Articles / Ubuntu: New libpng packages…

Ubuntu: New libpng packages fix security vulnerabilities

It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service. Updated packages are available from security.ubuntu.com.

===========================================================
Ubuntu Security Notice USN-960-1              July 08, 2010
libpng vulnerabilities
CVE-2010-1205, CVE-2010-2249
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
 libpng12-0                      1.2.8rel-5ubuntu0.6

Ubuntu 8.04 LTS:
 libpng12-0                      1.2.15~beta5-3ubuntu0.3

Ubuntu 9.04:
 libpng12-0                      1.2.27-2ubuntu2.2

Ubuntu 9.10:
 libpng12-0                      1.2.37-1ubuntu0.2

Ubuntu 10.04 LTS:
 libpng12-0                      1.2.42-1ubuntu2.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

Details follow:

It was discovered that libpng did not properly handle certain malformed PNG
images. If a user or automated system were tricked into opening a crafted
PNG file, an attacker could cause a denial of service or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2010-1205)

It was discovered that libpng did not properly handle certain malformed PNG
images. If a user or automated system were tricked into processing a
crafted PNG image, an attacker could possibly use this flaw to consume all
available resources, resulting in a denial of service. (CVE-2010-2249)


Updated packages for Ubuntu 6.06 LTS:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.6.diff.gz
     Size/MD5:    24044 8979ca6b113137fe5ee051c1c70571eb
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.6.dsc
     Size/MD5:      661 92722fa973e92a99f982fe05b5826adf
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz
     Size/MD5:   510681 cac1512878fb98f2456df6dc50bc9bc7

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5ubuntu0.6_all.deb
     Size/MD5:      842 dcbc7d24c8426e3b3024859ec157f57e

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.6_amd64.deb
     Size/MD5:   114528 aea355e99e67b76c9464f8cc49b3560d
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.6_amd64.deb
     Size/MD5:   247576 f0e52e10a663f9b1b04d9371d4a2cf14
   http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.6_amd64.udeb
     Size/MD5:    69504 6536e83152b2cf00d0d961b9b095c2d5

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.6_i386.deb
     Size/MD5:   112048 b8f85cc6154602422a8841a5cad1a4a1
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.6_i386.deb
     Size/MD5:   239628 fb6f6e62a9fa6114c50946c74cb2ed5d
   http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.6_i386.udeb
     Size/MD5:    66946 501acb21d567d62608904e4272ff842d

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.6_powerpc.deb
     Size/MD5:   111648 19cccb12fb968f40f04068b9da24f589
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.6_powerpc.deb
     Size/MD5:   245230 ebdbfc860056170b7a165479d7905bb3
   http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.6_powerpc.udeb
     Size/MD5:    66458 24e918a95770150b4df72530bd6de095

 sparc architecture (Sun SPARC/UltraSPARC):

   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.6_sparc.deb
     Size/MD5:   109156 510d17affd2c0cf3f5dce5379df57d49
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.6_sparc.deb
     Size/MD5:   240072 1ff11e0649a58bc7b809c86941aaafd7
   http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.6_sparc.udeb
     Size/MD5:    63882 d7df02c540e66a536cbffca5d02645d5

Updated packages for Ubuntu 8.04 LTS:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-3ubuntu0.3.diff.gz
     Size/MD5:    22755 f5c0ba19b04eba8264ebb6b30c5617d6
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-3ubuntu0.3.dsc
     Size/MD5:      832 d08a82b28411baa0184d3b8231fd8b61
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz
     Size/MD5:   829038 77ca14fcee1f1f4daaaa28123bd0b22d

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.15~beta5-3ubuntu0.3_all.deb
     Size/MD5:      940 7344fa4e61880636b014525f6e6482a1

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_amd64.deb
     Size/MD5:   190186 01f82b2b967c5212e834dd57c12c1a7c
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_amd64.deb
     Size/MD5:   179752 c26e243dd21f5dd10b478c0415215c1c
   http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_amd64.udeb
     Size/MD5:    70534 5f7628d9b644ae953c515d18f7de9980

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_i386.deb
     Size/MD5:   188782 51354007cca0796218e3aaeba6142c41
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_i386.deb
     Size/MD5:   171216 b7a092ef2f5955b380adc015bfae6c81
   http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_i386.udeb
     Size/MD5:    69082 7612cd438ddfaab236de5f342f709b66

 lpia architecture (Low Power Intel Architecture):

   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_lpia.deb
     Size/MD5:   189664 4825baf36c5d14b5066d548aaf050866
   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_lpia.deb
     Size/MD5:   172962 b16b496d6553fbf28523147617011b95
   http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_lpia.udeb
     Size/MD5:    70020 61f5d75c4435333ef586677a07d49915

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_powerpc.deb
     Size/MD5:   190300 8ac6e4c1efb73de848d5bc5457093e7a
   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_powerpc.deb
     Size/MD5:   179166 d92637edf805d7d673a4440b2605dc57
   http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_powerpc.udeb
     Size/MD5:    70604 adf25dd26d85725ab3c74c4a80a7a541

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.3_sparc.deb
     Size/MD5:   185622 ef3cf5486afe387d09bf05106893b371
   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.3_sparc.deb
     Size/MD5:   173422 4b2f3476b423a3c5c31ee0738bfb4458
   http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.3_sparc.udeb
     Size/MD5:    65928 ab5ac0b24d618dc432d1763a0e50ebda

Updated packages for Ubuntu 9.04:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-2ubuntu2.2.diff.gz
     Size/MD5:   176459 b2f27af9534f3c5b9a120680cd41ce7c
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-2ubuntu2.2.dsc
     Size/MD5:     1296 b66efe2157ab6f3dad6e57b4fe9dbf13
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27.orig.tar.gz
     Size/MD5:   783204 13a0de401db1972a8e68f47d5bdadd13

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.27-2ubuntu2.2_all.deb
     Size/MD5:      932 1c66e49e2b875fa40c5556c19d076508

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_amd64.udeb
     Size/MD5:    72852 a1bbcffd25c3ec87cbdf86be154962fc
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_amd64.deb
     Size/MD5:   168576 9f40f2846c21aa5835f53ab6895ec5cf
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_amd64.deb
     Size/MD5:   255784 d9060ad287e40ded1848b79284abbcc0

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_i386.udeb
     Size/MD5:    71102 c18134055d747d066b60218b69e99d45
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_i386.deb
     Size/MD5:   166904 e8151a3f79f0fff6d98bbb0675621594
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_i386.deb
     Size/MD5:   247922 ae8412d1c420f1dd63cb436382cad51f

 lpia architecture (Low Power Intel Architecture):

   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_lpia.udeb
     Size/MD5:    71488 5179307ffe74c10515e61503e647606f
   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_lpia.deb
     Size/MD5:   167370 dd07d7a09484eb7711da5cd874099abe
   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_lpia.deb
     Size/MD5:   248872 a34333b123f4d12e7872868111942cbd

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_powerpc.udeb
     Size/MD5:    71674 f742f2771d94ca29746906c1177d657d
   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_powerpc.deb
     Size/MD5:   167514 478378fde5c7fd14fbffa1be072aa21c
   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_powerpc.deb
     Size/MD5:   254642 ba3f255f4346a4483c5410d55acaac65

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.2_sparc.udeb
     Size/MD5:    66670 ee067298bc51471f06bcf1a74b557310
   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.2_sparc.deb
     Size/MD5:   162336 ab167dcdbbd930a3d976af0ad57cbac2
   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.2_sparc.deb
     Size/MD5:   248428 8b96f4ff4f0ad8e366ed4475d3890948

Updated packages for Ubuntu 9.10:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37-1ubuntu0.2.diff.gz
     Size/MD5:    20129 f230ec37944a0150ffc83cfdddc7c906
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37-1ubuntu0.2.dsc
     Size/MD5:     1293 fce0b2fd543aeff27d47fb91f12af053
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37.orig.tar.gz
     Size/MD5:   805380 7480dbbf9f6c3297faf6fe52ec9b91ab

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.37-1ubuntu0.2_all.deb
     Size/MD5:      932 cee669d58ac9660e1fe71cf9e2eeda9d

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_amd64.udeb
     Size/MD5:    73938 15bb328beed6ab3287967c54e4177018
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_amd64.deb
     Size/MD5:   175088 f003cc7565826cfcc337ab409ffc6e8f
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_amd64.deb
     Size/MD5:   265400 2d26dc0e9ddb6c2010776fbbcb82d791

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_i386.udeb
     Size/MD5:    70444 a80af68dda6ff1aa3168040d33600e64
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_i386.deb
     Size/MD5:   171594 3fca9df961cc3616b75f6518ab870a68
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_i386.deb
     Size/MD5:   255474 1ab05dffaa25e1d9190d0ea872b0fbd8

 lpia architecture (Low Power Intel Architecture):

   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_lpia.udeb
     Size/MD5:    71066 0495b247d489438259937bee1f17761f
   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_lpia.deb
     Size/MD5:   172296 730fd7a16f9496e37ffee99ea68d15a6
   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_lpia.deb
     Size/MD5:   257350 fff93fe6a558aef20e20b8b8f15227e7

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_powerpc.udeb
     Size/MD5:    72524 8e92aaedc8e6fabafed81cca60a833e9
   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_powerpc.deb
     Size/MD5:   173720 055336debc8a5b9ff92e6cae9998ac94
   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_powerpc.deb
     Size/MD5:   264674 dbd6ca8bcdcf241c0629b7b27e0e1e5d

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.2_sparc.udeb
     Size/MD5:    67348 44b9c2989661e116d78b809a8657a5c8
   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.2_sparc.deb
     Size/MD5:   168516 b98b4872db6f90caf0f43da67197dec0
   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.2_sparc.deb
     Size/MD5:   257634 eb673ad114284bbd9be37e1c322e1bfb

Updated packages for Ubuntu 10.04:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.42-1ubuntu2.1.debian.tar.bz2
     Size/MD5:    19511 ac49d7354c1ab87a91dbad607733629f
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.42-1ubuntu2.1.dsc
     Size/MD5:     1299 dae31f78418d5db8c3476d7562859658
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.42.orig.tar.bz2
     Size/MD5:   670811 9a5cbe9798927fdf528f3186a8840ebe

 Architecture independent packages:

   http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.42-1ubuntu2.1_all.deb
     Size/MD5:      926 602d7036448637b45c1eacbc31e05640

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.42-1ubuntu2.1_amd64.udeb
     Size/MD5:    74124 82cc493f2b3d80b10ccf3f9fa2ec4ff6
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.42-1ubuntu2.1_amd64.deb
     Size/MD5:   180006 3b5339fe77bcdae97bb2a318496a192e
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.42-1ubuntu2.1_amd64.deb
     Size/MD5:   271858 ae0c6a1e973dad2b0a0685fd863c096d

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.42-1ubuntu2.1_i386.udeb
     Size/MD5:    70692 b264bdd0086f3451e42df7f840ab894a
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.42-1ubuntu2.1_i386.deb
     Size/MD5:   176510 03c3d70135e907f21b2342972d8a9b40
   http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.42-1ubuntu2.1_i386.deb
     Size/MD5:   261728 955b40272944dd988ee39b62d8c6606c

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.42-1ubuntu2.1_powerpc.udeb
     Size/MD5:    73380 ad2cda1c89c55c473121da33a40294f6
   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.42-1ubuntu2.1_powerpc.deb
     Size/MD5:   179272 b6623c3dcdc841a762308f889c8b478e
   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.42-1ubuntu2.1_powerpc.deb
     Size/MD5:   271898 fcccfdb0eb4bc3a3470a83888f8bae28

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.42-1ubuntu2.1_sparc.udeb
     Size/MD5:    69258 ec2047ed5079933d6dbeb841a0207c59
   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.42-1ubuntu2.1_sparc.deb
     Size/MD5:   175214 142020dfd126d2335bc93bad6a714799
   http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.42-1ubuntu2.1_sparc.deb
     Size/MD5:   265174 06843a4a028c5533e89d5562cbeb2047
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.