USN-936-1: dvipng vulnerability
Posted on: 05/06/2010 02:40 PM

A new dvipng vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-936-1 May 06, 2010
dvipng vulnerability
CVE-2010-0829
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
dvipng 1.11-1ubuntu0.9.04.1

Ubuntu 9.10:
dvipng 1.11-1ubuntu0.9.10.1

Ubuntu 10.04 LTS:
dvipng 1.12-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

Details follow:

Dan Rosenberg discovered that dvipng incorrectly handled certain malformed
dvi files. If a user or automated system were tricked into processing a
specially crafted dvi file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program.


Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubunt=
u0.9.04.1.diff.gz
Size/MD5: 5637 dabdea489ab5eb30b69d29a32b25a8d3
http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubunt=
u0.9.04.1.dsc
Size/MD5: 1359 639e1723ccc0ff923d3172d43bc62d41
http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11.orig.t=
ar.gz
Size/MD5: 167331 6afa95aec70e4c5934268cff0443f89c

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubunt=
u0.9.04.1_amd64.deb
Size/MD5: 81990 37a793d70ba97eb31c2905b1ccc5022e

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubunt=
u0.9.04.1_i386.deb
Size/MD5: 78506 49d6f36271ae60ef9de6d51c64758c12

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_=
lpia.deb
Size/MD5: 78906 ed6c1393fbab607bc0a74823a771f438

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_=
powerpc.deb
Size/MD5: 86220 048fecd5ab09ad94bc6478bcb32d6d8a

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_=
sparc.deb
Size/MD5: 80010 a4b43b1a6213ecc7355ab2956459c87b

Updated packages for Ubuntu 9.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubunt=
u0.9.10.1.diff.gz
Size/MD5: 5641 3dafdf50218a6269ef6fddcc0a21e6f8
http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubunt=
u0.9.10.1.dsc
Size/MD5: 1359 1023698785011a4d5ea940e4a88dbb50
http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11.orig.t=
ar.gz
Size/MD5: 167331 6afa95aec70e4c5934268cff0443f89c

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubunt=
u0.9.10.1_amd64.deb
Size/MD5: 82752 e6bcc7f9620e5e41db0358fb83b5aa0a

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubunt=
u0.9.10.1_i386.deb
Size/MD5: 77646 0f0464056a785b77388bec0f4b6999ef

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_=
lpia.deb
Size/MD5: 77802 3953c9bc7c276e9e9796f9beaa6c809a

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_=
powerpc.deb
Size/MD5: 85848 1ad664271069cfc80ddfea5d79f54910

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_=
sparc.deb
Size/MD5: 82060 e7d8269582cd2e0e0616a84199cc5f62

Updated packages for Ubuntu 10.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubunt=
u0.1.diff.gz
Size/MD5: 5701 a4a8c25123f44e6f975775b651a851ad
http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubunt=
u0.1.dsc
Size/MD5: 1285 3fad39f6fd7c4354e2197a28d799222c
http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12.orig.t=
ar.gz
Size/MD5: 168196 0925fb516cdf6b2207138781a4b3076e

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubunt=
u0.1_amd64.deb
Size/MD5: 90440 21750b0a43906006e18fb0a57cbb861b

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubunt=
u0.1_i386.deb
Size/MD5: 85282 b229656ab335dc77d682b195e3021e06

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_power=
pc.deb
Size/MD5: 93626 c5d5b932dddb9b78c90c87478c14878c

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_sparc=
.deb
Size/MD5: 91402 fc79245fa0cbc7719c7dd9b28776af09




--=-grhNADConyhkgzPnAthG
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEABECAAYFAkvixWkACgkQLMAs/0C4zNrMngCeKp3yaEwlmzOnW8o0PES55uzT
kBsAn0axIPd7eaNKbsMrXM9LMf9wxxqH
=Job3
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_936_1_dvipng_vulnerability.html)