Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2005:199 - Updated netpbm packages fix pnmtopng vulnerabilities
From: Mandriva Security Team <security () mandriva com>
Date: Wed, 26 Oct 2005 15:38:52 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2005:199
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : netpbm
 Date    : October 26, 2005
 Affected: 10.2, 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 Pnmtopng in netpbm 10.2X, when using the -trans option, uses 
 uninitialized size and index variables when converting Portable 
 Anymap (PNM) images to Portable Network Graphics (PNG), which might 
 allow attackers to execute arbitrary code by modifying the stack.
 
 Netpbm 9.2X is not affected by this vulnerability.
 
 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2978
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.2:
 ea24ad6ff612f0fce46eff6fb2233599  10.2/RPMS/libnetpbm10-10.26-2.2.102mdk.i586.rpm
 b91191e8a7596085eb467894dd84232e  10.2/RPMS/libnetpbm10-devel-10.26-2.2.102mdk.i586.rpm
 8965b6516f0be5e952bfd179f1024630  10.2/RPMS/libnetpbm10-static-devel-10.26-2.2.102mdk.i586.rpm
 1ae015666de512fb398060ec73c8bbea  10.2/RPMS/netpbm-10.26-2.2.102mdk.i586.rpm
 868de752ab4de8dc609a2b3c47432190  10.2/SRPMS/netpbm-10.26-2.2.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 b43b2e9787434ece104048f245fbe392  x86_64/10.2/RPMS/lib64netpbm10-10.26-2.2.102mdk.x86_64.rpm
 0a8a3e79a679f0a15265e4fa1d36df51  x86_64/10.2/RPMS/lib64netpbm10-devel-10.26-2.2.102mdk.x86_64.rpm
 dcab386cd578ab45a7f664e3e3a2f90b  x86_64/10.2/RPMS/lib64netpbm10-static-devel-10.26-2.2.102mdk.x86_64.rpm
 69b5ad7432ba251c210f91589a0ccdbf  x86_64/10.2/RPMS/netpbm-10.26-2.2.102mdk.x86_64.rpm
 868de752ab4de8dc609a2b3c47432190  x86_64/10.2/SRPMS/netpbm-10.26-2.2.102mdk.src.rpm

 Mandriva Linux 2006.0:
 4ffed80a15a8d15cd8c9d2c227d3c03d  2006.0/RPMS/libnetpbm10-10.29-1.2.20060mdk.i586.rpm
 55a9bee09a885a83c553819d7c8d22ab  2006.0/RPMS/libnetpbm10-devel-10.29-1.2.20060mdk.i586.rpm
 e1f55280419d7641251ad1f3fc8d31ec  2006.0/RPMS/libnetpbm10-static-devel-10.29-1.2.20060mdk.i586.rpm
 8482ee2780ac0ccbc2cf177b3ba3b2f0  2006.0/RPMS/netpbm-10.29-1.2.20060mdk.i586.rpm
 2ffcf5c132e2dd0013aef1b0ccdb214f  2006.0/SRPMS/netpbm-10.29-1.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 ca343baca521cc747f6254c9442a44a2  x86_64/2006.0/RPMS/lib64netpbm10-10.29-1.2.20060mdk.x86_64.rpm
 17aa56ad4fb21994e79cd6ca51466908  x86_64/2006.0/RPMS/lib64netpbm10-devel-10.29-1.2.20060mdk.x86_64.rpm
 8356a5735527b39db5786e2e66fce0f7  x86_64/2006.0/RPMS/lib64netpbm10-static-devel-10.29-1.2.20060mdk.x86_64.rpm
 80d8111cfc32bbf7a92fcb57fc331d9e  x86_64/2006.0/RPMS/netpbm-10.29-1.2.20060mdk.x86_64.rpm
 2ffcf5c132e2dd0013aef1b0ccdb214f  x86_64/2006.0/SRPMS/netpbm-10.29-1.2.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDX/dsmqjQ0CJFipgRApn2AKCp29/lilSIzOYcCUFSEz+MumBKygCgypmK
qv5fbcy/7m96KZC3lSfVwAE=
=26MT
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • MDKSA-2005:199 - Updated netpbm packages fix pnmtopng vulnerabilities Mandriva Security Team (Oct 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault