Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-472-1] libpng vulnerability
From: Kees Cook <kees () ubuntu com>
Date: Mon, 11 Jun 2007 17:43:10 -0700

=========================================================== 
Ubuntu Security Notice USN-472-1              June 11, 2007
libpng vulnerability
CVE-2007-2445
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libpng12-0                               1.2.8rel-5ubuntu0.2

Ubuntu 6.10:
  libpng12-0                               1.2.8rel-5.1ubuntu0.2

Ubuntu 7.04:
  libpng12-0                               1.2.15~beta5-1ubuntu1

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

It was discovered that libpng did not correctly handle corrupted CRC
in grayscale PNG images.  By tricking a user into opening a specially
crafted PNG, a remote attacker could cause the application using libpng
to crash, resulting in a denial of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.2.diff.gz
      Size/MD5:    16483 713a6e035fa256e4cb822fb5fc88769b
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.2.dsc
      Size/MD5:      652 bc4f3f785816684c54d62947d53bc0db
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz
      Size/MD5:   510681 cac1512878fb98f2456df6dc50bc9bc7

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5ubuntu0.2_all.deb
      Size/MD5:      846 76eab5d9a96efa186d66cf299a4f6032

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_amd64.udeb
      Size/MD5:    69484 078e25586525c4e83abf08c736fa6bd8
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_amd64.deb
      Size/MD5:   113888 46fce5d27ac4b2dea9cf4deb633f824e
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_amd64.deb
      Size/MD5:   247528 68879285068cda170eef5a5f56594a1c

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_i386.udeb
      Size/MD5:    66932 12cafbea44a3e7cf109eb24cb47aa557
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_i386.deb
      Size/MD5:   111396 3a93335c2a072b2e2c94bc2cc0b3d77e
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_i386.deb
      Size/MD5:   239662 64029c30dac5152c97e1a0d864c981d0

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_powerpc.udeb
      Size/MD5:    66304 0cbf98391b6c3219f83cd24cefe0343c
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_powerpc.deb
      Size/MD5:   110828 62c7a8ccc58c86414bcd170c394f8240
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_powerpc.deb
      Size/MD5:   245220 1171c8638ec8ebc2c81f53706885b692

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.2_sparc.udeb
      Size/MD5:    63824 e66313895e489a36c2f438343fa3e0d4
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.2_sparc.deb
      Size/MD5:   108534 73ccb876f761c76b3518b8ca81e80485
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.2_sparc.deb
      Size/MD5:   240048 5b19c41bbc639ee717fdacd4d81533e1

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5.1ubuntu0.2.diff.gz
      Size/MD5:    16597 4ff19b636ab120a3fc4cee767171aa4f
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5.1ubuntu0.2.dsc
      Size/MD5:      659 5769690df3c57a56d08aa8bf11013a42
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz
      Size/MD5:   510681 cac1512878fb98f2456df6dc50bc9bc7

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5.1ubuntu0.2_all.deb
      Size/MD5:      888 44f3267b52e89fc605f350b4fc347e45

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_amd64.udeb
      Size/MD5:    68992 105702504b783f464dff9ddd48de5ab0
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_amd64.deb
      Size/MD5:   113542 876f5c1a3a1f6b4bf828edcbabe0702e
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_amd64.deb
      Size/MD5:   247132 75d920fe60a5d4f356ccb43d8d5a98ed

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_i386.udeb
      Size/MD5:    69932 53783b0d13fd194f8cc9f19e1edc63d7
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_i386.deb
      Size/MD5:   114634 1b40abad309e133326ffdce859734610
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_i386.deb
      Size/MD5:   242882 3dca0a0938a43308465c8987f1357160

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_powerpc.udeb
      Size/MD5:    67606 088844733b580984e1a3b79001a27511
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_powerpc.deb
      Size/MD5:   112228 6024c0c9d455cfdaa8a38e89d6a53148
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_powerpc.deb
      Size/MD5:   246684 e45d2830ca5bdf0747ea0d436fafc20e

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5.1ubuntu0.2_sparc.udeb
      Size/MD5:    64656 55d6e7740ec8a9eddcbbfdada56a5f63
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5.1ubuntu0.2_sparc.deb
      Size/MD5:   109396 0b522137b1f4b2a34f990efc9dbd81df
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5.1ubuntu0.2_sparc.deb
      Size/MD5:   241064 e679e908623c68c5865fbf2c24c46973

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-1ubuntu1.diff.gz
      Size/MD5:    14344 16526f313e1ee650074edd742304ec53
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-1ubuntu1.dsc
      Size/MD5:      819 b28af76731dfe368e48dfcd554d7b583
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz
      Size/MD5:   829038 77ca14fcee1f1f4daaaa28123bd0b22d

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.15~beta5-1ubuntu1_all.deb
      Size/MD5:      936 dcec28b3cf4b8ee22c6a1229fdbd2e84

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_amd64.udeb
      Size/MD5:    70656 b4fa5b37b54fee32dd7404c64b696192
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_amd64.deb
      Size/MD5:   189594 7e36d8e73bd47dbb19afd7cd0099335a
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_amd64.deb
      Size/MD5:   179950 c575d8c9699c971ec7682e52e37590b7

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_i386.udeb
      Size/MD5:    68246 c81ffc4cd0359a1ce1e73eb99d8608f6
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_i386.deb
      Size/MD5:   187234 09dcea1e3394a6d25565b23774d805db
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_i386.deb
      Size/MD5:   171520 ac3fb45b36ec32b1bac4734eef162c49

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_powerpc.udeb
      Size/MD5:    70652 147c89e36570990d5e084fc3a8933ed2
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_powerpc.deb
      Size/MD5:   189548 00b81b16632e789ab20bab04dbcd586c
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_powerpc.deb
      Size/MD5:   179128 61c51aafc326420b202c0f2ce6d5abfd

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1ubuntu1_sparc.udeb
      Size/MD5:    66396 faff3d313cdc64f273eda1a5d01c2e0a
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-1ubuntu1_sparc.deb
      Size/MD5:   185312 249165d75936ab8cfc2fa1aef68a5ee6
    http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-1ubuntu1_sparc.deb
      Size/MD5:   173800 a40164cd4995c6ed795219157e6d598e

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [USN-472-1] libpng vulnerability Kees Cook (Jun 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]