[USN-550-3] Cairo regression

To: ubuntu-security-announce@xxxxxxxxxxxxxxxx
Subject: [USN-550-3] Cairo regression
From: Kees Cook <kees@xxxxxxxxxx>
Date: Wed, 12 Dec 2007 20:18:42 -0800
Cc: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: Ubuntu
=========================================================== 
Ubuntu Security Notice USN-550-3          December 13, 2007
libcairo regression
https://launchpad.net/bugs/175573
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libcairo2                       1.0.4-0ubuntu1.2

Ubuntu 6.10:
  libcairo2                       1.2.4-1ubuntu2.2

Ubuntu 7.04:
  libcairo2                       1.4.2-0ubuntu1.3

Ubuntu 7.10:
  libcairo2                       1.4.10-1ubuntu4.4

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

USN-550-1 fixed vulnerabilities in Cairo.  A bug in font glyph rendering
was uncovered as a result of the new memory allocation routines.  In
certain situations, fonts containing characters with no width or height
would not render any more.  This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Peter Valchev discovered that Cairo did not correctly decode PNG image data.
 By tricking a user or automated system into processing a specially crafted
 PNG with Cairo, a remote attacker could execute arbitrary code with user
 privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.0.4-0ubuntu1.2.diff.gz
      Size/MD5:    21759 e41fe630a06c82f9a7f977ace3b72098
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.0.4-0ubuntu1.2.dsc
      Size/MD5:      758 6c51cf24a74fedd37809e4cc1a7b2f9d
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.0.4.orig.tar.gz
      Size/MD5:  1475777 9002b0e69b3f94831a22d3f2a7735ce2

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-doc_1.0.4-0ubuntu1.2_all.deb
      Size/MD5:   249090 b47a8a55394e4d80991ee7e113a7319a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.0.4-0ubuntu1.2_amd64.deb
      Size/MD5:   379432 db1755dd03cb6872c8812fb95a70fda6
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.0.4-0ubuntu1.2_amd64.deb
      Size/MD5:   325784 6aa35609e35bd3e585f9c2d8676c41ed

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.0.4-0ubuntu1.2_i386.deb
      Size/MD5:   349960 c7e8786bf619a5b56ccdc52476495e23
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.0.4-0ubuntu1.2_i386.deb
      Size/MD5:   306244 a8b8718de3cae9481c414f8f02ba5353

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.0.4-0ubuntu1.2_powerpc.deb
      Size/MD5:   358940 13a0175de8bc77610a04cba052096d52
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.0.4-0ubuntu1.2_powerpc.deb
      Size/MD5:   310650 e85d295192c6f6e519d20cd28688f173

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.0.4-0ubuntu1.2_sparc.deb
      Size/MD5:   345040 40d3cccf5874925daa67421ee0ab90dc
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.0.4-0ubuntu1.2_sparc.deb
      Size/MD5:   300000 90be630d2e3fcaa03ba18169c5f7a40c

Updated packages for Ubuntu 6.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.2.4-1ubuntu2.2.diff.gz
      Size/MD5:    25217 b27d11953aa5ffdb1820ebd03c18c701
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.2.4-1ubuntu2.2.dsc
      Size/MD5:      896 6b639fbaa3718b35a0f51f23ac086788
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.2.4.orig.tar.gz
      Size/MD5:  2882781 1222b2bfdf113e2c92f66b3389659f2d

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-doc_1.2.4-1ubuntu2.2_all.deb
      Size/MD5:   299434 a8124a9014a71d7586d9f4bb45ad1977

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-1ubuntu2.2_amd64.deb
      Size/MD5:   416962 a27dbbca13a988d71677e8ac099095ad
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.2.4-1ubuntu2.2_amd64.deb
      Size/MD5:   356808 1cc7ed2a382a28f2957a307c40fb9d0a
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.2.4-1ubuntu2.2_amd64.deb
      Size/MD5:   471606 c147c040284d2780e76a3ecc0bb7b19a
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.2.4-1ubuntu2.2_amd64.deb
      Size/MD5:   395860 de175306f72fd05d9455d742ffa37e59
    
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.2.4-1ubuntu2.2_amd64.udeb
      Size/MD5:   158538 42e94f99b1cccb1a95f9fc3cdb6cfa17

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-1ubuntu2.2_i386.deb
      Size/MD5:   399782 f0c7f8196fd61e6b92a505c3261ed972
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.2.4-1ubuntu2.2_i386.deb
      Size/MD5:   348336 c2914ccbbde0afd38d9118c4bdccd977
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.2.4-1ubuntu2.2_i386.deb
      Size/MD5:   446514 8c1c1ee01f3becf3e461f25792c1d017
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.2.4-1ubuntu2.2_i386.deb
      Size/MD5:   385636 2b838294cc98af8002ba7f449f3b548d
    
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.2.4-1ubuntu2.2_i386.udeb
      Size/MD5:   150090 7a70e041387b1af79661c5aeff7202f6

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-1ubuntu2.2_powerpc.deb
      Size/MD5:   401070 34786d08cd917bd16e07cf225987a620
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.2.4-1ubuntu2.2_powerpc.deb
      Size/MD5:   345396 a47e32ca6af8e3ad2790e361253a97f6
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.2.4-1ubuntu2.2_powerpc.deb
      Size/MD5:   455332 50fb017f4eef8d65a6a6e2ebe757f1ea
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.2.4-1ubuntu2.2_powerpc.deb
      Size/MD5:   383174 61d2144a7d06c05683bcb92365aa8a9d
    
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.2.4-1ubuntu2.2_powerpc.udeb
      Size/MD5:   146982 7d8afc1573aba11efb65584f7cd5f059

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-1ubuntu2.2_sparc.deb
      Size/MD5:   383912 c623fd762b477c37fcaa1ca2bcb18cf0
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.2.4-1ubuntu2.2_sparc.deb
      Size/MD5:   333300 3c780eaba574fbed0bcf1ace23f2df54
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.2.4-1ubuntu2.2_sparc.deb
      Size/MD5:   432132 ced7984d0cb0caf9652c4f75b521797e
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.2.4-1ubuntu2.2_sparc.deb
      Size/MD5:   369110 e1a57ff50fa5719fbeef537c7cab2b8c
    
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.2.4-1ubuntu2.2_sparc.udeb
      Size/MD5:   135032 bb15b511c6ba0b5af0d393abf7c1574a

Updated packages for Ubuntu 7.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.2-0ubuntu1.3.diff.gz
      Size/MD5:    29768 4a876d28110b1a3424f13da8203b156a
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.2-0ubuntu1.3.dsc
      Size/MD5:      980 60227257968f24dbd908b70cfd998a0a
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.2.orig.tar.gz
      Size/MD5:  3081092 b254633046eafe603776d0bee791b751

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-doc_1.4.2-0ubuntu1.3_all.deb
      Size/MD5:   329292 5a2ef8b496d2b39e7c0a30f56a5ec4b2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.3_amd64.deb
      Size/MD5:   515290 dc95d2e57e217895efad772edf0e2b78
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.3_amd64.deb
      Size/MD5:   430516 5283fd6ecfcbe75a8c6e7a0178074292
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.3_amd64.deb
      Size/MD5:   537344 c9a42b6ed850f3b2aebbb76ab06eee84
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.3_amd64.deb
      Size/MD5:   446332 9a87b277055410f469e38247e3fddc02
    
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.3_amd64.udeb
      Size/MD5:   214120 928e936dd1345e82af7639a4e7f063cd

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.3_i386.deb
      Size/MD5:   489076 b7e1ebf69179067c25fb6f30f5cf527e
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.3_i386.deb
      Size/MD5:   420370 dab0ec21be7bc7ff5dca987465f266aa
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.3_i386.deb
      Size/MD5:   508982 569e7c392ea3a3496891390bc9ee7165
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.3_i386.deb
      Size/MD5:   435944 7bc22d4300415b54adbd0288c8821170
    
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.3_i386.udeb
      Size/MD5:   204148 ae40b67f9ea8d8103bdb15ae38645dbc

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.3_powerpc.deb
      Size/MD5:   498570 11f55dc91143a6d0c23bdcf668ab8329
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.3_powerpc.deb
      Size/MD5:   423184 843707e16edccb864293512f6b39c3b2
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.3_powerpc.deb
      Size/MD5:   520668 d56ec59cfb635d7be49f394b78e1cd48
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.3_powerpc.deb
      Size/MD5:   439108 25879c0110630948fbb77a823be74a41
    
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.3_powerpc.udeb
      Size/MD5:   206988 ca62a53a772092f28e6b1f9fa824711a

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.2-0ubuntu1.3_sparc.deb
      Size/MD5:   472324 99f77ed05576732e8ee73d7d096fed44
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.2-0ubuntu1.3_sparc.deb
      Size/MD5:   402526 a8e53a33b1c4d3ee50bde4527a9cefc2
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.2-0ubuntu1.3_sparc.deb
      Size/MD5:   492546 43b46a92a315073d18cc951826ad4956
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.2-0ubuntu1.3_sparc.deb
      Size/MD5:   417468 6c85ab3d1c3bdb8499eb612c419b9739
    
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.2-0ubuntu1.3_sparc.udeb
      Size/MD5:   186278 ef8b4a646415a911ff870b2a5b6e16ed

Updated packages for Ubuntu 7.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.10-1ubuntu4.4.diff.gz
      Size/MD5:    36111 6c63566f300719be4da7a0bcac09075d
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.10-1ubuntu4.4.dsc
      Size/MD5:     1013 a988294356e56089f185f29bdcb5ae0d
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo_1.4.10.orig.tar.gz
      Size/MD5:  3216689 5598a5e500ad922e37b159dee72fc993

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-doc_1.4.10-1ubuntu4.4_all.deb
      Size/MD5:   407892 1e9ad8fa3de85f6f2f50f3278928f341

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.4_amd64.deb
      Size/MD5:   572456 992d9deed2678d330b6c0d254f775dae
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.4_amd64.deb
      Size/MD5:   489386 dbe2ea733a7c072891269551aa7177ba
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.4_amd64.deb
      Size/MD5:   633054 94340a3751ba5b35911a34b42d0b53c3
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.4_amd64.deb
      Size/MD5:   537180 ba458194ce4234a1e7735e34705c998d
    
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.4_amd64.udeb
      Size/MD5:   195868 d288b4d3a3feb119a20595ccec9cd6f8

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.4_i386.deb
      Size/MD5:   546768 ce0e739d1d19d8fc29c88d72bbfa5b6c
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.4_i386.deb
      Size/MD5:   479970 798eb7fc786c5d0759215f462252c8df
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.4_i386.deb
      Size/MD5:   601468 ef0f0772ab913e8695b53dccb56494b6
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.4_i386.deb
      Size/MD5:   524340 a418f4341d95ed191415b5d2365bd586
    
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.4_i386.udeb
      Size/MD5:   186454 8485e6b8030f52f62c6a905cab3352e1

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.4_powerpc.deb
      Size/MD5:   555094 258ea4c57683624d80c8cb8e6c544b70
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.4_powerpc.deb
      Size/MD5:   479242 e23bc3b619bc533d25eb9873bb6e68b4
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.4_powerpc.deb
      Size/MD5:   614090 cd5520db5b878821d52ed13ad69747b7
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.4_powerpc.deb
      Size/MD5:   528694 5416ec8f3f67c509fc52b3f01f22b96b
    
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.4_powerpc.udeb
      Size/MD5:   186298 b6a9fd722001d6fcd0987b3a88503f99

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2-dev_1.4.10-1ubuntu4.4_sparc.deb
      Size/MD5:   543968 126b4d740f9ad684c6e47c286b87afc8
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo-directfb2_1.4.10-1ubuntu4.4_sparc.deb
      Size/MD5:   471474 e897822f36019d17501472bc9b6c4791
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2-dev_1.4.10-1ubuntu4.4_sparc.deb
      Size/MD5:   585030 c0cf996cb88ed74b0886f76ec35cc7b7
    
http://security.ubuntu.com/ubuntu/pool/main/libc/libcairo/libcairo2_1.4.10-1ubuntu4.4_sparc.deb
      Size/MD5:   505554 f20daf037a08ad67b818c98ad7717bea
    
http://security.ubuntu.com/ubuntu/pool/universe/libc/libcairo/libcairo-directfb2-udeb_1.4.10-1ubuntu4.4_sparc.udeb
      Size/MD5:   177700 79888f6855ad4b9b64741c955b0581fd
Attachment: signature.asc
Description: Digital signature
Prev by Date: MS Office 2007: Target of Hyperlinks not covered by Digital Signatures
Next by Date: AW: MS Office 2007: Digital Signature does not protect Meta-Data
Previous by thread: MS Office 2007: Target of Hyperlinks not covered by Digital Signatures
Next by thread: SECURITY: 1.4.12 Package Compromise
Index(es):
- Date
- Thread