[Bug 217128] Re: CVE-2008-1382: libpng zero-length chunks incorrect handling

Thu, 05 Mar 2009 17:38:44 -0800 

This bug was fixed in the package libpng - 1.2.15~beta5-3ubuntu0.1

---------------
libpng (1.2.15~beta5-3ubuntu0.1) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service and possible execution of arbitrary
    code via crafted image (LP: #338027)
    - initialize pointers in pngread.c, pngrtans.c, pngset.c and example.c
    - CVE-2009-0040
  * SECURITY UPDATE: denial of service and possible execution of arbitrary
    code via crafted image (LP: #217128)
    - initialize "unknown" chunks in pngpread.c, pngrutil.c and pngset.c
    - CVE-2008-1382
  * SECURITY UPDATE: denial of service via off-by-one error
    - shorten tIME_string to 29 bytes in pngtest.c
    - CVE-2008-3964
  * SECURITY UPDATE: denial of service via incorrect memory assignment
    (LP: #324258)
    - update pngwutil.c to properly set new_key to NULL string
    - CVE-2008-5907
  * SECURITY UPDATE: denial of service via a crafted PNG image
    - fix for pngset.c to properly check palette size in png_set_hIST
    - CVE-2007-5268
  * SECURITY UPDATE: denial of service via a crafted PNG image
    - fix for pngpread.c and pngrutil.c to properly do bounds checking on read
      operations. Previous version only had a partial fix.
    - CVE-2007-5269

 -- Jamie Strandboge <[email protected]>   Thu, 05 Mar 2009 06:39:46
-0600

** Changed in: libpng (Ubuntu Hardy)
       Status: In Progress => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-5268

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-5269

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-3964

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5907

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0040

** Changed in: libpng (Ubuntu Gutsy)
       Status: In Progress => Fix Released

-- 
CVE-2008-1382: libpng zero-length chunks incorrect handling
https://bugs.launchpad.net/bugs/217128
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to