exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice 936-1

Ubuntu Security Notice 936-1
Posted May 7, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 936-1 - Dan Rosenberg discovered that dvipng incorrectly handled certain malformed dvi files. If a user or automated system were tricked into processing a specially crafted dvi file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-0829
SHA-256 | 23e1806e667e375ce224dd1551dd81e163a77a4b0d3c96e6310f8689450dcab6
Download | Favorite | View

Ubuntu Security Notice 936-1

Change Mirror Download
===========================================================
Ubuntu Security Notice USN-936-1               May 06, 2010
dvipng vulnerability
CVE-2010-0829
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
  dvipng                          1.11-1ubuntu0.9.04.1

Ubuntu 9.10:
  dvipng                          1.11-1ubuntu0.9.10.1

Ubuntu 10.04 LTS:
  dvipng                          1.12-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

Details follow:

Dan Rosenberg discovered that dvipng incorrectly handled certain malformed
dvi files. If a user or automated system were tricked into processing a
specially crafted dvi file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program.


Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1.diff.gz
      Size/MD5:     5637 dabdea489ab5eb30b69d29a32b25a8d3
    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1.dsc
      Size/MD5:     1359 639e1723ccc0ff923d3172d43bc62d41
    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11.orig.tar.gz
      Size/MD5:   167331 6afa95aec70e4c5934268cff0443f89c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_amd64.deb
      Size/MD5:    81990 37a793d70ba97eb31c2905b1ccc5022e

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_i386.deb
      Size/MD5:    78506 49d6f36271ae60ef9de6d51c64758c12

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_lpia.deb
      Size/MD5:    78906 ed6c1393fbab607bc0a74823a771f438

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_powerpc.deb
      Size/MD5:    86220 048fecd5ab09ad94bc6478bcb32d6d8a

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_sparc.deb
      Size/MD5:    80010 a4b43b1a6213ecc7355ab2956459c87b

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1.diff.gz
      Size/MD5:     5641 3dafdf50218a6269ef6fddcc0a21e6f8
    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1.dsc
      Size/MD5:     1359 1023698785011a4d5ea940e4a88dbb50
    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11.orig.tar.gz
      Size/MD5:   167331 6afa95aec70e4c5934268cff0443f89c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_amd64.deb
      Size/MD5:    82752 e6bcc7f9620e5e41db0358fb83b5aa0a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_i386.deb
      Size/MD5:    77646 0f0464056a785b77388bec0f4b6999ef

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_lpia.deb
      Size/MD5:    77802 3953c9bc7c276e9e9796f9beaa6c809a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_powerpc.deb
      Size/MD5:    85848 1ad664271069cfc80ddfea5d79f54910

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_sparc.deb
      Size/MD5:    82060 e7d8269582cd2e0e0616a84199cc5f62

Updated packages for Ubuntu 10.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1.diff.gz
      Size/MD5:     5701 a4a8c25123f44e6f975775b651a851ad
    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1.dsc
      Size/MD5:     1285 3fad39f6fd7c4354e2197a28d799222c
    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12.orig.tar.gz
      Size/MD5:   168196 0925fb516cdf6b2207138781a4b3076e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_amd64.deb
      Size/MD5:    90440 21750b0a43906006e18fb0a57cbb861b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_i386.deb
      Size/MD5:    85282 b229656ab335dc77d682b195e3021e06

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_powerpc.deb
      Size/MD5:    93626 c5d5b932dddb9b78c90c87478c14878c

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_sparc.deb
      Size/MD5:    91402 fc79245fa0cbc7719c7dd9b28776af09



Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close