Ubuntu Security Notice USN-960-1 July 08, 2010
libpng vulnerabilities
CVE-2010-1205, CVE-2010-2249
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libpng12-0 1.2.8rel-5ubuntu0.6
Ubuntu 8.04 LTS:
libpng12-0 1.2.15~beta5-3ubuntu0.3
Ubuntu 9.04:
libpng12-0 1.2.27-2ubuntu2.2
Ubuntu 9.10:
libpng12-0 1.2.37-1ubuntu0.2
Ubuntu 10.04 LTS:
libpng12-0 1.2.42-1ubuntu2.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
Details follow:
It was discovered that libpng did not properly handle certain malformed PNG
images. If a user or automated system were tricked into opening a crafted
PNG file, an attacker could cause a denial of service or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2010-1205)
It was discovered that libpng did not properly handle certain malformed PNG
images. If a user or automated system were tricked into processing a
crafted PNG image, an attacker could possibly use this flaw to consume all
available resources, resulting in a denial of service. (CVE-2010-2249)