View Full Version : USN-538-1: libpng vulnerabilities

October 25th, 2007, 11:40 PM
Referenced CVEs:
CVE-2007-5268, CVE-2007-5269

================================================== ========= Ubuntu Security Notice USN-538-1 October 25, 2007 libpng vulnerabilities CVE-2007-5268, CVE-2007-5269 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpng12-0 1.2.8rel-5ubuntu0.3 Ubuntu 6.10: libpng12-0 1.2.8rel-5.1ubuntu0.3 Ubuntu 7.04: libpng12-0 1.2.15~beta5-1ubuntu1.1 Ubuntu 7.10: libpng12-0 1.2.15~beta5-2ubuntu0.1 After a standard system upgrade you need to reboot your computer to affect the necessary changes. Details follow: It was discovered that libpng did not properly perform bounds checking and comparisons in certain operations. An attacker could send a specially crafted PNG image and cause a denial of service in applications linked against libpng.

More... (http://www.ubuntu.com/usn/usn-538-1)