ubuntu-security-announce@lists.ubuntu.com
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com
You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."
Today's Topics:
1. [USN-383-1] libpng vulnerability (Kees Cook)
----------------------------------------------------------------------
Message: 1
Date: Fri, 17 Nov 2006 00:58:41 -0800
From: Kees Cook <kees@ubuntu.com>
Subject: [USN-383-1] libpng vulnerability
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <20061117085841.GC28893@outflux.net>
Content-Type: text/plain; charset="us-ascii"
===========================================================
Ubuntu Security Notice USN-383-1 November 16, 2006
libpng vulnerability
CVE-2006-5793
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
libpng10-0 1.0.18-1ubuntu3.1
Ubuntu 6.06 LTS:
libpng12-0 1.2.8rel-5ubuntu0.1
Ubuntu 6.10:
libpng12-0 1.2.8rel-5.1ubuntu0.1
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Details follow:
Tavis Ormandy discovered that libpng did not correctly calculate the
size of sPLT structures when reading an image. By tricking a user or an
automated system into processing a specially crafted PNG file, an
attacker could exploit this weakness to crash the application using the
library.
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.0.18-1ubuntu3.1.diff.gz
Size/MD5: 12960 3ae9ff536ba163efc00070487687399b
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.0.18-1ubuntu3.1.dsc
Size/MD5: 636 3af55a46b4ada05160527a49c5dd6671
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.0.18.orig.tar.gz
Size/MD5: 506181 40081bdc82e4c6cf782553cd5aa8d9d8
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng2-dev_1.0.18-1ubuntu3.1_all.deb
Size/MD5: 1166 160ce752a119a735d2abf03ec1f1dd55
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng2_1.0.18-1ubuntu3.1_all.deb
Size/MD5: 942 e3c40272cd978953acf3469dbda42a30
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0.18-1ubuntu3.1_amd64.deb
Size/MD5: 113890 e395ef9909e34cc4333fb868a7a794f2
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1.0.18-1ubuntu3.1_amd64.deb
Size/MD5: 197710 1b46e5c7e431d6640e319ca81f0634ad
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0.18-1ubuntu3.1_i386.deb
Size/MD5: 109224 e083cb785e2bc0225b47fee51c69b22b
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1.0.18-1ubuntu3.1_i386.deb
Size/MD5: 186536 476d8276b05d075552fc878547a17092
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0.18-1ubuntu3.1_powerpc.deb
Size/MD5: 111444 cda22be3ef3d978e4aa3c7111c7f7436
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1.0.18-1ubuntu3.1_powerpc.deb
Size/MD5: 196744 db0ae3294f47addab0ff52b4d134fff8
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-0_1.0.18-1ubuntu3.1_sparc.deb
Size/MD5: 109078 26672912dc8d37ae7afbc57fba8cc477
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng10-dev_1.0.18-1ubuntu3.1_sparc.deb
Size/MD5: 192902 458ef029777b12b5b4165e63d097c774
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.1.diff.gz
Size/MD5: 16308 c13ba4eb92c046153c73cec343ba0dad
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.1.dsc
Size/MD5: 652 ec80abc5bbe3fb9593374a6df3e5351d
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz
Size/MD5: 510681 cac1512878fb98f2456df6dc50bc9bc7
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5ubuntu0.1_all.deb
Size/MD5: 842 db0b015e80f042a3311152aad1a1f96f
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 69468 8c741fd0d0ff83068e6dd78bc2e026c1
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.1_amd64.deb
Size/MD5: 113808 c86b5b27effab5f974f4f2c4ce743515
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.1_amd64.deb
Size/MD5: 247500 6493fda0d94d75f2255cb48399fa5fec
i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 66918 38259ac6fd9f0b4fc56e59b9b8fa75e4
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.1_i386.deb
Size/MD5: 111304 440e23028cc1c9de3fb459f8969641d5
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.1_i386.deb
Size/MD5: 239650 0235a7988ea235573758fd45a7500cf9
powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 66284 ba2f362738e47667364a69a7425a4bae
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.1_powerpc.deb
Size/MD5: 110738 27426cfb75acb15305d71a26d79ecf70
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.1_powerpc.deb
Size/MD5: 245228 297d5a07d22ea0c2deb1e3a2da22cc7d
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5: 63820 b28e9240844c87f288986efcfaa6d82b
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.1_sparc.deb
Size/MD5: 108438 439feb51a430e75b0314ebd0bbe9eeaf
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.1_sparc.deb
Size/MD5: 240068 f1d19c0623d6a875c240ae809f39cc37
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5.1ubuntu0.1.diff.gz
Size/MD5: 16419 341fce97b60457776d7d5b3045e98ab8
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5.1ubuntu0.1.dsc
Size/MD5: 659 128223fd1ee1485c1edda30965e2c638
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz
Size/MD5: 510681 cac1512878fb98f2456df6dc50bc9bc7
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5.1ubuntu0.1_all.deb
Size/MD5: 884 ff80da62782949d9ee6e2f45de7368d8
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 68974 410bb02f1680b74c0b7bdfe75b6d4f6c
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.1_amd64.deb
Size/MD5: 113470 595b09232667d5f45bfc94cbac2154e4
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.1_amd64.deb
Size/MD5: 247126 af29f417517106cf651dab5c92ad52ee
i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 69914 d335eae45c97a06251e2b1bb263a0f78
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.1_i386.deb
Size/MD5: 114466 eb4ebc44ac004eddd4ac551f443d9196
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.1_i386.deb
Size/MD5: 242864 a79b348098a3e5051a93dcc3bfc44f80
powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 67592 c11829d98adc0dd16883d1b00c773691
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.1_powerpc.deb
Size/MD5: 112146 e95acde5a5756fe1e8ae3085e160a437
Size/MD5: 246662 eea28613a44952b49f1ebd1c9365c31e
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5: 64644 0a019f09ea70eb9e0734542116919875
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.1_sparc.deb
Size/MD5: 109320 c8c61d5fc9db2c8edf9ca933bc0aeea6
http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.1_sparc.deb
Size/MD5: 241060 a4d7a38de962236150bbbb84be9c542f
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20061117/556aae85/attachment-0001.pgp
------------------------------
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
End of ubuntu-security-announce Digest, Vol 26, Issue 10
********************************************************
No comments:
Post a Comment