rss-bot
May 6th, 2010, 10:20 AM
Referenced CVEs:
CVE-2010-0829
Description:
================================================== =========Ubuntu Security Notice USN-936-1 May 06, 2010dvipng vulnerabilityCVE-2010-0829============================================== =============A security issue affects the following Ubuntu releases:Ubuntu 9.04Ubuntu 9.10Ubuntu 10.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 9.04: dvipng 1.11-1ubuntu0.9.04.1Ubuntu 9.10: dvipng 1.11-1ubuntu0.9.10.1Ubuntu 10.04 LTS: dvipng 1.12-3ubuntu0.1In general, a standard system update will make all the necessary changes.Details follow:Dan Rosenberg discovered that dvipng incorrectly handled certain malformeddvi files. If a user or automated system were tricked into processing aspecially crafted dvi file, an attacker could cause a denial of service viaapplication crash, or possibly execute arbitrary code with the privilegesof the user invoking the program.
More... (http://www.ubuntu.com/usn/USN-936-1)
CVE-2010-0829
Description:
================================================== =========Ubuntu Security Notice USN-936-1 May 06, 2010dvipng vulnerabilityCVE-2010-0829============================================== =============A security issue affects the following Ubuntu releases:Ubuntu 9.04Ubuntu 9.10Ubuntu 10.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 9.04: dvipng 1.11-1ubuntu0.9.04.1Ubuntu 9.10: dvipng 1.11-1ubuntu0.9.10.1Ubuntu 10.04 LTS: dvipng 1.12-3ubuntu0.1In general, a standard system update will make all the necessary changes.Details follow:Dan Rosenberg discovered that dvipng incorrectly handled certain malformeddvi files. If a user or automated system were tricked into processing aspecially crafted dvi file, an attacker could cause a denial of service viaapplication crash, or possibly execute arbitrary code with the privilegesof the user invoking the program.
More... (http://www.ubuntu.com/usn/USN-936-1)