Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in libpng
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in libpng
ID: USN-1402-1
Distribution: Ubuntu
Plattformen: Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10
Datum: Do, 22. März 2012, 21:52
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045
Applikationen: libpng

Originalnachricht


--===============2002740687875646606==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-b57RDeppaX6PpkQIfCPp"


--=-b57RDeppaX6PpkQIfCPp
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1402-1
March 22, 2012

libpng vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

libpng could be made to crash or run programs as your login if it
opened a specially crafted file.

Software Description:
- libpng: PNG (Portable Network Graphics) file library

Details:

It was discovered that libpng did not properly process compressed chunks.
If a user or automated system using libpng were tricked into opening a
specially crafted image, an attacker could exploit this to cause a denial
of service or execute code with the privileges of the user invoking the
program.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
libpng12-0 1.2.46-3ubuntu1.2

Ubuntu 11.04:
libpng12-0 1.2.44-1ubuntu3.3

Ubuntu 10.10:
libpng12-0 1.2.44-1ubuntu0.3

Ubuntu 10.04 LTS:
libpng12-0 1.2.42-1ubuntu2.4

Ubuntu 8.04 LTS:
libpng12-0 1.2.15~beta5-3ubuntu0.6

After a standard system update you need to restart your session to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1402-1
CVE-2011-3045

Package Information:
https://launchpad.net/ubuntu/+source/libpng/1.2.46-3ubuntu1.2
https://launchpad.net/ubuntu/+source/libpng/1.2.44-1ubuntu3.3
https://launchpad.net/ubuntu/+source/libpng/1.2.44-1ubuntu0.3
https://launchpad.net/ubuntu/+source/libpng/1.2.42-1ubuntu2.4
https://launchpad.net/ubuntu/+source/libpng/1.2.15~beta5-3ubuntu0.6



--Û57RDeppaX6PpkQIfCPp
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJPa1ImAAoJEGVp2FWnRL6TzxMQALWJDoxn0lKsqvNwO8oiHGrI
9DNdFqMPxnCkYpN4xHZG8wJcRbiCg4xW7PW6KTkDmadl+Vn3Ug1n8oSYIlELTCp/
XlA0PtBZxnhbpsuKQb2Gy82zjJm08tItLjU5fYHmgG/j0q4R59onJK9QH8SjVpZZ
tWbMsNBD8KvvvNnylyJBzoCcaYRcmC8cQH+g49xHKrnz/oNkXnmcVWlJZT/LoH3f
l1xXSDdZHr41cGNq24ig3OSVglWJar8/GZY0MaqyIKemNrsrPu04bQdmoCyfAo8e
yG81shNakL+pXjawOHeUH0Qc36n7QGtVZ/f44adamVXT+wCw/eL0AFmSZFAaEykF
LkpFJD0cZAmekdyjga+tJLET3QnacqDSuGUoH5+GN085ogRXHDmZLN2+uJbfb/Aw
TUy5bZBZy0WtlLR3MKr0cxJhfOeHFbXLgHqR0j4r0B9atY1wwwDj6fEPWphT/Sa7
lT36Ikj5U+HQqQuK91fvwmGIUXgm/1Iukv0pyPJMIZh/phSchegrOujiw2/GxjjD
MbR6wNkI+JayiPZTxqswZNEV+tNFjfssNi+eTX4Nd60newFYEwIbYfoqF3ydnjSV
LLBKXdWtHdAUomD7xbKb5IJaT0nEWXsvPhMKz2S98DAjpVj9hJF32k9Onx7iZXda
SMo09r7PcjA00YASCBxw
=gHUE
-----END PGP SIGNATURE-----

--=-b57RDeppaX6PpkQIfCPp--



--===============2002740687875646606==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============2002740687875646606==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung