==========================================================================
Ubuntu Security Notice USN-3712-1
July 11, 2018
libpng, libpng1.6 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in libpng.
Software Description:
– libpng1.6: PNG library – development (version 1.6)
– libpng: PNG (Portable Network Graphics) file library
Details:
Patrick Keshishian discovered that libpng incorrectly handled certain
PNG files. An attacker could possibly use this to cause a denial of
service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04
LTS. (CVE-2016-10087)
Thuan Pham discovered that libpng incorrectly handled certain PNG
files. An attacker could possibly use this to cause a denial of
service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS.
(CVE-2018-13785)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
libpng16-16 1.6.34-1ubuntu0.18.04.1
Ubuntu 17.10:
libpng16-16 1.6.34-1ubuntu0.17.10.1
Ubuntu 16.04 LTS:
libpng12-0 1.2.54-1ubuntu1.1
Ubuntu 14.04 LTS:
libpng12-0 1.2.50-1ubuntu2.14.04.3
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3712-1
CVE-2016-10087, CVE-2018-13785
Package Information:
https://launchpad.net/ubuntu/+source/libpng1.6/1.6.34-1ubuntu0.18.04.
1
https://launchpad.net/ubuntu/+source/libpng1.6/1.6.34-1ubuntu0.17.10.
1
https://launchpad.net/ubuntu/+source/libpng/1.2.54-1ubuntu1.1
https://launchpad.net/ubuntu/+source/libpng/1.2.50-1ubuntu2.14.04.3—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJbRh7GAAoJEEW851uECx9pIJ4P/0sGcUThkq5qQR7TWu+hWx1b
86BjPkdYk+acOJB+kmYo7elzWcmsf4DiERQ/MrmBLah955Y4sg2FNo+yt7MfNWlP
gMX0D2N3T14zrfI+ZoCDWrBD4Qc6byQJ7FMUIBssP2i5odfm9Av6xxHURKpUOXB1
L7x25TIhPtEncWish8CEKbSYD/lb04Qrn1sQJa7JkkGgOaD2qB3EhWxZObyUkCrc
XkIhNAM52bhNFCQTqDUDjoIJWPXyOCEztvsdoAOCoBchtxLUz53fQW6VxBxczl8e
eLOwBlxhPidiMl9Rbe0qJA9fG3G9G87z+sJODPZtfvcvHpIEFv9YME9SQKJwpflq
EvlOSFptPEqJf55NOH2y0jC06RJSQF246vsSdhw2B+zgxDL2rSc15EqhRYeY/LWm
48qgIqP7T5oJAelKwuSiuvFdbj2k9/mK0WKyWqE0HntsnYF2ecAfgL+nHwiN3yfV
bHIWSxn0B7BRgyregXiphK3LJ6iSxoCL647p4epD5Y1zdYKlwG8w1TieOteJ1dft
fDO/Scgr8gyPZw2BHz+59Z6kKw3Tca46lyO97L22ggUxeVrlRAbfkpT21BY4qf7B
jsgNjuGLvfQIPJTZ91zsIpLZQIe+I6MjwZYCl9gyP8f3To42X1039c50kjcy6Ne1
y4vjZiW+2Z38xY9ZWJ18
=gF7Z
—–END PGP SIGNATURE—–
—
==========================================================================
Ubuntu Security Notice USN-3712-2
July 11, 2018
libpng vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 ESM
Summary:
libpng could be made to crash if it received a specially crafted file.
Software Description:
– libpng: PNG (Portable Network Graphics) file library
Details:
USN-3712-1 fixed a vulnerability in libpng. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Patrick Keshishian discovered that libpng incorrectly handled certain
PNG files. An attacker could possibly use this to cause a denial of
service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
libpng12-0 1.2.46-3ubuntu4.3
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3712-2
https://usn.ubuntu.com/usn/usn-3712-1
CVE-2016-10087—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJbRik9AAoJEEW851uECx9pzawP/2gjnQ5nYS41dr5IFVPdkVxh
peiI4rxxgoaSGNxEP+E3erluqqzaAzYL3YMdv7uAqUGZmoitbfINZTWndPCgIurV
wAxvDXTpjjJPqAVZl7ccIADEtESu0ayCW1xm/f1NUkhdoOWhZ9n39PtD6djKQqUB
vvSAnRrHUGIdJ+am2q/Bc393qZQAzGUHceV2L6FPec4no+i3vKl+HLaytjjLcrJv
QBanv0Lkb36ZCsnv97nMBWx960sgSh47wGfUgEsQQNt9OxDhSu+oBnb9wFPADfxs
AZmk3zsUW27IlVWAZlq9Jw1UkEDJP78Iufmk6dMGBwmtwfa0mI7I0oj9gmKdPwAA
eY8I7qto4v/bDpj8xPIXfTn4N72bZvL/L8tDfpyS2uiaxFAV04zDeUQDADE4F4D7
iT2UWPLn5lxOAeLz24bOIkxITkFYsn8W7ybRgmuOfh1Sjdjp6dD0IohckJvuV8Y0
Wrn9TF4CGVpfp3PB3qr796V+RHf7s72i8jafyG7kYsE7dYOCzhl88f8ulfOVLFAf
ErGeJhqnnNxciApOQAopnzDlglxzuD15f382oVrJQlyG2idDq+m1QjaT4z4N/4Ta
iSaoAorX1dqG+wkpPCWqUs+DIpV02IuRR94skRzEkJijYWKHILPS3HiuGRZBbWP1
qcnP0q9fpFiaAHTxH47Z
=gEG6
—–END PGP SIGNATURE—–
—