USN-164-1: netpbm vulnerability

USN-164-1: netpbm vulnerability
Posted on: 08/11/2005 08:27 AM

A netpbm vulnerability update has been released for Ubuntu Linux

==========================================================
Ubuntu Security Notice USN-164-1 August 11, 2005
netpbm-free vulnerability
CAN-2005-2471
==========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

netpbm

The problem can be corrected by upgrading the affected package to version 2:10.0-5ubuntu0.1 (for Ubuntu 4.10), or 2:10.0-8ubuntu0.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Max Vozeler discovered that the the "pstopnm" conversion tool did not use the -dSAFER option when calling ghostscript. This option prohibits file operations and calling commands within PostScript code. This flaw could be exploited by an attacker to execute arbitrary code if he tricked an user (or an automatic server) into processing a specially crafted PostScript document with pstopnm.

Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-5ubuntu0.1.diff.gz
Size/MD5: 43550 594a1da9339c54d05e36106f0b1c85e0
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-5ubuntu0.1.dsc
Size/MD5: 760 1a5edc03ebc6b8ff8076a4a0079f6674
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
Size/MD5: 1926538 985e9f6d531ac0b2004f5cbebdeea87d

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-5ubuntu0.1_amd64.deb
Size/MD5: 117696 81a4435f3d2338e5177eb2f83de5883a
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-5ubuntu0.1_amd64.deb
Size/MD5: 68430 7d1534c040af6b2dfb2f076f21e11294
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-5ubuntu0.1_amd64.deb
Size/MD5: 118092 6e3f69a316a5fab8057bafc5f6f91829
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-5ubuntu0.1_amd64.deb
Size/MD5: 76756 13a2c07cfa7aef8c6c4d31989715ff06
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-5ubuntu0.1_amd64.deb
Size/MD5: 1276426 41ff60e1f2a073be1f11bf37c6e9ffb6

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-5ubuntu0.1_i386.deb
Size/MD5: 108612 4a01122b8ff53ae7f81a8782add80bc7
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-5ubuntu0.1_i386.deb
Size/MD5: 63306 5f85f06109a2139deb853b137318f997
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-5ubuntu0.1_i386.deb
Size/MD5: 108748 5d77a22114f9aefc1903a612d5854275
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-5ubuntu0.1_i386.deb
Size/MD5: 70416 0d1eff935dcaadf7eb29c0378c2e5639
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-5ubuntu0.1_i386.deb
Size/MD5: 1182336 1e715dfc30cc3beec31bfce99cbe8a79

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-5ubuntu0.1_powerpc.deb
Size/MD5: 123390 155ee0575e849690a7cd4219ed6cb509
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-5ubuntu0.1_powerpc.deb
Size/MD5: 70782 4eb27ff658d8e5b49d6376d824442b40
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-5ubuntu0.1_powerpc.deb
Size/MD5: 123664 9b0ef06fab45b9edc2e2b59ad4cb2a7e
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-5ubuntu0.1_powerpc.deb
Size/MD5: 82816 525e99e624fff10f0c34ec5785a68c4f
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-5ubuntu0.1_powerpc.deb
Size/MD5: 1521674 0e708e0d77ca3093af9c90cc2b7f89ec

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-8ubuntu0.1.diff.gz
Size/MD5: 45394 f045727d094656cad9f3a2f3e0171eed
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-8ubuntu0.1.dsc
Size/MD5: 755 7b7b7c2fdadf10de5b67d745a93c7add
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
Size/MD5: 1926538 985e9f6d531ac0b2004f5cbebdeea87d

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu0.1_amd64.deb
Size/MD5: 118090 25dc40a3ab2e4dde8f8bf7b98aa74629
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu0.1_amd64.deb
Size/MD5: 68828 bd84aeeb984234a89489e3044ee2c355
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu0.1_amd64.deb
Size/MD5: 118482 4d9584027b65b1b3c551aa263c93ae52
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu0.1_amd64.deb
Size/MD5: 77198 586b50c7907046e6f2388b158b8302f6
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu0.1_amd64.deb
Size/MD5: 1277508 bd90553e95b20cab3ead12fad1f6564c

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu0.1_i386.deb
Size/MD5: 109002 cd45b1a3ac5091e38d647a7bbe2c4309
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu0.1_i386.deb
Size/MD5: 63740 24f0a6c4df8108e55af18d624175e2ea
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu0.1_i386.deb
Size/MD5: 109136 a3e242c840b27ab6bc451f4385a0d587
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu0.1_i386.deb
Size/MD5: 70794 22aa8bcd2694fc96f4880d87848ccb08
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu0.1_i386.deb
Size/MD5: 1175102 9ddef3f1d985c875e4ea2638427ec4c8

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu0.1_powerpc.deb
Size/MD5: 123650 bcb684cb4875269a4a954d8e855663c3
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu0.1_powerpc.deb
Size/MD5: 71214 d0567e9580b01c2369fa5b4ee16a350d
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu0.1_powerpc.deb
Size/MD5: 124020 643b8c4b7f95a406453f1c6162466549
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu0.1_powerpc.deb
Size/MD5: 83384 28a271191d11e95438ee8e118fbc2d94
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu0.1_powerpc.deb
Size/MD5: 1521420 66194d82af39e5a9b1230da149af1381

Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_164_1_netpbm_vulnerability.html)