lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1E2w63-00059V-IL@mercury.mandriva.com>
Date: Wed, 10 Aug 2005 13:18:39 -0600
From: Mandriva Security Team <security@...driva.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:133 - Updated netpbm packages fix temporary file vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           netpbm
 Advisory ID:            MDKSA-2005:133
 Date:                   August 9th, 2005

 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0,
			 Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Max Vozeler discovered that pstopnm, a part of the netpbm graphics
 utility suite, would call the GhostScript interpreter on untrusted
 PostScript files without using the -dSAFER option when converting a
 PostScript file into a PBM, PGM, or PNM file.  This could result in
 the execution of arbitrary commands with the privileges of the user
 running pstopnm if they could be convinced to try to convert a
 malicious PostScript file.
 
 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2471
  http://secunia.com/advisories/16184/
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 7bb710a56342cc78170bb74b37f512b0  10.0/RPMS/libnetpbm9-9.24-8.2.100mdk.i586.rpm
 7f820a3e8fcfaa705c0164cfd1b7a5c0  10.0/RPMS/libnetpbm9-devel-9.24-8.2.100mdk.i586.rpm
 3de55337645f009ed8e951b3e97b9507  10.0/RPMS/libnetpbm9-static-devel-9.24-8.2.100mdk.i586.rpm
 d32febe43b6b19ca7a3189b41de6d53c  10.0/RPMS/netpbm-9.24-8.2.100mdk.i586.rpm
 7d2bdf5636955adc39bfe13c4c581858  10.0/SRPMS/netpbm-9.24-8.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 04a7546fef5edfa604cdfd1e3dff1bc2  amd64/10.0/RPMS/lib64netpbm9-9.24-8.2.100mdk.amd64.rpm
 f89f7f330ecb8dd8e9a536afdcfb56f0  amd64/10.0/RPMS/lib64netpbm9-devel-9.24-8.2.100mdk.amd64.rpm
 0401393af2d5b3a933b487a1e00e3e43  amd64/10.0/RPMS/lib64netpbm9-static-devel-9.24-8.2.100mdk.amd64.rpm
 2400c52abc020a3ac9883bc02dc77f36  amd64/10.0/RPMS/netpbm-9.24-8.2.100mdk.amd64.rpm
 7d2bdf5636955adc39bfe13c4c581858  amd64/10.0/SRPMS/netpbm-9.24-8.2.100mdk.src.rpm

 Mandrakelinux 10.1:
 0c7ca6675e4a1502dc450d8b31076753  10.1/RPMS/libnetpbm9-9.24-8.1.101mdk.i586.rpm
 ac327d0433d6c672e382a2c1f4dc8667  10.1/RPMS/libnetpbm9-devel-9.24-8.1.101mdk.i586.rpm
 dee01cf52709fbbc65f3a0c21d4573d9  10.1/RPMS/libnetpbm9-static-devel-9.24-8.1.101mdk.i586.rpm
 6c9bedecf233accd53f123f3c2a26aec  10.1/RPMS/netpbm-9.24-8.1.101mdk.i586.rpm
 8722f08f1813fb796d7b5fa8576f6045  10.1/SRPMS/netpbm-9.24-8.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 9b99ec325088181a931983f622c7649f  x86_64/10.1/RPMS/lib64netpbm9-9.24-8.1.101mdk.x86_64.rpm
 119d4f558fddb4bafee84dc5da3f0c8a  x86_64/10.1/RPMS/lib64netpbm9-devel-9.24-8.1.101mdk.x86_64.rpm
 13e9911031dc3d8b23da2157451f89a8  x86_64/10.1/RPMS/lib64netpbm9-static-devel-9.24-8.1.101mdk.x86_64.rpm
 6637e848b29abe54142155f66ac79fb9  x86_64/10.1/RPMS/netpbm-9.24-8.1.101mdk.x86_64.rpm
 8722f08f1813fb796d7b5fa8576f6045  x86_64/10.1/SRPMS/netpbm-9.24-8.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 4db608229fad2d6014ea506ad775e9f8  10.2/RPMS/libnetpbm10-10.26-2.1.102mdk.i586.rpm
 4fd7e7857c692209d4c94a8a5ebe84cc  10.2/RPMS/libnetpbm10-devel-10.26-2.1.102mdk.i586.rpm
 4521de30a4e9ee995200ae0c1443132b  10.2/RPMS/libnetpbm10-static-devel-10.26-2.1.102mdk.i586.rpm
 a3b5efc89e18489ef2cd181b20a1dc1b  10.2/RPMS/netpbm-10.26-2.1.102mdk.i586.rpm
 52d2d1a460d07b33fbe7f6204d1cf51f  10.2/SRPMS/netpbm-10.26-2.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 37912f8c31bd31b979bfdb69ad357837  x86_64/10.2/RPMS/lib64netpbm10-10.26-2.1.102mdk.x86_64.rpm
 928a397b673e96ed0fecdd62878aef84  x86_64/10.2/RPMS/lib64netpbm10-devel-10.26-2.1.102mdk.x86_64.rpm
 b74c96495461b1406af317e91932500e  x86_64/10.2/RPMS/lib64netpbm10-static-devel-10.26-2.1.102mdk.x86_64.rpm
 30ae5cd7a9e65594e30cf876f352fda6  x86_64/10.2/RPMS/netpbm-10.26-2.1.102mdk.x86_64.rpm
 52d2d1a460d07b33fbe7f6204d1cf51f  x86_64/10.2/SRPMS/netpbm-10.26-2.1.102mdk.src.rpm

 Corporate Server 2.1:
 f42bccdec9b6f8a432191730b85d186c  corporate/2.1/RPMS/libnetpbm9-9.24-4.4.C21mdk.i586.rpm
 3e877555a0533572d788a4d47694bccd  corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.4.C21mdk.i586.rpm
 57dcadc0b0d94243894bccdaf17acf8a  corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.4.C21mdk.i586.rpm
 1fa1e01964db5302ddc773c2be67ca6b  corporate/2.1/RPMS/netpbm-9.24-4.4.C21mdk.i586.rpm
 511aeb9ce3bdb6429e8a8ce06b873b6b  corporate/2.1/SRPMS/netpbm-9.24-4.4.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 6dfd39d7a3b0db15b273b2b7b7db01c4  x86_64/corporate/2.1/RPMS/libnetpbm9-9.24-4.4.C21mdk.x86_64.rpm
 50c24455f7b43e1f7fe7581a12655c39  x86_64/corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.4.C21mdk.x86_64.rpm
 b947dcdb4226298cb90c644cce9dbd4c  x86_64/corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.4.C21mdk.x86_64.rpm
 e1ace7d529c4adc3cc4e64d116467e0b  x86_64/corporate/2.1/RPMS/netpbm-9.24-4.4.C21mdk.x86_64.rpm
 511aeb9ce3bdb6429e8a8ce06b873b6b  x86_64/corporate/2.1/SRPMS/netpbm-9.24-4.4.C21mdk.src.rpm

 Corporate 3.0:
 b086f97cc2bad2023fd2446135e00def  corporate/3.0/RPMS/libnetpbm9-9.24-8.2.C30mdk.i586.rpm
 768f2b273391c3cb4d39790ac91b40c4  corporate/3.0/RPMS/libnetpbm9-devel-9.24-8.2.C30mdk.i586.rpm
 7f6eb96aef5065be7370f1954b252dee  corporate/3.0/RPMS/libnetpbm9-static-devel-9.24-8.2.C30mdk.i586.rpm
 1b2c5cb64efceac8a39d1d84aa362f2d  corporate/3.0/RPMS/netpbm-9.24-8.2.C30mdk.i586.rpm
 435e2548bed0da6bc4519910e3bae83f  corporate/3.0/SRPMS/netpbm-9.24-8.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 c6fcd7a90094eeae7e67ee56d71d3e22  x86_64/corporate/3.0/RPMS/lib64netpbm9-9.24-8.2.C30mdk.x86_64.rpm
 a8d06987e1aacb0c9ab174082bc024a0  x86_64/corporate/3.0/RPMS/lib64netpbm9-devel-9.24-8.2.C30mdk.x86_64.rpm
 2653e371af14609096eb2ed9ef7e5963  x86_64/corporate/3.0/RPMS/lib64netpbm9-static-devel-9.24-8.2.C30mdk.x86_64.rpm
 7b93e604b00f197a77e49fe94a3cd612  x86_64/corporate/3.0/RPMS/netpbm-9.24-8.2.C30mdk.x86_64.rpm
 435e2548bed0da6bc4519910e3bae83f  x86_64/corporate/3.0/SRPMS/netpbm-9.24-8.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC+lMPmqjQ0CJFipgRAkreAJ4kAZA+Mh+k65v3cr5ZUpDVun4QYwCdF6NJ
ooCqglOMXw6xMoN8W8h8m9g=
=tJMw
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ