CVE-2011-3045 in Ubuntu

CVE-2011-3045

Priority

Medium

Description

Integer signedness error in the png_inflate function in pngrutil.c in
libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and
other products, allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted PNG
file, a different vulnerability than CVE-2011-3026.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045
https://rhn.redhat.com/errata/RHSA-2012-0407.html
http://www.ubuntu.com/usn/usn-1402-1

Notes

jdstrand> firefox and thunderbird 16 are not affected

Package

Source: libpng (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 8.04 LTS (Hardy Heron):	released (1.2.15~beta5-3ubuntu0.6)
Ubuntu 10.04 LTS (Lucid Lynx):	released (1.2.42-1ubuntu2.4)
Ubuntu 11.04 (Natty Narwhal):	released (1.2.44-1ubuntu3.3)
Ubuntu 11.10 (Oneiric Ocelot):	released (1.2.46-3ubuntu1.2)
Ubuntu 12.04 LTS (Precise Pangolin):	released (1.2.46-3ubuntu3)
Ubuntu 12.10 (Quantal Quetzal):	released (1.2.46-3ubuntu3)

Patches:

Upstream:	http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b
Upstream:	http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=13f12476543c4ada693b4cb474039d5cf3389ed1 (related)
Vendor:	https://rhn.redhat.com/errata/RHSA-2012-0407.html

Package

Source: thunderbird (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 8.04 LTS (Hardy Heron):	ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):	not-affected
Ubuntu 11.04 (Natty Narwhal):	not-affected
Ubuntu 11.10 (Oneiric Ocelot):	not-affected
Ubuntu 12.04 LTS (Precise Pangolin):	not-affected
Ubuntu 12.10 (Quantal Quetzal):	not-affected

Package

Source: chromium-browser (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	not-affected (uses system libpng)
Ubuntu 11.04 (Natty Narwhal):	not-affected (uses system libpng)
Ubuntu 11.10 (Oneiric Ocelot):	not-affected (uses system libpng)
Ubuntu 12.04 LTS (Precise Pangolin):	not-affected (uses system libpng)
Ubuntu 12.10 (Quantal Quetzal):	not-affected (uses system libpng)

Package

Source: firefox (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 8.04 LTS (Hardy Heron):	ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):	not-affected
Ubuntu 11.04 (Natty Narwhal):	not-affected
Ubuntu 11.10 (Oneiric Ocelot):	not-affected
Ubuntu 12.04 LTS (Precise Pangolin):	not-affected
Ubuntu 12.10 (Quantal Quetzal):	not-affected

More Information

Updated: 2012-10-11 16:14:35 UTC (commit 5907)