News

Tuesday, December 11, 2007

ubuntu-security-announce Digest, Vol 39, Issue 7

Send ubuntu-security-announce mailing list submissions to
ubuntu-security-announce@lists.ubuntu.com

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
or, via email, send a message with subject or body 'help' to
ubuntu-security-announce-request@lists.ubuntu.com

You can reach the person managing the list at
ubuntu-security-announce-owner@lists.ubuntu.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-security-announce digest..."


Today's Topics:

1. [USN-550-2] Cairo regression (Kees Cook)


----------------------------------------------------------------------

Message: 1
Date: Mon, 10 Dec 2007 12:36:29 -0800
From: Kees Cook <kees@ubuntu.com>
Subject: [USN-550-2] Cairo regression
To: ubuntu-security-announce@lists.ubuntu.com
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Message-ID: <20071210203629.GD8789@outflux.net>
Content-Type: text/plain; charset="us-ascii"

===========================================================
Ubuntu Security Notice USN-550-2 December 10, 2007
libcairo regression
https://launchpad.net/bugs/NNNNNN
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.04:
libcairo2 1.4.2-0ubuntu1.2

Ubuntu 7.10:
libcairo2 1.4.10-1ubuntu4.2

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

USN-550-1 fixed vulnerabilities in Cairo. The upstream fixes were incomplete,
and under certain situations, applications using Cairo would crash with a
floating point error. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Peter Valchev discovered that Cairo did not correctly decode PNG image data.
By tricking a user or automated system into processing a specially crafted
PNG with Cairo, a remote attacker could execute arbitrary code with user
privileges.


Updated packages for Ubuntu 7.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.2-0ubuntu1.2.diff.gz

Size/MD5: 29170 a64d5accaf670a3a042a0716291394d7

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.2-0ubuntu1.2.dsc

Size/MD5: 980 f4568de7fd8d8e64448dd1132927061f

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.2.orig.tar.gz

Size/MD5: 3081092 b254633046eafe603776d0bee791b751

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-doc_1.4.2-0ubuntu1.2_all.deb

Size/MD5: 329056 b1575fd670eb3855e96edf52f3cf7ab0

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.2_amd64.deb

Size/MD5: 515040 59fc61a32d6c5ca65df42f268268f379

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.2_amd64.deb

Size/MD5: 430266 6d63671bf6d432855a177a76cab4f1d0

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.2_amd64.deb

Size/MD5: 537122 59f7f0831b4553b99b533958b2a5637d

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.2_amd64.deb

Size/MD5: 446134 17a75ebfeaa43eca5075260f7322e604

http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.2_amd64.udeb

Size/MD5: 214084 e25a10d4d4e773a7a6a81e4222116497

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.2_i386.deb

Size/MD5: 488790 979721dacfc63ff1e87c97d104355108

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.2_i386.deb

Size/MD5: 420138 074aafcb523bc8b393ff13513ed94f81

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.2_i386.deb

Size/MD5: 508712 6a177d9cffabeb7b46d0b1b1d83408bd

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.2_i386.deb

Size/MD5: 435692 ff8716999c992cde0d53c0a4cd7776fb

http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.2_i386.udeb

Size/MD5: 204116 519465ff73b0dead2e18ecef8090c41f

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.2_powerpc.deb

Size/MD5: 498406 cac5ffc403e3d286be56aa4c7dfcac03

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.2_powerpc.deb

Size/MD5: 422954 313dccc5f8880eb99d2bd520dd6b1981

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.2_powerpc.deb

Size/MD5: 520498 0c0472153c4b798e2219c3e72643818a

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.2_powerpc.deb

Size/MD5: 438856 645c36b71f069a29c78e71517ebc9253

http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.2_powerpc.udeb

Size/MD5: 206976 d4d191ab373dae4bc9b61b4c72aefef4

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.2_sparc.deb

Size/MD5: 472108 0317c9ca17ab5428f9e1f359cfb2fa06

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.2_sparc.deb

Size/MD5: 402336 44be030c98706251b3e414f3e89a9154

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.2_sparc.deb

Size/MD5: 492324 634481a6f873ae9c00b8b1a416b4ea7e

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.2_sparc.deb

Size/MD5: 417212 f96fd87530823ee7aa2e6870049eb45f

http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.2_sparc.udeb

Size/MD5: 186296 42df2b3d472069e4918a717c964ba7f7

Updated packages for Ubuntu 7.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.10-1ubuntu4.2.diff.gz

Size/MD5: 35820 a5dae2b600de79eb6d6cd7c0df613554

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.10-1ubuntu4.2.dsc

Size/MD5: 1013 8474af5f122f83ab1f75f9ea3f8d354e

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.10.orig.tar.gz

Size/MD5: 3216689 5598a5e500ad922e37b159dee72fc993

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-doc_1.4.10-1ubuntu4.2_all.deb

Size/MD5: 407696 c269f047a06167c111ee0a11365cc1ea

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.2_amd64.deb

Size/MD5: 572210 a9642cb123ccf6312916e22c27a6e3a9

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.2_amd64.deb

Size/MD5: 489124 4924ec45a4eea3a3a275f002415653e2

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.2_amd64.deb

Size/MD5: 632822 07662831762f20e50139b5c950731f58

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.2_amd64.deb

Size/MD5: 536922 99d1a0202e50db78c0c4646859fea13f

http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.2_amd64.udeb

Size/MD5: 195802 c81baf7740526b9ed2264ab2d5be8bc0

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.2_i386.deb

Size/MD5: 546548 529e9341682d12e757d0e5dc686cc6ec

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.2_i386.deb

Size/MD5: 479746 5769a4e61e6422cc12839ff17925de9f

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.2_i386.deb

Size/MD5: 601216 d54be2b3a904bfa20af22b69d8fd21ea

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.2_i386.deb

Size/MD5: 524124 53f686c49d846e1afe5e8f89115fa1d2

http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.2_i386.udeb

Size/MD5: 186428 c84079451a7bfc3b85c34238aa3c78ce

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.2_powerpc.deb

Size/MD5: 554832 1de0e3112f48e32b64840429ba621e23

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.2_powerpc.deb

Size/MD5: 479018 4980ba793084c17f733f40bbf8e4f15e

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.2_powerpc.deb

Size/MD5: 613880 9a7e834124d8a124f8408ed89f2353da

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.2_powerpc.deb

Size/MD5: 528508 5ae830818a92c4838fc3951485431530

http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.2_powerpc.udeb

Size/MD5: 186266 098d9b7df582a4ecb9bdf77831c4336a

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.2_sparc.deb

Size/MD5: 543772 e1ea0f5cb6745b0272a6c4d4aeb239e3

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.2_sparc.deb

Size/MD5: 471248 a8e5991f36e20b71e6213d6c44031e37

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.2_sparc.deb

Size/MD5: 584786 affc097d3d1a068fd5fd7f80d13005c0

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.2_sparc.deb

Size/MD5: 505364 0a59d599ca6fb9f8047d35745c0d0db3

http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.2_sparc.udeb

Size/MD5: 177688 f2705635217a2476cadc8b6dc5b9eae6

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20071210/607a4a0a/attachment-0001.pgp


------------------------------

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


End of ubuntu-security-announce Digest, Vol 39, Issue 7
*******************************************************

No comments:

Blog Archive