Pufferüberlauf in libpng
ID: | USN-1402-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10 |
Datum: | Do, 22. März 2012, 21:52 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045 |
Applikationen: | libpng |
Originalnachricht |
|
--===============2002740687875646606== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-b57RDeppaX6PpkQIfCPp" --=-b57RDeppaX6PpkQIfCPp Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-1402-1 March 22, 2012 libpng vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: libpng could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - libpng: PNG (Portable Network Graphics) file library Details: It was discovered that libpng did not properly process compressed chunks. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: libpng12-0 1.2.46-3ubuntu1.2 Ubuntu 11.04: libpng12-0 1.2.44-1ubuntu3.3 Ubuntu 10.10: libpng12-0 1.2.44-1ubuntu0.3 Ubuntu 10.04 LTS: libpng12-0 1.2.42-1ubuntu2.4 Ubuntu 8.04 LTS: libpng12-0 1.2.15~beta5-3ubuntu0.6 After a standard system update you need to restart your session to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1402-1 CVE-2011-3045 Package Information: https://launchpad.net/ubuntu/+source/libpng/1.2.46-3ubuntu1.2 https://launchpad.net/ubuntu/+source/libpng/1.2.44-1ubuntu3.3 https://launchpad.net/ubuntu/+source/libpng/1.2.44-1ubuntu0.3 https://launchpad.net/ubuntu/+source/libpng/1.2.42-1ubuntu2.4 https://launchpad.net/ubuntu/+source/libpng/1.2.15~beta5-3ubuntu0.6 --Û57RDeppaX6PpkQIfCPp Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAABCgAGBQJPa1ImAAoJEGVp2FWnRL6TzxMQALWJDoxn0lKsqvNwO8oiHGrI 9DNdFqMPxnCkYpN4xHZG8wJcRbiCg4xW7PW6KTkDmadl+Vn3Ug1n8oSYIlELTCp/ XlA0PtBZxnhbpsuKQb2Gy82zjJm08tItLjU5fYHmgG/j0q4R59onJK9QH8SjVpZZ tWbMsNBD8KvvvNnylyJBzoCcaYRcmC8cQH+g49xHKrnz/oNkXnmcVWlJZT/LoH3f l1xXSDdZHr41cGNq24ig3OSVglWJar8/GZY0MaqyIKemNrsrPu04bQdmoCyfAo8e yG81shNakL+pXjawOHeUH0Qc36n7QGtVZ/f44adamVXT+wCw/eL0AFmSZFAaEykF LkpFJD0cZAmekdyjga+tJLET3QnacqDSuGUoH5+GN085ogRXHDmZLN2+uJbfb/Aw TUy5bZBZy0WtlLR3MKr0cxJhfOeHFbXLgHqR0j4r0B9atY1wwwDj6fEPWphT/Sa7 lT36Ikj5U+HQqQuK91fvwmGIUXgm/1Iukv0pyPJMIZh/phSchegrOujiw2/GxjjD MbR6wNkI+JayiPZTxqswZNEV+tNFjfssNi+eTX4Nd60newFYEwIbYfoqF3ydnjSV LLBKXdWtHdAUomD7xbKb5IJaT0nEWXsvPhMKz2S98DAjpVj9hJF32k9Onx7iZXda SMo09r7PcjA00YASCBxw =gHUE -----END PGP SIGNATURE----- --=-b57RDeppaX6PpkQIfCPp-- --===============2002740687875646606== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============2002740687875646606==-- |