0.3.diff.gz
          Size/MD5:    18142 7a1fa6769488a07ad4937b55058d20be
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5.1ubuntu0.3.dsc
          Size/MD5:      659 0e364463deb7a60e86c394dd0f85621d
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz
          Size/MD5:   510681 cac1512878fb98f2456df6dc50bc9bc7
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5.1ubuntu0.3_all.deb
          Size/MD5:      886 cdfca65762446e2a75bdea7453c8e11e
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.3_amd64.deb
          Size/MD5:   113644 c98c1c55d9c721be4d55c85e3154782a
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.3_amd64.deb
          Size/MD5:   247136 4cb7d81b8dd43576f45da54469eeb807
        http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.3_amd64.udeb
          Size/MD5:    69018 29878649c43c5caf21f55910dee85ba3
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.3_i386.deb
          Size/MD5:   114790 b46ab6d82b1b3eb1af2c7d34920ec132
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.3_i386.deb
          Size/MD5:   242952 f647ed97f1eba66c3717434df3e6fb2b
        http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.3_i386.udeb
          Size/MD5:    70008 4411fa853f19673cf04875ef3b87f233
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.3_powerpc.deb
          Size/MD5:   112368 c5d14614903820090fe46d3f11be7e80
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.3_powerpc.deb
          Size/MD5:   246772 7a09990286468702efed1ef23fef1e1b
        http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.3_powerpc.udeb
          Size/MD5:    67644 9bf5dd726762cbf0da3b42b6ce043615
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.3_sparc.deb
          Size/MD5:   109498 178fe40222b302b642baf3c16370db96
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.3_sparc.deb
          Size/MD5:   241132 fcb2342431365e1657225289d62361fc
        http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.3_sparc.udeb
          Size/MD5:    64688 0ea2e147c986ff46cca354b6d0882e32
    
    Updated packages for Ubuntu 7.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-1ubuntu1.1.diff.gz
          Size/MD5:    16077 12fe297fc49d38188fd9c3c3ff816c65
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-1ubuntu1.1.dsc
          Size/MD5:      823 ce38de3c431cb86eb753ac8ff4a87941
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz
          Size/MD5:   829038 77ca14fcee1f1f4daaaa28123bd0b22d
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.15~beta5-1ubuntu1.1_all.deb
          Size/MD5:      940 a1e1e5021aedd0a6e768dd776e9c981c
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1.1_amd64.deb
          Size/MD5:   189670 e6fb074e098472c8efeff4ca912d3407
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1.1_amd64.deb
          Size/MD5:   179942 84c0679ab5c297d8b53b21cdf8eee998
        http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1.1_amd64.udeb
          Size/MD5:    70678 234d3840776d1af1cde440227b65369e
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1.1_i386.deb
          Size/MD5:   187450 6aecec3c18e2d430bd584d214ed696a4
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1.1_i386.deb
          Size/MD5:   171632 fbc3e3519e315e11d1e7bfd905d0d204
        http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1.1_i386.udeb
          Size/MD5:    68354 81f3e63667ecae4d878ad3acb9f0453b
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1.1_powerpc.deb
          Size/MD5:   189726 46e1c11d028888e16a3e4ec478048fdd
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1.1_powerpc.deb
          Size/MD5:   179208 7acf9d3bbe0fd242c0a204cc8e54f5fa
        http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1.1_powerpc.udeb
          Size/MD5:    70730 79cc909cd042c2d0007780e6ae230453
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1.1_sparc.deb
          Size/MD5:   185440 dd65a7fc238270a6c2a307f55392da28
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1.1_sparc.deb
          Size/MD5:   173868 9afe36470c4dc086cf286a34f461cc5b
        http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1.1_sparc.udeb
          Size/MD5:    66422 9e202d3c69766d246b9e50d34d1df83a
    
    Updated packages for Ubuntu 7.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-2ubuntu0.1.diff.gz
          Size/MD5:    16265 c0986c0bef3569cc5902b893d47a3737
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-2ubuntu0.1.dsc
          Size/MD5:      823 daef559e9b9e3c7eaf418ab0174b4567
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz
          Size/MD5:   829038 77ca14fcee1f1f4daaaa28123bd0b22d
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.15~beta5-2ubuntu0.1_all.deb
          Size/MD5:      936 8f7aabe855c26d96b37a06475d5048cf
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-2ubuntu0.1_amd64.deb
          Size/MD5:   189936 fe1cd7de92f11216ed26052b5f3f3106
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-2ubuntu0.1_amd64.deb
          Size/MD5:   180176 8e32a68bf5191718c989aecd0a7f5d37
        http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-2ubuntu0.1_amd64.udeb
          Size/MD5:    70810 af9720da7c3228270441b5770f8e7d9b
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-2ubuntu0.1_i386.deb
          Size/MD5:   187662 1d1412ba7fa1063936d88bf3fd9fad34
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-2ubuntu0.1_i386.deb
          Size/MD5:   171666 50160c00edd46a3e41d4e76891ecc2d8
        http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-2ubuntu0.1_i386.udeb
          Size/MD5:    68416 77863d55c742291f7ff691e5af4c52cb
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-2ubuntu0.1_powerpc.deb
          Size/MD5:   189826 54682655ffce7d1621aa4f4bbdd04e82
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-2ubuntu0.1_powerpc.deb
          Size/MD5:   179272 4044a8a2f9361996a25370fadf704329
        http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-2ubuntu0.1_powerpc.udeb
          Size/MD5:    70678 6a643c0b5298e57db3ccf346def6bd7c
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-2ubuntu0.1_sparc.deb
          Size/MD5:   185536 5a3331215e71a5a7a5acb1b69d2a27b4
        http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-2ubuntu0.1_sparc.deb
          Size/MD5:   173822 fa4caf616867af0b188729fb2961812a
        http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-2ubuntu0.1_sparc.udeb
          Size/MD5:    66370 fc28403920a01b7e032d578674169e92
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":53.49,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.63,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.88,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.