[prev in list] [next in list] [prev in thread] [next in thread]
List: mandrake-security-announce
Subject: [Security Announce] MDKSA-2005:217 - Updated netpbm packages fix pnmtopng vulnerabilities
From: Mandriva Security Team <security () mandriva ! com>
Date: 2005-11-30 20:32:00
Message-ID: E1EhYcS-0006Qm-Pe () mercury ! mandriva ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2005:217
http://www.mandriva.com/security/
_______________________________________________________________________
Package : netpbm
Date : November 30, 2005
Affected: 10.1, Corporate 2.1, Corporate 3.0
_______________________________________________________________________
Problem Description:
Greg Roelofs discovered and fixed several buffer overflows in
pnmtopng which is also included in netpbm, a collection of
graphic conversion utilities, that can lead to the execution of
arbitrary code via a specially crafted PNM file.
Multiple buffer overflows in pnmtopng in netpbm 10.0 and
earlier allow attackers to execute arbitrary code via a
crafted PNM file. (CVE-2005-3632)
An off-by-one buffer overflow in pnmtopng, when using the -alpha
command line option, allows attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a
crafted PNM file with exactly 256 colors. (CVE-2005-3662)
The updated packages have been patched to correct this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3662
_______________________________________________________________________
Updated Packages:
Mandriva Linux 10.1:
550eae5a55b39101687b7a0532219627 10.1/RPMS/libnetpbm9-9.24-8.2.101mdk.i586.rpm
b3b2ea4437130703b68a5b3868eaec0b \
10.1/RPMS/libnetpbm9-devel-9.24-8.2.101mdk.i586.rpm 653e84715019165ea620d64e5969714f \
10.1/RPMS/libnetpbm9-static-devel-9.24-8.2.101mdk.i586.rpm \
ac1db50f9caf2731a0dbc63e55688ef9 10.1/RPMS/netpbm-9.24-8.2.101mdk.i586.rpm \
c0b1026156fd6376adba353b4f5d0528 10.1/SRPMS/netpbm-9.24-8.2.101mdk.src.rpm
Mandriva Linux 10.1/X86_64:
a4fb05222ac3917637ae6a0773f7cdc9 \
x86_64/10.1/RPMS/lib64netpbm9-9.24-8.2.101mdk.x86_64.rpm \
32951fca67c13886bdb779de08f8edf3 \
x86_64/10.1/RPMS/lib64netpbm9-devel-9.24-8.2.101mdk.x86_64.rpm \
dafac5b2622f774bc311ef6004e4fa3e \
x86_64/10.1/RPMS/lib64netpbm9-static-devel-9.24-8.2.101mdk.x86_64.rpm \
6984338299c35aca2489b8dae94e9e65 x86_64/10.1/RPMS/netpbm-9.24-8.2.101mdk.x86_64.rpm \
c0b1026156fd6376adba353b4f5d0528 x86_64/10.1/SRPMS/netpbm-9.24-8.2.101mdk.src.rpm
Corporate Server 2.1:
cfeeabb6edac6d7234f6e09beb19ff36 \
corporate/2.1/RPMS/libnetpbm9-9.24-4.5.C21mdk.i586.rpm \
4b34fb42803f511646d0129d7fc7dd2f \
corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.5.C21mdk.i586.rpm \
89b46b4d6a89797916ee54a48a38a732 \
corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.5.C21mdk.i586.rpm \
c4af1176267c16480c3d15f24dcb5db9 corporate/2.1/RPMS/netpbm-9.24-4.5.C21mdk.i586.rpm \
0bf9af1326905eb13fb3f4fb66424653 corporate/2.1/SRPMS/netpbm-9.24-4.5.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
27b0f5ef22581bc5c5c23bf880302c58 \
x86_64/corporate/2.1/RPMS/libnetpbm9-9.24-4.5.C21mdk.x86_64.rpm \
1743d3247a1e3de046fbf31ce37e443d \
x86_64/corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.5.C21mdk.x86_64.rpm \
4e67e3d7940f30c3bc86cf5a2f215543 \
x86_64/corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.5.C21mdk.x86_64.rpm \
7ab637139c9b1977923cae04dd3cc9de \
x86_64/corporate/2.1/RPMS/netpbm-9.24-4.5.C21mdk.x86_64.rpm \
0bf9af1326905eb13fb3f4fb66424653 \
x86_64/corporate/2.1/SRPMS/netpbm-9.24-4.5.C21mdk.src.rpm
Corporate 3.0:
784b993f4e0409fe5255c3228c72ea3b \
corporate/3.0/RPMS/libnetpbm9-9.24-8.3.C30mdk.i586.rpm \
319272b7f74900cabd06c6fa5e0b52b2 \
corporate/3.0/RPMS/libnetpbm9-devel-9.24-8.3.C30mdk.i586.rpm \
e6feb19b8b2c0ac6d522c1a73035811d \
corporate/3.0/RPMS/libnetpbm9-static-devel-9.24-8.3.C30mdk.i586.rpm \
42406aa8e04afd173d2194b50d11ca13 corporate/3.0/RPMS/netpbm-9.24-8.3.C30mdk.i586.rpm \
17a729bc07c296f77efb87301d122aa6 corporate/3.0/SRPMS/netpbm-9.24-8.3.C30mdk.src.rpm
Corporate 3.0/X86_64:
d0f1d6da66166acfc0ce18dfd55548e1 \
x86_64/corporate/3.0/RPMS/lib64netpbm9-9.24-8.3.C30mdk.x86_64.rpm \
9e5d975423d7d00a1cfc5b1ea87c07c4 \
x86_64/corporate/3.0/RPMS/lib64netpbm9-devel-9.24-8.3.C30mdk.x86_64.rpm \
f3f7f6ec681c2edbf29e789e1f9e1887 \
x86_64/corporate/3.0/RPMS/lib64netpbm9-static-devel-9.24-8.3.C30mdk.x86_64.rpm \
5f27304b1b68639211c34e573c163b52 \
x86_64/corporate/3.0/RPMS/netpbm-9.24-8.3.C30mdk.x86_64.rpm \
17a729bc07c296f77efb87301d122aa6 \
x86_64/corporate/3.0/SRPMS/netpbm-9.24-8.3.C30mdk.src.rpm \
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDjd9jmqjQ0CJFipgRAt4IAKCNp6xNOrPYD0iIxwaeULBFseKjxQCglNPW
poN0qS1nZtou9Y6VRFkumYA=
=PJfB
-----END PGP SIGNATURE-----
["message-footer.txt" (text/plain)]
To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic