LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: 936-1: dvipng vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Dan Rosenberg discovered that dvipng incorrectly handled certain malformeddvi files. If a user or automated system were tricked into processing aspecially crafted dvi file, an attacker could cause a denial of service viaapplication crash, or possibly execute arbitrary code with the privilegesof the user invoking the program. [More...]
===========================================================
Ubuntu Security Notice USN-936-1               May 06, 2010
dvipng vulnerability
CVE-2010-0829
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
  dvipng                          1.11-1ubuntu0.9.04.1

Ubuntu 9.10:
  dvipng                          1.11-1ubuntu0.9.10.1

Ubuntu 10.04 LTS:
  dvipng                          1.12-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

Details follow:

Dan Rosenberg discovered that dvipng incorrectly handled certain malformed
dvi files. If a user or automated system were tricked into processing a
specially crafted dvi file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program.


Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1.diff.gz
      Size/MD5:     5637 dabdea489ab5eb30b69d29a32b25a8d3
    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1.dsc
      Size/MD5:     1359 639e1723ccc0ff923d3172d43bc62d41
    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11.orig.tar.gz
      Size/MD5:   167331 6afa95aec70e4c5934268cff0443f89c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_amd64.deb
      Size/MD5:    81990 37a793d70ba97eb31c2905b1ccc5022e

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_i386.deb
      Size/MD5:    78506 49d6f36271ae60ef9de6d51c64758c12

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_lpia.deb
      Size/MD5:    78906 ed6c1393fbab607bc0a74823a771f438

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_powerpc.deb
      Size/MD5:    86220 048fecd5ab09ad94bc6478bcb32d6d8a

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_sparc.deb
      Size/MD5:    80010 a4b43b1a6213ecc7355ab2956459c87b

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1.diff.gz
      Size/MD5:     5641 3dafdf50218a6269ef6fddcc0a21e6f8
    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1.dsc
      Size/MD5:     1359 1023698785011a4d5ea940e4a88dbb50
    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11.orig.tar.gz
      Size/MD5:   167331 6afa95aec70e4c5934268cff0443f89c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_amd64.deb
      Size/MD5:    82752 e6bcc7f9620e5e41db0358fb83b5aa0a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_i386.deb
      Size/MD5:    77646 0f0464056a785b77388bec0f4b6999ef

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_lpia.deb
      Size/MD5:    77802 3953c9bc7c276e9e9796f9beaa6c809a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_powerpc.deb
      Size/MD5:    85848 1ad664271069cfc80ddfea5d79f54910

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_sparc.deb
      Size/MD5:    82060 e7d8269582cd2e0e0616a84199cc5f62

Updated packages for Ubuntu 10.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1.diff.gz
      Size/MD5:     5701 a4a8c25123f44e6f975775b651a851ad
    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1.dsc
      Size/MD5:     1285 3fad39f6fd7c4354e2197a28d799222c
    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12.orig.tar.gz
      Size/MD5:   168196 0925fb516cdf6b2207138781a4b3076e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_amd64.deb
      Size/MD5:    90440 21750b0a43906006e18fb0a57cbb861b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_i386.deb
      Size/MD5:    85282 b229656ab335dc77d682b195e3021e06

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_powerpc.deb
      Size/MD5:    93626 c5d5b932dddb9b78c90c87478c14878c

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_sparc.deb
      Size/MD5:    91402 fc79245fa0cbc7719c7dd9b28776af09




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Google Releases Open Source Tool for Testing Web App Security Scanners
Most Targeted Attacks Exploit Privileged Accounts
NotCompable sets new standards for mobile botnet sophistication
Hands on with Caine Linux: Pentesting and UEFI compatible
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.