You are here
Home > Preporuke > Sigurnosni nedostaci programskih biblioteka libpng i libpng1.6

Sigurnosni nedostaci programskih biblioteka libpng i libpng1.6

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3712-1
July 11, 2018

libpng, libpng1.6 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in libpng.

Software Description:
– libpng1.6: PNG library – development (version 1.6)
– libpng: PNG (Portable Network Graphics) file library

Details:

Patrick Keshishian discovered that libpng incorrectly handled certain
PNG files. An attacker could possibly use this to cause a denial of
service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04
LTS. (CVE-2016-10087)

Thuan Pham discovered that libpng incorrectly handled certain PNG
files. An attacker could possibly use this to cause a denial of
service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS.
(CVE-2018-13785)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
libpng16-16                     1.6.34-1ubuntu0.18.04.1

Ubuntu 17.10:
libpng16-16                     1.6.34-1ubuntu0.17.10.1

Ubuntu 16.04 LTS:
libpng12-0                      1.2.54-1ubuntu1.1

Ubuntu 14.04 LTS:
libpng12-0                      1.2.50-1ubuntu2.14.04.3

In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-3712-1
CVE-2016-10087, CVE-2018-13785

Package Information:
https://launchpad.net/ubuntu/+source/libpng1.6/1.6.34-1ubuntu0.18.04.
1
https://launchpad.net/ubuntu/+source/libpng1.6/1.6.34-1ubuntu0.17.10.
1
https://launchpad.net/ubuntu/+source/libpng/1.2.54-1ubuntu1.1
https://launchpad.net/ubuntu/+source/libpng/1.2.50-1ubuntu2.14.04.3—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJbRh7GAAoJEEW851uECx9pIJ4P/0sGcUThkq5qQR7TWu+hWx1b
86BjPkdYk+acOJB+kmYo7elzWcmsf4DiERQ/MrmBLah955Y4sg2FNo+yt7MfNWlP
gMX0D2N3T14zrfI+ZoCDWrBD4Qc6byQJ7FMUIBssP2i5odfm9Av6xxHURKpUOXB1
L7x25TIhPtEncWish8CEKbSYD/lb04Qrn1sQJa7JkkGgOaD2qB3EhWxZObyUkCrc
XkIhNAM52bhNFCQTqDUDjoIJWPXyOCEztvsdoAOCoBchtxLUz53fQW6VxBxczl8e
eLOwBlxhPidiMl9Rbe0qJA9fG3G9G87z+sJODPZtfvcvHpIEFv9YME9SQKJwpflq
EvlOSFptPEqJf55NOH2y0jC06RJSQF246vsSdhw2B+zgxDL2rSc15EqhRYeY/LWm
48qgIqP7T5oJAelKwuSiuvFdbj2k9/mK0WKyWqE0HntsnYF2ecAfgL+nHwiN3yfV
bHIWSxn0B7BRgyregXiphK3LJ6iSxoCL647p4epD5Y1zdYKlwG8w1TieOteJ1dft
fDO/Scgr8gyPZw2BHz+59Z6kKw3Tca46lyO97L22ggUxeVrlRAbfkpT21BY4qf7B
jsgNjuGLvfQIPJTZ91zsIpLZQIe+I6MjwZYCl9gyP8f3To42X1039c50kjcy6Ne1
y4vjZiW+2Z38xY9ZWJ18
=gF7Z
—–END PGP SIGNATURE—–

==========================================================================
Ubuntu Security Notice USN-3712-2
July 11, 2018

libpng vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

libpng could be made to crash if it received a specially crafted file.

Software Description:
– libpng: PNG (Portable Network Graphics) file library

Details:

USN-3712-1 fixed a vulnerability in libpng. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Patrick Keshishian discovered that libpng incorrectly handled certain
PNG files. An attacker could possibly use this to cause a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
libpng12-0                      1.2.46-3ubuntu4.3

In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-3712-2
https://usn.ubuntu.com/usn/usn-3712-1
CVE-2016-10087—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJbRik9AAoJEEW851uECx9pzawP/2gjnQ5nYS41dr5IFVPdkVxh
peiI4rxxgoaSGNxEP+E3erluqqzaAzYL3YMdv7uAqUGZmoitbfINZTWndPCgIurV
wAxvDXTpjjJPqAVZl7ccIADEtESu0ayCW1xm/f1NUkhdoOWhZ9n39PtD6djKQqUB
vvSAnRrHUGIdJ+am2q/Bc393qZQAzGUHceV2L6FPec4no+i3vKl+HLaytjjLcrJv
QBanv0Lkb36ZCsnv97nMBWx960sgSh47wGfUgEsQQNt9OxDhSu+oBnb9wFPADfxs
AZmk3zsUW27IlVWAZlq9Jw1UkEDJP78Iufmk6dMGBwmtwfa0mI7I0oj9gmKdPwAA
eY8I7qto4v/bDpj8xPIXfTn4N72bZvL/L8tDfpyS2uiaxFAV04zDeUQDADE4F4D7
iT2UWPLn5lxOAeLz24bOIkxITkFYsn8W7ybRgmuOfh1Sjdjp6dD0IohckJvuV8Y0
Wrn9TF4CGVpfp3PB3qr796V+RHf7s72i8jafyG7kYsE7dYOCzhl88f8ulfOVLFAf
ErGeJhqnnNxciApOQAopnzDlglxzuD15f382oVrJQlyG2idDq+m1QjaT4z4N/4Ta
iSaoAorX1dqG+wkpPCWqUs+DIpV02IuRR94skRzEkJijYWKHILPS3HiuGRZBbWP1
qcnP0q9fpFiaAHTxH47Z
=gEG6
—–END PGP SIGNATURE—–

AutorZvonimir Bosnjak
Cert idNCERT-REF-2018-07-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa cups

Otkriveni su sigurnosni nedostaci u programskom paketu cups za operacijski sustav Debian. Otkriveni nedostaci potencijalnim napadačima omogućuju izvršavanje proizvoljnog programskog...

Close