ID

VAR-201003-1082

CVE

CVE-2010-0205

TITLE

libpng stalls on highly compressed ancillary chunks

DESCRIPTION

The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. libpng Has a specific PNG ( Portable Network Graphics ) There is a problem with the file processing. libpng Contains crafted auxiliary chunks PNG When processing files, a huge amount of memory CPU May use resources. For more information, PNG Development Group Security advisories and Defending Libpng Applications Against Decompression Bombs Please confirm.Disturbance of service operation by a remote third party (DoS) An attack may be carried out. The 'libpng' library is prone to a remote denial-of-service vulnerability. Successful exploits will allow an attacker to consume an excessive amount of CPU memory, denying service to legitimate users. Successful exploits will allow an attacker to obtain potentially sensitive information. Versions prior to libpng 1.4.1, 1.2.43, and 1.0.53 are vulnerable. This resource consumption may cause applications using the libpng library to hang. The PNG format uses efficient compression to store graphic data and some related data in an auxiliary database. The PNG specification does not limit the number of chunks, limiting their size to 2.147G (2,147,483,647 bytes). Similarly, the specification limits the width and height of graphics to 2.147 billion rows and 2.147 billion columns. Since the deflate compression method can very efficiently compress data streams consisting of repeated single bytes, small PNG files may occupy a large amount of memory when decompressed, forming a \"decompression bomb that exhausts all available memory. For example, for a zTXt block containing 50,000 lines each containing 100 letters Z, the compressed size is about 17k bytes, but the decompressed size is 5M, and the compression ratio is about 300:1. Libpng library uses inefficient memory acquisition method when expanding compressed zTXt, iTXt and iCCP auxiliary data blocks. About 50k malformed iCCP blocks contained in graphic files can be decompressed to 60M, which will hang the browser for about 20 Minutes, a well-crafted malicious block can also hang the browser for even longer, using up all available memory. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201010-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Libpng: Multiple vulnerabilities Date: October 05, 2010 Bugs: #307637, #324153, #335887 ID: 201010-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in libpng might lead to privilege escalation or a Denial of Service. It is used by several programs, including web browsers and potentially server processes. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/libpng < 1.4.3 >= 1.4.3 Description =========== Multiple vulnerabilities were found in libpng: * The png_decompress_chunk() function in pngrutil.c does not properly handle certain type of compressed data (CVE-2010-0205) * A buffer overflow in pngread.c when using progressive applications (CVE-2010-1205) * A memory leak in pngrutil.c when dealing with a certain type of chunks (CVE-2010-2249) Impact ====== An attacker could exploit these vulnerabilities to cause programs linked against the library to crash or execute arbitrary code with the permissions of the user running the vulnerable program, which could be the root user. Workaround ========== There is no known workaround at this time. Resolution ========== All libpng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.4.3" References ========== [ 1 ] CVE-2010-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205 [ 2 ] CVE-2010-1205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205 [ 3 ] CVE-2010-2249 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201010-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2010-0014 Synopsis: VMware Workstation, Player, and ACE address several security issues. Issue date: 2010-09-23 Updated on: 2010-09-23 (initial release of advisory) CVE numbers: CVE-2010-3277 CVE-2010-1205 CVE-2010-0205 CVE-2010-2249 CVE-2010-0434 CVE-2010-0425 - ------------------------------------------------------------------------ 1. Summary VMware Workstation and Player address a potential installer security issue and security issues in libpng. VMware ACE Management Server (AMS) for Windows updates Apache httpd. 2. Relevant releases VMware Workstation 7.1.1 and earlier, VMware Player 3.1.1 and earlier, VMware ACE Management Server 2.7.1 and earlier, Note: VMware Server was declared End Of Availability on January 2010, support will be limited to Technical Guidance for the duration of the support term. 3. Problem Description a. VMware Workstation and Player installer security issue The Workstation 7.x and Player 3.x installers will load an index.htm file located in the current working directory on which Workstation 7.x or Player 3.x is being installed. This may allow an attacker to display a malicious file if they manage to get their file onto the system prior to installation. The issue can only be exploited at the time that Workstation 7.x or Player 3.x is being installed. Installed versions of Workstation and Player are not affected. The security issue is no longer present in the installer of the new versions of Workstation 7.x and Player 3.x (see table below for the version numbers). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-3277 to this issue. VMware would like to thank Alexander Trofimov and Marc Esher for independently reporting this issue to VMware. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 7.x any 7.1.2 build 301548 or later * Workstation 6.5.x any not affected Player 3.x any 3.1.2 build 301548 or later * Player 2.5.x any not affected AMS any any not affected Server any any not affected Fusion any Mac OS/X not affected ESXi any ESXi not affected ESX any ESX not affected * Note: This only affects the installer, if you have a version of Workstation or Player installed you are not vulnerable. b. Third party libpng updated to version 1.2.44 A buffer overflow condition in libpng is addressed that could potentially lead to code execution with the privileges of the application using libpng. Two potential denial of service issues are also addressed in the update. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1205, CVE-2010-0205, CVE-2010-2249 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 7.1.x any 7.1.2 build 301548 or later Workstation 6.5.x any affected, patch pending Player 3.1.x any 3.1.2 build 301548 or later Player 2.5.x any affected, patch pending AMS any any not affected Server any any affected, no patch planned Fusion any Mac OS/X not affected ESXi any ESXi not affected ESX any ESX not affected c. VMware ACE Management Server (AMS) for Windows updates Apache httpd version 2.2.15. A function in Apache HTTP Server when multithreaded MPM is used does not properly handle headers in subrequests in certain circumstances which may allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. The Apache mod_isapi module can be forced to unload a specific library before the processing of a request is complete, resulting in memory corruption. This vulnerability may allow a remote attacker to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0434 and CVE-2010-0425 to the issues addressed in this update. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation any any not affected Player any any not affected AMS any Windows 2.7.2 build 301548 or later AMS any Linux affected, patch pending * Server any any not affected Fusion any Mac OS/X not affected ESXi any ESXi not affected ESX any ESX not affected * Note CVE-2010-0425 is not applicable to AMS running on Linux 4. Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file. VMware Workstation 7.1.2 ------------------------ http://www.vmware.com/download/ws/ Release notes: http://downloads.vmware.com/support/ws71/doc/releasenotes_ws712.html Workstation for Windows 32-bit and 64-bit with VMware Tools md5sum: 2e9715ec297dc3ca904ad2707d3e2614 sha1sum: 55b2b99f67c3dacd402fb9880999086efd264e7a Workstation for Windows 32-bit and 64-bit without VMware Tools md5sum: 066929f59aef46f11f4d9fd6c6b36e4d sha1sum: def776a28ee1a21b1ad26e836ae868551fff6fc3 VMware Player 3.1.2 ------------------- http://www.vmware.com/download/player/ Release notes: http://downloads.vmware.com/support/player31/doc/releasenotes_player312.html VMware Player for Windows 32-bit and 64-bit md5sum: 3f289cb33af5e425c92d8512fb22a7ba sha1sum: bf67240c1f410ebeb8dcb4f6d7371334bf9a6b70 VMware Player for Linux 32-bit md5sum: 11e3e3e8753e1d9abbbb92c4e3c1dfe8 sha1sum: dd1dbcdb1f4654eefc11472b68934dcb69842749 VMware Player for Linux 64-bit md5sum: 2ab08e0d4050719845a64d334ca15bb1 sha1sum: f024ad84ec831fce8667dfa9601851da5d9fa59c VMware ACE Management Server 2.7.2 ---------------------------------- http://downloads.vmware.com/d/info/desktop_downloads/vmware_ace/2_7 Release notes: http://downloads.vmware.com/support/ace27/doc/releasenotes_ace272.html ACE Management Server for Windows md5sum: 02f0072b8e48a98ed914b633f070d550 sha1sum: 94a68eac4a328d21a741879b9d063227c0dc1ce4 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425 - ------------------------------------------------------------------------ 6. Change log 2010-09-23 VMSA-2010-0014 Initial security advisory after release of Workstation 7.1.2, Player 3.1.2 and ACE Management Server 2.7.2 on 2010-09-23 - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware Security Advisories http://www.vmware.com/security/advisoiries VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2010 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iEYEARECAAYFAkycSrQACgkQS2KysvBH1xmT9wCfbBUS4GYrJohz+QMLYcoiFmSh eTgAoIAmx+ilbe2myj02daLjFrVQfQII =5jlh -----END PGP SIGNATURE----- . Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: a490385a7af091254460923d5b370281 2008.0/i586/libpng3-1.2.22-0.4mdv2008.0.i586.rpm 0a24bbf70a2d0acfe67872e0c9d8f709 2008.0/i586/libpng-devel-1.2.22-0.4mdv2008.0.i586.rpm 4606a9e929c6051e122b70ebe2e7bad4 2008.0/i586/libpng-source-1.2.22-0.4mdv2008.0.i586.rpm 694d03d2e8d3bcd07fc0684fd8a6b0c9 2008.0/i586/libpng-static-devel-1.2.22-0.4mdv2008.0.i586.rpm da310f9645a322af4d2a97b9cf4592eb 2008.0/SRPMS/libpng-1.2.22-0.4mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 4502fd5d882a47d409bfd0e0bc154c88 2008.0/x86_64/lib64png3-1.2.22-0.4mdv2008.0.x86_64.rpm 91b539a7a3a87d57c1ee1e33921aa787 2008.0/x86_64/lib64png-devel-1.2.22-0.4mdv2008.0.x86_64.rpm f0e202692b44e5ebd09168e307a1ad7b 2008.0/x86_64/lib64png-static-devel-1.2.22-0.4mdv2008.0.x86_64.rpm a5c685aa7aac15155af58211a576e08c 2008.0/x86_64/libpng-source-1.2.22-0.4mdv2008.0.x86_64.rpm da310f9645a322af4d2a97b9cf4592eb 2008.0/SRPMS/libpng-1.2.22-0.4mdv2008.0.src.rpm Corporate 4.0: e224d113e77e285d85ff11c55dae9e50 corporate/4.0/i586/libpng3-1.2.8-1.7.20060mlcs4.i586.rpm c0d62f11277442b0d7a909d0c1c53249 corporate/4.0/i586/libpng3-devel-1.2.8-1.7.20060mlcs4.i586.rpm 8ea7ca8ab7bbed8f2683698a3f493d56 corporate/4.0/i586/libpng3-static-devel-1.2.8-1.7.20060mlcs4.i586.rpm 76f958bdba2876ea2a36f42407aaa9dc corporate/4.0/SRPMS/libpng-1.2.8-1.7.20060mlcs4.src.rpm Corporate 4.0/X86_64: a19c0839e78e5d16cc159621ff8e3786 corporate/4.0/x86_64/lib64png3-1.2.8-1.7.20060mlcs4.x86_64.rpm 68d1b5c5174f6de15eb1d68735e45e0f corporate/4.0/x86_64/lib64png3-devel-1.2.8-1.7.20060mlcs4.x86_64.rpm d477b9271f6beba77435121f09dff09d corporate/4.0/x86_64/lib64png3-static-devel-1.2.8-1.7.20060mlcs4.x86_64.rpm 76f958bdba2876ea2a36f42407aaa9dc corporate/4.0/SRPMS/libpng-1.2.8-1.7.20060mlcs4.src.rpm Multi Network Firewall 2.0: 5fe2f05d45ebaac79c58e47429dedceb mnf/2.0/i586/libpng3-1.2.5-10.12.M20mdk.i586.rpm 0ebace3f9758ea06e6471317f95b253f mnf/2.0/i586/libpng3-devel-1.2.5-10.12.M20mdk.i586.rpm 3aa8ba999455eb190979ec7f6f22421a mnf/2.0/i586/libpng3-static-devel-1.2.5-10.12.M20mdk.i586.rpm 1ceca3083b90247ac1d1b68b4bf08f33 mnf/2.0/SRPMS/libpng-1.2.5-10.12.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLp88BmqjQ0CJFipgRAl2vAKCNCYs8gf3lw0tqgRMM6WC87P6roQCfZMU2 M2vZq2Q3ZYYDuZssm6LfxaI= =dFcH -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-913-1 March 16, 2010 libpng vulnerabilities CVE-2009-2042, CVE-2010-0205 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpng12-0 1.2.8rel-5ubuntu0.5 Ubuntu 8.04 LTS: libpng12-0 1.2.15~beta5-3ubuntu0.2 Ubuntu 8.10: libpng12-0 1.2.27-1ubuntu0.2 Ubuntu 9.04: libpng12-0 1.2.27-2ubuntu2.1 Ubuntu 9.10: libpng12-0 1.2.37-1ubuntu0.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: It was discovered that libpng did not properly initialize memory when decoding certain 1-bit interlaced images. If a user or automated system were tricked into processing crafted PNG images, an attacker could possibly use this flaw to read sensitive information stored in memory. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. (CVE-2009-2042) It was discovered that libpng did not properly handle certain excessively compressed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service. (CVE-2010-0205) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.5.diff.gz Size/MD5: 22337 fa254fcc4cb513e59eb9467abad87cca http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel-5ubuntu0.5.dsc Size/MD5: 661 17f3956e31ccadfed0a3bfdc8f5f065a http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.8rel.orig.tar.gz Size/MD5: 510681 cac1512878fb98f2456df6dc50bc9bc7 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.8rel-5ubuntu0.5_all.deb Size/MD5: 842 a5ab55fb1b372c9ac93493fd699b276f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.5_amd64.deb Size/MD5: 114374 1315864425b2dfaea123fe05118de0b0 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.5_amd64.deb Size/MD5: 247552 4acf10d5d173d06843cb1dc9b1b894fe http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.5_amd64.udeb Size/MD5: 69464 1761fb1c524387b8aabd7bd3dccb2eda i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.5_i386.deb Size/MD5: 111916 0043501424d2cee81d5f6229a2b3d166 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.5_i386.deb Size/MD5: 239610 8422b7b137f09b49d27541a87251cce4 http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.5_i386.udeb Size/MD5: 66948 a8e6db358ed472eb9f18d3b51aed1347 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.5_powerpc.deb Size/MD5: 111422 a0ea39141ce6319b057db22e9fcaf8d6 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.5_powerpc.deb Size/MD5: 245142 d2d7ed0b8fa777fd58fe78345625a1e7 http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.5_powerpc.udeb Size/MD5: 66386 f65de398bac540da7a25370999eb9643 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.8rel-5ubuntu0.5_sparc.deb Size/MD5: 108988 5bad496a668c87614866fe1f04c8c17e http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.8rel-5ubuntu0.5_sparc.deb Size/MD5: 239972 b3cf4fc712ab063ababdefc5030ad07a http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.8rel-5ubuntu0.5_sparc.udeb Size/MD5: 63832 148d28886ec7fdb3334196a762daad1c Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-3ubuntu0.2.diff.gz Size/MD5: 21048 9f9e2ce175afd0a41bfa613c8672a164 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5-3ubuntu0.2.dsc Size/MD5: 832 59b9f6994e1bef9b8f83561b70afda00 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz Size/MD5: 829038 77ca14fcee1f1f4daaaa28123bd0b22d Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.15~beta5-3ubuntu0.2_all.deb Size/MD5: 940 e6cfd9d151530dac9ef81148e1690e61 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.2_amd64.deb Size/MD5: 190022 6a7c0dfd7c8501f8628178b5b0eee0cd http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.2_amd64.deb Size/MD5: 179662 bc60e9256f650d385f0c1d175c14fe80 http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.2_amd64.udeb Size/MD5: 70430 a6782df5314e3c49137b1d3253c2c6b4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.2_i386.deb Size/MD5: 188650 0d4b87ea55d252a24bc74ebc4d748645 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.2_i386.deb Size/MD5: 171178 9608ecb2bd7697bbf4510822a6c61e32 http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.2_i386.udeb Size/MD5: 69094 f39b5e822f4da67599876c68904ecad1 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.2_lpia.deb Size/MD5: 189520 36f70d5b5d6cc10e89323efd72b3e061 http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.2_lpia.deb Size/MD5: 172882 1b5a5a4d6198c0eb6b14dc89c5a9da19 http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.2_lpia.udeb Size/MD5: 69994 a3e824e57de27f7b7ed1b93ddd6f6917 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.2_powerpc.deb Size/MD5: 190076 8ec2399126dc45cb9069588dec4f23ef http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.2_powerpc.deb Size/MD5: 179070 3a16935d6ed3029b636f5a2277470659 http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.2_powerpc.udeb Size/MD5: 70556 a2f68773735f91ca14c95fe374a56d7b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.15~beta5-3ubuntu0.2_sparc.deb Size/MD5: 185426 8755e9f8c1be78dbe2de213d9666fd7f http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.15~beta5-3ubuntu0.2_sparc.deb Size/MD5: 173332 f94ff6354e27bda2f21a8a542e77f274 http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.15~beta5-3ubuntu0.2_sparc.udeb Size/MD5: 65854 2631780a00ee2727264e6d0f477daa83 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-1ubuntu0.2.diff.gz Size/MD5: 19116 22de419d4a9203e183ccc14813b0d5e2 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-1ubuntu0.2.dsc Size/MD5: 1293 bd0ff3a04141fae88c8136f6f9ee63d4 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27.orig.tar.gz Size/MD5: 783204 13a0de401db1972a8e68f47d5bdadd13 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.27-1ubuntu0.2_all.deb Size/MD5: 934 cdd02e7c09b4bb61bd14670f155f81f4 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-1ubuntu0.2_amd64.deb Size/MD5: 168308 37a5c4970ffd3dc878026e66310bfecc http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-1ubuntu0.2_amd64.deb Size/MD5: 255526 df3e911f99e2d64d3246710e0dea9d49 http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.27-1ubuntu0.2_amd64.udeb Size/MD5: 72758 6a64efb6a07e32ddfe80bed566e110c8 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-1ubuntu0.2_i386.deb Size/MD5: 166630 08a7389cb42e41ebba773ecdb9e347fe http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-1ubuntu0.2_i386.deb Size/MD5: 247664 e39fbb64952529e977b335e308662782 http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng12-0-udeb_1.2.27-1ubuntu0.2_i386.udeb Size/MD5: 71014 9e5c717ed5d4e17d86caabb80221030d lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-1ubuntu0.2_lpia.deb Size/MD5: 167096 ed195852cc2b60cb0ddc9cccf87ed280 http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-1ubuntu0.2_lpia.deb Size/MD5: 248616 dc85b020b9a129916f24618d3e27e684 http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.27-1ubuntu0.2_lpia.udeb Size/MD5: 71418 e60289ac791f78aae8eb5598a3eacb5a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-1ubuntu0.2_powerpc.deb Size/MD5: 167230 5f8b71b3a98b1645727f1f4ae534f960 http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-1ubuntu0.2_powerpc.deb Size/MD5: 254380 76ea57650fd01eb86a315ca0b73dcdca http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.27-1ubuntu0.2_powerpc.udeb Size/MD5: 71582 f9b8803343f2f61bf5f07b1fb4a25918 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-1ubuntu0.2_sparc.deb Size/MD5: 162222 445a3d3abb843e73fbf89fe0520ab664 http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-1ubuntu0.2_sparc.deb Size/MD5: 248216 768f20b123d1b0c1c448b3b240245d5c http://ports.ubuntu.com/pool/universe/libp/libpng/libpng12-0-udeb_1.2.27-1ubuntu0.2_sparc.udeb Size/MD5: 66728 cf376eab6461fdee69f0bbde6d58dc53 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-2ubuntu2.1.diff.gz Size/MD5: 174503 ffa63cd1b57dc442faff9a65d2f25ee7 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27-2ubuntu2.1.dsc Size/MD5: 1296 890ff19ff7b12aa90d0d38c0b1550055 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.27.orig.tar.gz Size/MD5: 783204 13a0de401db1972a8e68f47d5bdadd13 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.27-2ubuntu2.1_all.deb Size/MD5: 936 3dee09961304f1caf76db0995a027b95 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.1_amd64.udeb Size/MD5: 72778 30622682dc700cba1101384ab84fe7ca http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.1_amd64.deb Size/MD5: 168382 4be6ce864bf04169baf7d4b656ea8e02 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.1_amd64.deb Size/MD5: 255620 730ed6a69006fa14753ef99f89664d31 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.1_i386.udeb Size/MD5: 71084 5a3cc8f7589fae49e91689d85476b193 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.1_i386.deb Size/MD5: 166732 d674a5262197c091d9ca5b2370cff187 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.1_i386.deb Size/MD5: 247744 644a3757529a46d3389e2db18a566f3d lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.1_lpia.udeb Size/MD5: 71472 662aba7284b732240c2d7bff864eed12 http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.1_lpia.deb Size/MD5: 167200 47dc03f91b37b73626e026cb7da28b15 http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.1_lpia.deb Size/MD5: 248706 a01e8fe54d38f4101c6ad0f78eec4a7e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.1_powerpc.udeb Size/MD5: 71564 96e3fb7342ab462db7a27fbd39a46649 http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.1_powerpc.deb Size/MD5: 167254 90e1cb3da8cc85953442611cf0faaed8 http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.1_powerpc.deb Size/MD5: 254444 4b89c89e031c0d4265b1eb3da45f06e9 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.27-2ubuntu2.1_sparc.udeb Size/MD5: 66646 ac9aa1a738ef8ed71bd8b876f1920098 http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.27-2ubuntu2.1_sparc.deb Size/MD5: 162176 06a1b4ab47a39790da4e9b1e0967c1d2 http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.27-2ubuntu2.1_sparc.deb Size/MD5: 248222 91cca4c40c4ce6ac41df52ea62e5008a Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37-1ubuntu0.1.diff.gz Size/MD5: 18107 a9bf93cac21b17a3589193ae511b75d2 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37-1ubuntu0.1.dsc Size/MD5: 1293 dc9a20f9a129ad150f61ec9bb745b039 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng_1.2.37.orig.tar.gz Size/MD5: 805380 7480dbbf9f6c3297faf6fe52ec9b91ab Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/libp/libpng/libpng3_1.2.37-1ubuntu0.1_all.deb Size/MD5: 934 3d21bd9bf41fe210303474389cfeb0a8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.1_amd64.udeb Size/MD5: 73848 d436fc20150573d565017d9e29141484 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.1_amd64.deb Size/MD5: 174886 34607a76ee1ebdd82b5c71068e6e32b2 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.1_amd64.deb Size/MD5: 265214 f600588bdf4f00731d94ccd8bbc68455 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.1_i386.udeb Size/MD5: 70382 7d93414ce0e28351b972605abae92cd1 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.1_i386.deb Size/MD5: 171402 2b8f6f1c8e8300c3149c59d1fc107659 http://security.ubuntu.com/ubuntu/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.1_i386.deb Size/MD5: 255250 a033009f8d9a990655437c3d129668bf lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.1_lpia.udeb Size/MD5: 71012 d3df3a73bf61acb9f1d489a32b3b8a60 http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.1_lpia.deb Size/MD5: 172126 1b94fcc470ba8878eace85240fae74cf http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.1_lpia.deb Size/MD5: 257172 3c3280435a2b7d1817b49cd4a3a14bef powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.1_powerpc.udeb Size/MD5: 72402 e0b80daed7db7e00d2a921ed5708ffe8 http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.1_powerpc.deb Size/MD5: 173494 31c424c02fe594bb6cf9acd1bef1763f http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.1_powerpc.deb Size/MD5: 264450 b0546250e1804b0d385bb8eb714cd2da sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0-udeb_1.2.37-1ubuntu0.1_sparc.udeb Size/MD5: 67312 0df0d665eeb40343b9d5485910101786 http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-0_1.2.37-1ubuntu0.1_sparc.deb Size/MD5: 168372 2a079837d6b9f47c41a02340c5d9e27c http://ports.ubuntu.com/pool/main/libp/libpng/libpng12-dev_1.2.37-1ubuntu0.1_sparc.deb Size/MD5: 257434 05811c8ff658321e91078f280dacfbe7 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2032-1 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano April 11, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : libpng Vulnerability : several Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2009-2042 CVE-2010-0205 Debian Bugs : 533676 572308 Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2042 libpng does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file. For the testing (squeeze) and unstable (sid) distribution, these problems have been fixed in version 1.2.43-1 We recommend that you upgrade your libpng package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny3.dsc Size/MD5 checksum: 1201 abe81b0d3c4aa7a1fa418e29f2c5b297 http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27.orig.tar.gz Size/MD5 checksum: 783204 13a0de401db1972a8e68f47d5bdadd13 http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny3.diff.gz Size/MD5 checksum: 19687 60ede1843ceb8a1f127c54b847a74dfa Architecture independent packages: http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.27-2+lenny3_all.deb Size/MD5 checksum: 880 028b00e28aad8282714776c5dcca64a8 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_alpha.udeb Size/MD5 checksum: 86562 d9c50af59951e972557d393409b75bf2 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_alpha.deb Size/MD5 checksum: 287752 1d7d84aee223c0933d1a616722607096 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_alpha.deb Size/MD5 checksum: 182436 001ecbf421f70ca521a3968f1d14c874 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_amd64.udeb Size/MD5 checksum: 71912 78fbe1a6568671e4c557ec12e29481b0 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_amd64.deb Size/MD5 checksum: 254500 481312a64867f31c363b7fbba9cfe171 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_amd64.deb Size/MD5 checksum: 167864 3d285c20d2f080313f82eb09dcb7261b arm architecture (ARM) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_arm.udeb Size/MD5 checksum: 64566 a4a9742190557d14beae40133fb46cf1 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_arm.deb Size/MD5 checksum: 245438 a16f62e771622e05812172f7c7066504 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_arm.deb Size/MD5 checksum: 159612 81facf06de458dd6b1e84a78bb1acfc8 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_armel.udeb Size/MD5 checksum: 67028 56fc4199656d239231c7b8d8e035fead http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_armel.deb Size/MD5 checksum: 245930 9f64181bc16af0ad0de4ba2e86b25706 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_armel.deb Size/MD5 checksum: 162504 3129e1c2360fcba0309257e2b1dff8ca hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_hppa.udeb Size/MD5 checksum: 73858 9d5a53e3258b5149bee68a4d20067bf9 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_hppa.deb Size/MD5 checksum: 169602 12ddce05c84ef675c348a1e64f1a277c http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_hppa.deb Size/MD5 checksum: 261788 9297cb916e57e2f912de3f16bcbae475 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_i386.deb Size/MD5 checksum: 246968 083d472fd65f884c91dff5926e538342 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_i386.deb Size/MD5 checksum: 165560 233945ee4b1e442357276431ce495a4c http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_i386.udeb Size/MD5 checksum: 70094 769336f4574678e56931e1a1eaf6be6a ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_ia64.deb Size/MD5 checksum: 305324 42d7265034b84662467bb75456653787 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_ia64.udeb Size/MD5 checksum: 111776 ad716022a6a22371bb83f3966ebe17d4 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_ia64.deb Size/MD5 checksum: 206866 572b9d18c5adba74a4e5b99714968a60 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_mipsel.deb Size/MD5 checksum: 262242 e905771ac3fa905cc03a3ddc8f9872dd http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_mipsel.udeb Size/MD5 checksum: 68370 4d44877866357a0fd8474fd8fe183616 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_mipsel.deb Size/MD5 checksum: 164154 93c02dbae7dfe59b77ce4b683b82eaef powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_powerpc.deb Size/MD5 checksum: 166402 1d470464fe2b493aef8d95dde5fd95d8 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_powerpc.udeb Size/MD5 checksum: 70682 1dd9713672dbac4a7434f1f96a1184b5 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_powerpc.deb Size/MD5 checksum: 253478 7a87577e07ed0bb9e759b973b2d7cf18 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_s390.udeb Size/MD5 checksum: 73470 52b1a911a81f133a83a387663aa3ffb2 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_s390.deb Size/MD5 checksum: 252988 18b4c8b17b3e30ab6cce89c21c99fbfc http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_s390.deb Size/MD5 checksum: 169264 601982b9a97707ab05e1f4469cd8e20e sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_sparc.deb Size/MD5 checksum: 161562 facd643206903acfa3a503c1d69e9248 http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_sparc.udeb Size/MD5 checksum: 66032 cbbe521a9a5629987603a57b8c9f35be http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_sparc.deb Size/MD5 checksum: 247212 76b8fe782fd0e5f7546bd535f8d442bc These files will probably be moved into the stable distribution on its next update. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

resource management error

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES