The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-550-2] Cairo regression


<< Previous INDEX Search src / Print Next >>
Date: Mon, 10 Dec 2007 12:36:29 -0800
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-550-2] Cairo regression
Message-ID: <20071210203629.GD8789@outflux.net.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="NP12RPW2Q08TId7w"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.302 $
X-HELO: gorgon.outflux.net
X-Scanned-By: MIMEDefang 2.57 on 10.2.0.1
X-Virus-Scanned: antivirus-gw at tyumen.ru


--NP12RPW2Q08TId7w
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-550-2          December 10, 2007
libcairo regression
https://launchpad.net/bugs/NNNNNN
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.04:
  libcairo2                       1.4.2-0ubuntu1.2

Ubuntu 7.10:
  libcairo2                       1.4.10-1ubuntu4.2

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

USN-550-1 fixed vulnerabilities in Cairo.  The upstream fixes were incomple=
te,
and under certain situations, applications using Cairo would crash with a
floating point error.  This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Peter Valchev discovered that Cairo did not correctly decode PNG image dat=
a.
 By tricking a user or automated system into processing a specially crafted
 PNG with Cairo, a remote attacker could execute arbitrary code with user
 privileges.


Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.=
2-0ubuntu1.2.diff.gz
      Size/MD5:    29170 a64d5accaf670a3a042a0716291394d7
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.=
2-0ubuntu1.2.dsc
      Size/MD5:      980 f4568de7fd8d8e64448dd1132927061f
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.=
2.orig.tar.gz
      Size/MD5:  3081092 b254633046eafe603776d0bee791b751

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-doc=
_1.4.2-0ubuntu1.2_all.deb
      Size/MD5:   329056 b1575fd670eb3855e96edf52f3cf7ab0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-dire=
ctfb2-dev_1.4.2-0ubuntu1.2_amd64.deb
      Size/MD5:   515040 59fc61a32d6c5ca65df42f268268f379
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-dire=
ctfb2_1.4.2-0ubuntu1.2_amd64.deb
      Size/MD5:   430266 6d63671bf6d432855a177a76cab4f1d0
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev=
_1.4.2-0ubuntu1.2_amd64.deb
      Size/MD5:   537122 59f7f0831b4553b99b533958b2a5637d
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4=
=2E2-0ubuntu1.2_amd64.deb
      Size/MD5:   446134 17a75ebfeaa43eca5075260f7322e604
    http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-=
directfb2-udeb_1.4.2-0ubuntu1.2_amd64.udeb
      Size/MD5:   214084 e25a10d4d4e773a7a6a81e4222116497

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-dire=
ctfb2-dev_1.4.2-0ubuntu1.2_i386.deb
      Size/MD5:   488790 979721dacfc63ff1e87c97d104355108
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-dire=
ctfb2_1.4.2-0ubuntu1.2_i386.deb
      Size/MD5:   420138 074aafcb523bc8b393ff13513ed94f81
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev=
_1.4.2-0ubuntu1.2_i386.deb
      Size/MD5:   508712 6a177d9cffabeb7b46d0b1b1d83408bd
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4=
=2E2-0ubuntu1.2_i386.deb
      Size/MD5:   435692 ff8716999c992cde0d53c0a4cd7776fb
    http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-=
directfb2-udeb_1.4.2-0ubuntu1.2_i386.udeb
      Size/MD5:   204116 519465ff73b0dead2e18ecef8090c41f

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-dire=
ctfb2-dev_1.4.2-0ubuntu1.2_powerpc.deb
      Size/MD5:   498406 cac5ffc403e3d286be56aa4c7dfcac03
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-dire=
ctfb2_1.4.2-0ubuntu1.2_powerpc.deb
      Size/MD5:   422954 313dccc5f8880eb99d2bd520dd6b1981
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev=
_1.4.2-0ubuntu1.2_powerpc.deb
      Size/MD5:   520498 0c0472153c4b798e2219c3e72643818a
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4=
=2E2-0ubuntu1.2_powerpc.deb
      Size/MD5:   438856 645c36b71f069a29c78e71517ebc9253
    http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-=
directfb2-udeb_1.4.2-0ubuntu1.2_powerpc.udeb
      Size/MD5:   206976 d4d191ab373dae4bc9b61b4c72aefef4

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-dire=
ctfb2-dev_1.4.2-0ubuntu1.2_sparc.deb
      Size/MD5:   472108 0317c9ca17ab5428f9e1f359cfb2fa06
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-dire=
ctfb2_1.4.2-0ubuntu1.2_sparc.deb
      Size/MD5:   402336 44be030c98706251b3e414f3e89a9154
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev=
_1.4.2-0ubuntu1.2_sparc.deb
      Size/MD5:   492324 634481a6f873ae9c00b8b1a416b4ea7e
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4=
=2E2-0ubuntu1.2_sparc.deb
      Size/MD5:   417212 f96fd87530823ee7aa2e6870049eb45f
    http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-=
directfb2-udeb_1.4.2-0ubuntu1.2_sparc.udeb
      Size/MD5:   186296 42df2b3d472069e4918a717c964ba7f7

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.=
10-1ubuntu4.2.diff.gz
      Size/MD5:    35820 a5dae2b600de79eb6d6cd7c0df613554
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.=
10-1ubuntu4.2.dsc
      Size/MD5:     1013 8474af5f122f83ab1f75f9ea3f8d354e
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.=
10.orig.tar.gz
      Size/MD5:  3216689 5598a5e500ad922e37b159dee72fc993

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-doc=
_1.4.10-1ubuntu4.2_all.deb
      Size/MD5:   407696 c269f047a06167c111ee0a11365cc1ea

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-dire=
ctfb2-dev_1.4.10-1ubuntu4.2_amd64.deb
      Size/MD5:   572210 a9642cb123ccf6312916e22c27a6e3a9
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-dire=
ctfb2_1.4.10-1ubuntu4.2_amd64.deb
      Size/MD5:   489124 4924ec45a4eea3a3a275f002415653e2
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev=
_1.4.10-1ubuntu4.2_amd64.deb
      Size/MD5:   632822 07662831762f20e50139b5c950731f58
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4=
=2E10-1ubuntu4.2_amd64.deb
      Size/MD5:   536922 99d1a0202e50db78c0c4646859fea13f
    http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-=
directfb2-udeb_1.4.10-1ubuntu4.2_amd64.udeb
      Size/MD5:   195802 c81baf7740526b9ed2264ab2d5be8bc0

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-dire=
ctfb2-dev_1.4.10-1ubuntu4.2_i386.deb
      Size/MD5:   546548 529e9341682d12e757d0e5dc686cc6ec
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-dire=
ctfb2_1.4.10-1ubuntu4.2_i386.deb
      Size/MD5:   479746 5769a4e61e6422cc12839ff17925de9f
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev=
_1.4.10-1ubuntu4.2_i386.deb
      Size/MD5:   601216 d54be2b3a904bfa20af22b69d8fd21ea
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4=
=2E10-1ubuntu4.2_i386.deb
      Size/MD5:   524124 53f686c49d846e1afe5e8f89115fa1d2
    http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-=
directfb2-udeb_1.4.10-1ubuntu4.2_i386.udeb
      Size/MD5:   186428 c84079451a7bfc3b85c34238aa3c78ce

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-dire=
ctfb2-dev_1.4.10-1ubuntu4.2_powerpc.deb
      Size/MD5:   554832 1de0e3112f48e32b64840429ba621e23
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-dire=
ctfb2_1.4.10-1ubuntu4.2_powerpc.deb
      Size/MD5:   479018 4980ba793084c17f733f40bbf8e4f15e
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev=
_1.4.10-1ubuntu4.2_powerpc.deb
      Size/MD5:   613880 9a7e834124d8a124f8408ed89f2353da
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4=
=2E10-1ubuntu4.2_powerpc.deb
      Size/MD5:   528508 5ae830818a92c4838fc3951485431530
    http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-=
directfb2-udeb_1.4.10-1ubuntu4.2_powerpc.udeb
      Size/MD5:   186266 098d9b7df582a4ecb9bdf77831c4336a

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-dire=
ctfb2-dev_1.4.10-1ubuntu4.2_sparc.deb
      Size/MD5:   543772 e1ea0f5cb6745b0272a6c4d4aeb239e3
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-dire=
ctfb2_1.4.10-1ubuntu4.2_sparc.deb
      Size/MD5:   471248 a8e5991f36e20b71e6213d6c44031e37
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev=
_1.4.10-1ubuntu4.2_sparc.deb
      Size/MD5:   584786 affc097d3d1a068fd5fd7f80d13005c0
    http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4=
=2E10-1ubuntu4.2_sparc.deb
      Size/MD5:   505364 0a59d599ca6fb9f8047d35745c0d0db3
    http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-=
directfb2-udeb_1.4.10-1ubuntu4.2_sparc.udeb
      Size/MD5:   177688 f2705635217a2476cadc8b6dc5b9eae6


--NP12RPW2Q08TId7w
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHXaNNH/9LqRcGPm0RAjRlAJ9qQsofdqEzE2CHsqRSPOOqoIYg2gCgpEzy
49Osgs7l4eg1CzmF8jc8ct4=
=F9ft
-----END PGP SIGNATURE-----

--NP12RPW2Q08TId7w--


<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру