USN-960-1: libpng vulnerabilities

08 July 2010

Releases

Packages

  • libpng -

Details

It was discovered that libpng did not properly handle certain malformed PNG
images. If a user or automated system were tricked into opening a crafted
PNG file, an attacker could cause a denial of service or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2010-1205)

It was discovered that libpng did not properly handle certain malformed PNG
images. If a user or automated system were tricked into processing a
crafted PNG image, an attacker could possibly use this flaw to consume all
available resources, resulting in a denial of service. (CVE-2010-2249)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10
Ubuntu 9.04
Ubuntu 8.04
Ubuntu 6.06
Ubuntu 10.04

After a standard system update you need to reboot your computer to make
all the necessary changes.

Related notices

  • USN-958-1: thunderbird
  • USN-930-4: firefox-3.5, xulrunner-1.9.2, firefox-3.0, abrowser
  • USN-957-1: firefox, xulrunner-1.9.2, firefox-3.0, abrowser