[USN-936-1] dvipng vulnerability

Marc Deslauriers marc.deslauriers at canonical.com
Thu May 6 13:34:35 UTC 2010 

===========================================================
Ubuntu Security Notice USN-936-1               May 06, 2010
dvipng vulnerability
CVE-2010-0829
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
  dvipng                          1.11-1ubuntu0.9.04.1

Ubuntu 9.10:
  dvipng                          1.11-1ubuntu0.9.10.1

Ubuntu 10.04 LTS:
  dvipng                          1.12-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

Details follow:

Dan Rosenberg discovered that dvipng incorrectly handled certain malformed
dvi files. If a user or automated system were tricked into processing a
specially crafted dvi file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program.


Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1.diff.gz
      Size/MD5:     5637 dabdea489ab5eb30b69d29a32b25a8d3
    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1.dsc
      Size/MD5:     1359 639e1723ccc0ff923d3172d43bc62d41
    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11.orig.tar.gz
      Size/MD5:   167331 6afa95aec70e4c5934268cff0443f89c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_amd64.deb
      Size/MD5:    81990 37a793d70ba97eb31c2905b1ccc5022e

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_i386.deb
      Size/MD5:    78506 49d6f36271ae60ef9de6d51c64758c12

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_lpia.deb
      Size/MD5:    78906 ed6c1393fbab607bc0a74823a771f438

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_powerpc.deb
      Size/MD5:    86220 048fecd5ab09ad94bc6478bcb32d6d8a

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_sparc.deb
      Size/MD5:    80010 a4b43b1a6213ecc7355ab2956459c87b

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1.diff.gz
      Size/MD5:     5641 3dafdf50218a6269ef6fddcc0a21e6f8
    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1.dsc
      Size/MD5:     1359 1023698785011a4d5ea940e4a88dbb50
    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11.orig.tar.gz
      Size/MD5:   167331 6afa95aec70e4c5934268cff0443f89c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_amd64.deb
      Size/MD5:    82752 e6bcc7f9620e5e41db0358fb83b5aa0a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_i386.deb
      Size/MD5:    77646 0f0464056a785b77388bec0f4b6999ef

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_lpia.deb
      Size/MD5:    77802 3953c9bc7c276e9e9796f9beaa6c809a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_powerpc.deb
      Size/MD5:    85848 1ad664271069cfc80ddfea5d79f54910

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_sparc.deb
      Size/MD5:    82060 e7d8269582cd2e0e0616a84199cc5f62

Updated packages for Ubuntu 10.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1.diff.gz
      Size/MD5:     5701 a4a8c25123f44e6f975775b651a851ad
    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1.dsc
      Size/MD5:     1285 3fad39f6fd7c4354e2197a28d799222c
    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12.orig.tar.gz
      Size/MD5:   168196 0925fb516cdf6b2207138781a4b3076e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_amd64.deb
      Size/MD5:    90440 21750b0a43906006e18fb0a57cbb861b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_i386.deb
      Size/MD5:    85282 b229656ab335dc77d682b195e3021e06

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_powerpc.deb
      Size/MD5:    93626 c5d5b932dddb9b78c90c87478c14878c

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_sparc.deb
      Size/MD5:    91402 fc79245fa0cbc7719c7dd9b28776af09



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20100506/919e76df/attachment.sig>

More information about the ubuntu-security-announce mailing list