"Ubuntu Security Notice USN-936-1 May 06, 2010
dvipng vulnerability
CVE-2010-0829
==========================
==========================
=========
A security issue affects the following Ubuntu releases:
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.04:
dvipng 1.11-1ubuntu0.9.04.1
Ubuntu 9.10:
dvipng 1.11-1ubuntu0.9.10.1
Ubuntu 10.04 LTS:
dvipng 1.12-3ubuntu0.1
In general, a standard system update will make all the necessary changes.
Details follow:
Dan Rosenberg discovered that dvipng incorrectly handled certain malformed
dvi files. If a user or automated system were tricked into processing a
specially crafted dvi file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program.
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubunt=
u0.9.04.1.diff.gz
Size/MD5: 5637 dabdea489ab5eb30b69d29a32b25a8d3
http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubunt=
u0.9.04.1.dsc
Size/MD5: 1359 639e1723ccc0ff923d3172d43bc62d41
http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11.orig.t=
ar.gz
Size/MD5: 167331 6afa95aec70e4c5934268cff0443f89c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubunt=
u0.9.04.1_amd64.deb
Size/MD5: 81990 37a793d70ba97eb31c2905b1ccc5022e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubunt=
u0.9.04.1_i386.deb
Size/MD5: 78506 49d6f36271ae60ef9de6d51c64758c12
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_=
lpia.deb
Size/MD5: 78906 ed6c1393fbab607bc0a74823a771f438
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_=
powerpc.deb
Size/MD5: 86220 048fecd5ab09ad94bc6478bcb32d6d8a
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_=
sparc.deb
Size/MD5: 80010 a4b43b1a6213ecc7355ab2956459c87b
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubunt=
u0.9.10.1.diff.gz
Size/MD5: 5641 3dafdf50218a6269ef6fddcc0a21e6f8
http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubunt=
u0.9.10.1.dsc
Size/MD5: 1359 1023698785011a4d5ea940e4a88dbb50
http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11.orig.t=
ar.gz
Size/MD5: 167331 6afa95aec70e4c5934268cff0443f89c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubunt=
u0.9.10.1_amd64.deb
Size/MD5: 82752 e6bcc7f9620e5e41db0358fb83b5aa0a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubunt=
u0.9.10.1_i386.deb
Size/MD5: 77646 0f0464056a785b77388bec0f4b6999ef
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_=
lpia.deb
Size/MD5: 77802 3953c9bc7c276e9e9796f9beaa6c809a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_=
powerpc.deb
Size/MD5: 85848 1ad664271069cfc80ddfea5d79f54910
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_=
sparc.deb
Size/MD5: 82060 e7d8269582cd2e0e0616a84199cc5f62
Updated packages for Ubuntu 10.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubunt=
u0.1.diff.gz
Size/MD5: 5701 a4a8c25123f44e6f975775b651a851ad
http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubunt=
u0.1.dsc
Size/MD5: 1285 3fad39f6fd7c4354e2197a28d799222c
http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12.orig.t=
ar.gz
Size/MD5: 168196 0925fb516cdf6b2207138781a4b3076e
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubunt=
u0.1_amd64.deb
Size/MD5: 90440 21750b0a43906006e18fb0a57cbb861b
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubunt=
u0.1_i386.deb
Size/MD5: 85282 b229656ab335dc77d682b195e3021e06
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_power=
pc.deb
Size/MD5: 93626 c5d5b932dddb9b78c90c87478c14878c
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_sparc=
.deb
Size/MD5: 91402 fc79245fa0cbc7719c7dd9b28776af09
--=-grhNADConyhkgzPnAthG
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEABECAAYFAkvixWkACgkQLMAs/0C4zNrMngCeKp3yaEwlmzOnW8o0PES55uzT
kBsAn0axIPd7eaNKbsMrXM9LMf9wxxqH
=Job3
-----END PGP SIGNATURE-----
"
USN-927-1: NSS vulnerabilityHawkwind and Hadouken! to play GuilFest
This entry was posted
on 6:03 PM
.
Archives
-
▼
2010
(391)
-
▼
May
(22)
- RHSA-2010:0424-01 Important: kernel security and e...
- USN-939-1: X.org vulnerabilities
- DSA 2047-1: New aria2 packages fix directory trave...
- CentOS-5.5 i386 and x86_64 released
- DSA-2046-1: New phpgroupware packages fix several ...
- USN-938-1: KDENetwork vulnerability
- DSA 2043-1: New vlc packages fix arbitrary code ex...
- RHSA-2010:0400-01 Moderate: tetex security update
- DSA 2045-1: New libtheora packages fix arbitrary c...
- DSA 2042-1: New iscsitarget packages fix arbitrary...
- DSA 2044-1: New mplayer packages fix arbitrary cod...
- RHSA-2010:0401-01 Moderate: tetex security update
- USN-936-1: dvipng vulnerability
- RHSA-2010:0398-01 Important: kernel security and b...
- RHSA-2010:0399-01 Moderate: tetex security update
- USN-937-1: TeX Live vulnerabilities
- RHSA-2010:0394-01 Important: kernel security, bug ...
- DSA-2041-1: New mediawiki packages fix cross-site ...
- RHSA-2010:0386-01 Low: Red Hat Enterprise Linux 3 ...
- DSA 2040-1: New squidguard packages fix several vu...
- DSA 2039-1: New cacti packages fix missing input s...
- USN-934-1: Netpbm vulnerability
-
▼
May
(22)