=========================================================== Ubuntu Security Notice USN-550-2 December 10, 2007 libcairo regression https://launchpad.net/bugs/NNNNNN =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.04: libcairo2 1.4.2-0ubuntu1.2 Ubuntu 7.10: libcairo2 1.4.10-1ubuntu4.2 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: USN-550-1 fixed vulnerabilities in Cairo. The upstream fixes were incomplete, and under certain situations, applications using Cairo would crash with a floating point error. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with user privileges. Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.2-0ubuntu1.2.diff.gz Size/MD5: 29170 a64d5accaf670a3a042a0716291394d7 http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.2-0ubuntu1.2.dsc Size/MD5: 980 f4568de7fd8d8e64448dd1132927061f http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.2.orig.tar.gz Size/MD5: 3081092 b254633046eafe603776d0bee791b751 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-doc_1.4.2-0ubuntu1.2_all.deb Size/MD5: 329056 b1575fd670eb3855e96edf52f3cf7ab0 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.2_amd64.deb Size/MD5: 515040 59fc61a32d6c5ca65df42f268268f379 http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.2_amd64.deb Size/MD5: 430266 6d63671bf6d432855a177a76cab4f1d0 http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.2_amd64.deb Size/MD5: 537122 59f7f0831b4553b99b533958b2a5637d http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.2_amd64.deb Size/MD5: 446134 17a75ebfeaa43eca5075260f7322e604 http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.2_amd64.udeb Size/MD5: 214084 e25a10d4d4e773a7a6a81e4222116497 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.2_i386.deb Size/MD5: 488790 979721dacfc63ff1e87c97d104355108 http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.2_i386.deb Size/MD5: 420138 074aafcb523bc8b393ff13513ed94f81 http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.2_i386.deb Size/MD5: 508712 6a177d9cffabeb7b46d0b1b1d83408bd http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.2_i386.deb Size/MD5: 435692 ff8716999c992cde0d53c0a4cd7776fb http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.2_i386.udeb Size/MD5: 204116 519465ff73b0dead2e18ecef8090c41f powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.2_powerpc.deb Size/MD5: 498406 cac5ffc403e3d286be56aa4c7dfcac03 http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.2_powerpc.deb Size/MD5: 422954 313dccc5f8880eb99d2bd520dd6b1981 http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.2_powerpc.deb Size/MD5: 520498 0c0472153c4b798e2219c3e72643818a http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.2_powerpc.deb Size/MD5: 438856 645c36b71f069a29c78e71517ebc9253 http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.2_powerpc.udeb Size/MD5: 206976 d4d191ab373dae4bc9b61b4c72aefef4 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.2_sparc.deb Size/MD5: 472108 0317c9ca17ab5428f9e1f359cfb2fa06 http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.2_sparc.deb Size/MD5: 402336 44be030c98706251b3e414f3e89a9154 http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.2_sparc.deb Size/MD5: 492324 634481a6f873ae9c00b8b1a416b4ea7e http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.2_sparc.deb Size/MD5: 417212 f96fd87530823ee7aa2e6870049eb45f http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.2_sparc.udeb Size/MD5: 186296 42df2b3d472069e4918a717c964ba7f7 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.10-1ubuntu4.2.diff.gz Size/MD5: 35820 a5dae2b600de79eb6d6cd7c0df613554 http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.10-1ubuntu4.2.dsc Size/MD5: 1013 8474af5f122f83ab1f75f9ea3f8d354e http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.10.orig.tar.gz Size/MD5: 3216689 5598a5e500ad922e37b159dee72fc993 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-doc_1.4.10-1ubuntu4.2_all.deb Size/MD5: 407696 c269f047a06167c111ee0a11365cc1ea amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.2_amd64.deb Size/MD5: 572210 a9642cb123ccf6312916e22c27a6e3a9 http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.2_amd64.deb Size/MD5: 489124 4924ec45a4eea3a3a275f002415653e2 http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.2_amd64.deb Size/MD5: 632822 07662831762f20e50139b5c950731f58 http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.2_amd64.deb Size/MD5: 536922 99d1a0202e50db78c0c4646859fea13f http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.2_amd64.udeb Size/MD5: 195802 c81baf7740526b9ed2264ab2d5be8bc0 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.2_i386.deb Size/MD5: 546548 529e9341682d12e757d0e5dc686cc6ec http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.2_i386.deb Size/MD5: 479746 5769a4e61e6422cc12839ff17925de9f http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.2_i386.deb Size/MD5: 601216 d54be2b3a904bfa20af22b69d8fd21ea http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.2_i386.deb Size/MD5: 524124 53f686c49d846e1afe5e8f89115fa1d2 http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.2_i386.udeb Size/MD5: 186428 c84079451a7bfc3b85c34238aa3c78ce powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.2_powerpc.deb Size/MD5: 554832 1de0e3112f48e32b64840429ba621e23 http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.2_powerpc.deb Size/MD5: 479018 4980ba793084c17f733f40bbf8e4f15e http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.2_powerpc.deb Size/MD5: 613880 9a7e834124d8a124f8408ed89f2353da http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.2_powerpc.deb Size/MD5: 528508 5ae830818a92c4838fc3951485431530 http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.2_powerpc.udeb Size/MD5: 186266 098d9b7df582a4ecb9bdf77831c4336a sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.2_sparc.deb Size/MD5: 543772 e1ea0f5cb6745b0272a6c4d4aeb239e3 http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.2_sparc.deb Size/MD5: 471248 a8e5991f36e20b71e6213d6c44031e37 http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.2_sparc.deb Size/MD5: 584786 affc097d3d1a068fd5fd7f80d13005c0 http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.2_sparc.deb Size/MD5: 505364 0a59d599ca6fb9f8047d35745c0d0db3 http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.2_sparc.udeb Size/MD5: 177688 f2705635217a2476cadc8b6dc5b9eae6