Referenced CVEs:
CVE-2009-2042, CVE-2010-0205
Description:
===========================================================Ubuntu Security Notice USN-913-1 March 16, 2010libpng vulnerabilitiesCVE-2009-2042, CVE-2010-0205===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 8.04 LTSUbuntu 8.10Ubuntu 9.04Ubuntu 9.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libpng12-0 1.2.8rel-5ubuntu0.5Ubuntu 8.04 LTS: libpng12-0 1.2.15~beta5-3ubuntu0.2Ubuntu 8.10: libpng12-0 1.2.27-1ubuntu0.2Ubuntu 9.04: libpng12-0 1.2.27-2ubuntu2.1Ubuntu 9.10: libpng12-0 1.2.37-1ubuntu0.1After a standard system upgrade you need to reboot your computer to effectthe necessary changes.Details follow:It was discovered that libpng did not properly initialize memory whendecoding certain 1-bit interlaced images. If a user or automated systemwere tricked into processing crafted PNG images, an attacker could possiblyuse this flaw to read sensitive information stored in memory. This issueonly affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. (CVE-2009-2042)It was discovered that libpng did not properly handle certain excessivelycompressed PNG images. If a user or automated system were tricked intoprocessing a crafted PNG image, an attacker could possibly use this flaw toconsume all available resources, resulting in a denial of service.(CVE-2010-0205)
More...
