Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-210-1] netpbm vulnerability
From: Martin Pitt <martin.pitt () canonical com>
Date: Tue, 18 Oct 2005 16:53:42 +0200

===========================================================
Ubuntu Security Notice USN-210-1           October 18, 2005
netpbm-free vulnerability
CAN-2005-2978
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

netpbm

The problem can be corrected by upgrading the affected package to
version 2:10.0-5ubuntu0.2 (for Ubuntu 4.10), 2:10.0-8ubuntu0.2 (for
Ubuntu 5.04), or 2:10.0-8ubuntu1.1 (for Ubuntu 5.10).  In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

A buffer overflow was found in the "pnmtopng" conversion program. By
tricking an user (or automated system) to process a specially crafted
PNM image with pnmtopng, this could be exploited to execute arbitrary
code with the privileges of the user running pnmtopng.


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-5ubuntu0.2.diff.gz
      Size/MD5:    43800 4dc567315041ddfafb4f7c8f513bcbb8
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-5ubuntu0.2.dsc
      Size/MD5:      760 47b4d65a19c21dce33a8ca5b09098353
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
      Size/MD5:  1926538 985e9f6d531ac0b2004f5cbebdeea87d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-5ubuntu0.2_amd64.deb
      Size/MD5:   117802 503f0cf14d2195de71ce651f1e4cb213
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-5ubuntu0.2_amd64.deb
      Size/MD5:    68544 8944dc6ce9718967f70b5cec1b52c49d
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-5ubuntu0.2_amd64.deb
      Size/MD5:   118194 22baca57b70b2afeacb8e26729a61d00
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-5ubuntu0.2_amd64.deb
      Size/MD5:    76926 35566ec63583650875ef38f1da6ca89f
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-5ubuntu0.2_amd64.deb
      Size/MD5:  1276546 0ec021850356b6ced6edaacc97945cfd

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-5ubuntu0.2_i386.deb
      Size/MD5:   108700 27cc3f4ec7b7282b5e0379ed59b9a89e
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-5ubuntu0.2_i386.deb
      Size/MD5:    63416 f8c3e3eae7a756f1d2b7990bae52f045
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-5ubuntu0.2_i386.deb
      Size/MD5:   108838 b86e4ac8bd02fea0c0bcc6aeb70d27eb
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-5ubuntu0.2_i386.deb
      Size/MD5:    70510 c18691ec27cf464e85ba300ca4d9336e
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-5ubuntu0.2_i386.deb
      Size/MD5:  1182526 ae05b3f0bff5bc5023c06dcb20f6420d

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-5ubuntu0.2_powerpc.deb
      Size/MD5:   123450 14fb0a6b7f23fdbd2bfcf2a7d1b7ff81
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-5ubuntu0.2_powerpc.deb
      Size/MD5:    70888 183ad6e6a06931546aaf61e3a4b18a5f
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-5ubuntu0.2_powerpc.deb
      Size/MD5:   123804 329a5a72aebd077af324572164682f63
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-5ubuntu0.2_powerpc.deb
      Size/MD5:    82914 cd17b36d585b74f981cf60a114590cca
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-5ubuntu0.2_powerpc.deb
      Size/MD5:  1521750 2b8a7d6de621d3c6d3b8cd5c08696152

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-8ubuntu0.2.diff.gz
      Size/MD5:    45618 dbc755c12a206a568cb9ae9aca66940f
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-8ubuntu0.2.dsc
      Size/MD5:      755 06eb537fd60b01cbb11a8880784fd60e
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
      Size/MD5:  1926538 985e9f6d531ac0b2004f5cbebdeea87d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu0.2_amd64.deb
      Size/MD5:   118166 0bf95304d5065d615ed018de0b9cd922
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu0.2_amd64.deb
      Size/MD5:    68912 ae2423d1ef5f0121bab95bc6e329f87a
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu0.2_amd64.deb
      Size/MD5:   118540 0648911f2721bd0c75a4d7ace1fa70a4
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu0.2_amd64.deb
      Size/MD5:    77258 2551bfcefd60ec8e8345d4428b6ab470
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu0.2_amd64.deb
      Size/MD5:  1277566 901de41c9fff67f8fcda5d145b020123

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu0.2_i386.deb
      Size/MD5:   109086 1d53a295fe6284fb71a4e3bd8edc588a
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu0.2_i386.deb
      Size/MD5:    63816 a00c3bf07303ec2e33fb65169b1e41ff
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu0.2_i386.deb
      Size/MD5:   109210 830c462141a5ded03b75466ab070c119
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu0.2_i386.deb
      Size/MD5:    70854 56139e102e3d054bfec68dfeef3f7e77
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu0.2_i386.deb
      Size/MD5:  1175132 e1a599e6755b8c33f0e12ed1cc13820f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu0.2_powerpc.deb
      Size/MD5:   123704 cb98b033340ef2df0f7fee4985a1b354
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu0.2_powerpc.deb
      Size/MD5:    71282 820b73d9f97eb01ddc76efa0e9ef7075
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu0.2_powerpc.deb
      Size/MD5:   124060 ad9aedd0b1782c972ad1aef051dc8c71
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu0.2_powerpc.deb
      Size/MD5:    83474 9f76ab656a5426df156366286767e8c5
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu0.2_powerpc.deb
      Size/MD5:  1521478 0336c4c312eac0c1a93e3268ae6160c5

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-8ubuntu1.1.diff.gz
      Size/MD5:    45620 826ac92f261cf70074c4d78d992878da
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-8ubuntu1.1.dsc
      Size/MD5:      755 47a6df3dba7264b0be29a1e5b8c62ba2
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
      Size/MD5:  1926538 985e9f6d531ac0b2004f5cbebdeea87d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu1.1_amd64.deb
      Size/MD5:   116828 1c489ace971102d9a1af3f5217e63e64
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu1.1_amd64.deb
      Size/MD5:    67706 d1f4222c1f1e543c82a5e776ca577ff2
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu1.1_amd64.deb
      Size/MD5:   117236 42a3121b3926259f3083373eb34b1a9b
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu1.1_amd64.deb
      Size/MD5:    75928 4a5fdb6cac7e5f1eba63e64f3902a969
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu1.1_amd64.deb
      Size/MD5:  1241976 aa040939f7118af06f5c6eeeeeef3399

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu1.1_i386.deb
      Size/MD5:   107270 fb8872a27c2262af63c1c5cec8614fc1
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu1.1_i386.deb
      Size/MD5:    61480 dd46612c56651fb0477fa07bc8fcf711
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu1.1_i386.deb
      Size/MD5:   107466 f45507f92f3e6be48e12e02cdf5dcdd7
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu1.1_i386.deb
      Size/MD5:    68158 bfed171ef82483414c2ad4d815f542ea
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu1.1_i386.deb
      Size/MD5:  1160746 30e57da1508d126e448f69022cf1c86f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu1.1_powerpc.deb
      Size/MD5:   118410 7002907e8975e88f87ad2183d1a8372d
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu1.1_powerpc.deb
      Size/MD5:    67588 70ca72b325fc88b68cf474aaf0bb648c
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu1.1_powerpc.deb
      Size/MD5:   118768 49495ad4fe3372cc9e39bf60687f180c
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu1.1_powerpc.deb
      Size/MD5:    78582 2224fe9c53dc10215cbaf961f483edc6
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu1.1_powerpc.deb
      Size/MD5:  1442428 ca17b30fcc16331a918d9fb852f36d1f

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [USN-210-1] netpbm vulnerability Martin Pitt (Oct 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]