==========================================================================
Ubuntu Security Notice USN-3962-1
April 30, 2019
libpng1.6 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.10
– Ubuntu 18.04 LTS
Summary:
libpng be made to crash or run programs if it opened a specially crafted
file.
Software Description:
– libpng1.6: PNG (Portable Network Graphics) file library
Details:
It was discovered that libpng incorrectly handled certain memory
operations. If a user or automated system were tricked into opening a
specially crafted PNG file, a remote attacker could use this issue to
cause libpng to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
libpng16-16 1.6.34-2ubuntu0.1
Ubuntu 18.04 LTS:
libpng16-16 1.6.34-1ubuntu0.18.04.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3962-1
CVE-2019-7317
Package Information:
https://launchpad.net/ubuntu/+source/libpng1.6/1.6.34-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libpng1.6/1.6.34-1ubuntu0.18.04.2
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlzIkloACgkQZWnYVadE
vpNcZQ/9EIU1JZC1d+Nmk4PtWm+mV9Y18DklnbMQOyxbPqX7B3puoLY4Y4l3Bo1q
k7Yzk2S8eOb5CzWrLi3aDw28Cfe8RJ2jCmk9G8rT0qZFn6PpI6eE3ho02f30WLI6
rdvN+wMsH/OPArfJdsZ0LzgMWJlSwumf/d2Shupr2/kvNd481apZjbWSo8ZJNvcV
G2po9mSQLkV12sgdxmUbXLSEXYFsaBFrFIJuisoGxmW4M7dt2APz8/WxGo4g/xxD
lkT8Z4LY3YFNZgChfyzYcRZuMsNMzKSl6IUs8nviCy7GFSS3PMYoRceLOy8T2LE0
Db2Ttwveb31gdu+bqpOg5e4p7xlUM0HrWQuM6fb8dHv7NjQUeWeGkD0E6l2jCSJ9
Of8FY8MjQ5LfTa1hqCpre0dmn3W8LgdG9fl/3BVxFVj35r0TF0bkeuRXSHQsTadE
huJNdao3LIzd7w71ZSG7s0xTDEkXPIyxOlsnBYgUoBidj8nFFzvoLVoniLmWDI7v
E/1wuQI4lPngpsCfHdNWCPkd//o6cqGd6O3lwwt+z0ovfKz54E91TWBDPIsRyzwV
6gXEGsxvqRPhliLZjrhk5Ztqz1JCZb7ofxxkg1gwcNRNE9Btr5Z77yjXe639ewHj
ezq2KoHp57+/RGjEBMyUOB6cyTrB/1xTaPBAxgoRVIOWaYN1ZlE=
=0d2T
—–END PGP SIGNATURE—–
—