Home / vulnerabilitiesPDF  

USN-550-3.txt

Posted on 14 December 2007
Source : packetstormsecurity.org Link

 

===========================================================
Ubuntu Security Notice USN-550-3 December 13, 2007
libcairo regression
https://launchpad.net/bugs/175573
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libcairo2 1.0.4-0ubuntu1.2

Ubuntu 6.10:
libcairo2 1.2.4-1ubuntu2.2

Ubuntu 7.04:
libcairo2 1.4.2-0ubuntu1.3

Ubuntu 7.10:
libcairo2 1.4.10-1ubuntu4.4

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

USN-550-1 fixed vulnerabilities in Cairo. A bug in font glyph rendering
was uncovered as a result of the new memory allocation routines. In
certain situations, fonts containing characters with no width or height
would not render any more. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Peter Valchev discovered that Cairo did not correctly decode PNG image data.
By tricking a user or automated system into processing a specially crafted
PNG with Cairo, a remote attacker could execute arbitrary code with user
privileges.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.0.4-0ubuntu1.2.diff.gz
Size/MD5: 21759 e41fe630a06c82f9a7f977ace3b72098
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.0.4-0ubuntu1.2.dsc
Size/MD5: 758 6c51cf24a74fedd37809e4cc1a7b2f9d
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.0.4.orig.tar.gz
Size/MD5: 1475777 9002b0e69b3f94831a22d3f2a7735ce2

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-doc_1.0.4-0ubuntu1.2_all.deb
Size/MD5: 249090 b47a8a55394e4d80991ee7e113a7319a

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.0.4-0ubuntu1.2_amd64.deb
Size/MD5: 379432 db1755dd03cb6872c8812fb95a70fda6
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.0.4-0ubuntu1.2_amd64.deb
Size/MD5: 325784 6aa35609e35bd3e585f9c2d8676c41ed

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.0.4-0ubuntu1.2_i386.deb
Size/MD5: 349960 c7e8786bf619a5b56ccdc52476495e23
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.0.4-0ubuntu1.2_i386.deb
Size/MD5: 306244 a8b8718de3cae9481c414f8f02ba5353

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.0.4-0ubuntu1.2_powerpc.deb
Size/MD5: 358940 13a0175de8bc77610a04cba052096d52
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.0.4-0ubuntu1.2_powerpc.deb
Size/MD5: 310650 e85d295192c6f6e519d20cd28688f173

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.0.4-0ubuntu1.2_sparc.deb
Size/MD5: 345040 40d3cccf5874925daa67421ee0ab90dc
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.0.4-0ubuntu1.2_sparc.deb
Size/MD5: 300000 90be630d2e3fcaa03ba18169c5f7a40c

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.2.4-1ubuntu2.2.diff.gz
Size/MD5: 25217 b27d11953aa5ffdb1820ebd03c18c701
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.2.4-1ubuntu2.2.dsc
Size/MD5: 896 6b639fbaa3718b35a0f51f23ac086788
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.2.4.orig.tar.gz
Size/MD5: 2882781 1222b2bfdf113e2c92f66b3389659f2d

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-doc_1.2.4-1ubuntu2.2_all.deb
Size/MD5: 299434 a8124a9014a71d7586d9f4bb45ad1977

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-1ubuntu2.2_amd64.deb
Size/MD5: 416962 a27dbbca13a988d71677e8ac099095ad
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.2.4-1ubuntu2.2_amd64.deb
Size/MD5: 356808 1cc7ed2a382a28f2957a307c40fb9d0a
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.2.4-1ubuntu2.2_amd64.deb
Size/MD5: 471606 c147c040284d2780e76a3ecc0bb7b19a
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.2.4-1ubuntu2.2_amd64.deb
Size/MD5: 395860 de175306f72fd05d9455d742ffa37e59
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.2.4-1ubuntu2.2_amd64.udeb
Size/MD5: 158538 42e94f99b1cccb1a95f9fc3cdb6cfa17

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-1ubuntu2.2_i386.deb
Size/MD5: 399782 f0c7f8196fd61e6b92a505c3261ed972
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.2.4-1ubuntu2.2_i386.deb
Size/MD5: 348336 c2914ccbbde0afd38d9118c4bdccd977
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.2.4-1ubuntu2.2_i386.deb
Size/MD5: 446514 8c1c1ee01f3becf3e461f25792c1d017
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.2.4-1ubuntu2.2_i386.deb
Size/MD5: 385636 2b838294cc98af8002ba7f449f3b548d
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.2.4-1ubuntu2.2_i386.udeb
Size/MD5: 150090 7a70e041387b1af79661c5aeff7202f6

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-1ubuntu2.2_powerpc.deb
Size/MD5: 401070 34786d08cd917bd16e07cf225987a620
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.2.4-1ubuntu2.2_powerpc.deb
Size/MD5: 345396 a47e32ca6af8e3ad2790e361253a97f6
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.2.4-1ubuntu2.2_powerpc.deb
Size/MD5: 455332 50fb017f4eef8d65a6a6e2ebe757f1ea
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.2.4-1ubuntu2.2_powerpc.deb
Size/MD5: 383174 61d2144a7d06c05683bcb92365aa8a9d
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.2.4-1ubuntu2.2_powerpc.udeb
Size/MD5: 146982 7d8afc1573aba11efb65584f7cd5f059

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-1ubuntu2.2_sparc.deb
Size/MD5: 383912 c623fd762b477c37fcaa1ca2bcb18cf0
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.2.4-1ubuntu2.2_sparc.deb
Size/MD5: 333300 3c780eaba574fbed0bcf1ace23f2df54
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.2.4-1ubuntu2.2_sparc.deb
Size/MD5: 432132 ced7984d0cb0caf9652c4f75b521797e
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.2.4-1ubuntu2.2_sparc.deb
Size/MD5: 369110 e1a57ff50fa5719fbeef537c7cab2b8c
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.2.4-1ubuntu2.2_sparc.udeb
Size/MD5: 135032 bb15b511c6ba0b5af0d393abf7c1574a

Updated packages for Ubuntu 7.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.2-0ubuntu1.3.diff.gz
Size/MD5: 29768 4a876d28110b1a3424f13da8203b156a
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.2-0ubuntu1.3.dsc
Size/MD5: 980 60227257968f24dbd908b70cfd998a0a
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.2.orig.tar.gz
Size/MD5: 3081092 b254633046eafe603776d0bee791b751

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-doc_1.4.2-0ubuntu1.3_all.deb
Size/MD5: 329292 5a2ef8b496d2b39e7c0a30f56a5ec4b2

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.3_amd64.deb
Size/MD5: 515290 dc95d2e57e217895efad772edf0e2b78
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.3_amd64.deb
Size/MD5: 430516 5283fd6ecfcbe75a8c6e7a0178074292
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.3_amd64.deb
Size/MD5: 537344 c9a42b6ed850f3b2aebbb76ab06eee84
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.3_amd64.deb
Size/MD5: 446332 9a87b277055410f469e38247e3fddc02
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.3_amd64.udeb
Size/MD5: 214120 928e936dd1345e82af7639a4e7f063cd

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.3_i386.deb
Size/MD5: 489076 b7e1ebf69179067c25fb6f30f5cf527e
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.3_i386.deb
Size/MD5: 420370 dab0ec21be7bc7ff5dca987465f266aa
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.3_i386.deb
Size/MD5: 508982 569e7c392ea3a3496891390bc9ee7165
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.3_i386.deb
Size/MD5: 435944 7bc22d4300415b54adbd0288c8821170
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.3_i386.udeb
Size/MD5: 204148 ae40b67f9ea8d8103bdb15ae38645dbc

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.3_powerpc.deb
Size/MD5: 498570 11f55dc91143a6d0c23bdcf668ab8329
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.3_powerpc.deb
Size/MD5: 423184 843707e16edccb864293512f6b39c3b2
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.3_powerpc.deb
Size/MD5: 520668 d56ec59cfb635d7be49f394b78e1cd48
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.3_powerpc.deb
Size/MD5: 439108 25879c0110630948fbb77a823be74a41
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.3_powerpc.udeb
Size/MD5: 206988 ca62a53a772092f28e6b1f9fa824711a

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.3_sparc.deb
Size/MD5: 472324 99f77ed05576732e8ee73d7d096fed44
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.3_sparc.deb
Size/MD5: 402526 a8e53a33b1c4d3ee50bde4527a9cefc2
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.3_sparc.deb
Size/MD5: 492546 43b46a92a315073d18cc951826ad4956
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.3_sparc.deb
Size/MD5: 417468 6c85ab3d1c3bdb8499eb612c419b9739
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.3_sparc.udeb
Size/MD5: 186278 ef8b4a646415a911ff870b2a5b6e16ed

Updated packages for Ubuntu 7.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.10-1ubuntu4.4.diff.gz
Size/MD5: 36111 6c63566f300719be4da7a0bcac09075d
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.10-1ubuntu4.4.dsc
Size/MD5: 1013 a988294356e56089f185f29bdcb5ae0d
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.10.orig.tar.gz
Size/MD5: 3216689 5598a5e500ad922e37b159dee72fc993

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-doc_1.4.10-1ubuntu4.4_all.deb
Size/MD5: 407892 1e9ad8fa3de85f6f2f50f3278928f341

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.4_amd64.deb
Size/MD5: 572456 992d9deed2678d330b6c0d254f775dae
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.4_amd64.deb
Size/MD5: 489386 dbe2ea733a7c072891269551aa7177ba
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.4_amd64.deb
Size/MD5: 633054 94340a3751ba5b35911a34b42d0b53c3
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.4_amd64.deb
Size/MD5: 537180 ba458194ce4234a1e7735e34705c998d
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.4_amd64.udeb
Size/MD5: 195868 d288b4d3a3feb119a20595ccec9cd6f8

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.4_i386.deb
Size/MD5: 546768 ce0e739d1d19d8fc29c88d72bbfa5b6c
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.4_i386.deb
Size/MD5: 479970 798eb7fc786c5d0759215f462252c8df
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.4_i386.deb
Size/MD5: 601468 ef0f0772ab913e8695b53dccb56494b6
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.4_i386.deb
Size/MD5: 524340 a418f4341d95ed191415b5d2365bd586
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.4_i386.udeb
Size/MD5: 186454 8485e6b8030f52f62c6a905cab3352e1

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.4_powerpc.deb
Size/MD5: 555094 258ea4c57683624d80c8cb8e6c544b70
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.4_powerpc.deb
Size/MD5: 479242 e23bc3b619bc533d25eb9873bb6e68b4
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.4_powerpc.deb
Size/MD5: 614090 cd5520db5b878821d52ed13ad69747b7
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.4_powerpc.deb
Size/MD5: 528694 5416ec8f3f67c509fc52b3f01f22b96b
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.4_powerpc.udeb
Size/MD5: 186298 b6a9fd722001d6fcd0987b3a88503f99

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.4_sparc.deb
Size/MD5: 543968 126b4d740f9ad684c6e47c286b87afc8
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.4_sparc.deb
Size/MD5: 471474 e897822f36019d17501472bc9b6c4791
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.4_sparc.deb
Size/MD5: 585030 c0cf996cb88ed74b0886f76ec35cc7b7
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.4_sparc.deb
Size/MD5: 505554 f20daf037a08ad67b818c98ad7717bea
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.4_sparc.udeb
Size/MD5: 177700 79888f6855ad4b9b64741c955b0581fd

 

TOP