[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20051018145342.GB9160@piware.de>
Date: Tue, 18 Oct 2005 16:53:42 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-210-1] netpbm vulnerability
===========================================================
Ubuntu Security Notice USN-210-1 October 18, 2005
netpbm-free vulnerability
CAN-2005-2978
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
netpbm
The problem can be corrected by upgrading the affected package to
version 2:10.0-5ubuntu0.2 (for Ubuntu 4.10), 2:10.0-8ubuntu0.2 (for
Ubuntu 5.04), or 2:10.0-8ubuntu1.1 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.
Details follow:
A buffer overflow was found in the "pnmtopng" conversion program. By
tricking an user (or automated system) to process a specially crafted
PNM image with pnmtopng, this could be exploited to execute arbitrary
code with the privileges of the user running pnmtopng.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-5ubuntu0.2.diff.gz
Size/MD5: 43800 4dc567315041ddfafb4f7c8f513bcbb8
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-5ubuntu0.2.dsc
Size/MD5: 760 47b4d65a19c21dce33a8ca5b09098353
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
Size/MD5: 1926538 985e9f6d531ac0b2004f5cbebdeea87d
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-5ubuntu0.2_amd64.deb
Size/MD5: 117802 503f0cf14d2195de71ce651f1e4cb213
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-5ubuntu0.2_amd64.deb
Size/MD5: 68544 8944dc6ce9718967f70b5cec1b52c49d
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-5ubuntu0.2_amd64.deb
Size/MD5: 118194 22baca57b70b2afeacb8e26729a61d00
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-5ubuntu0.2_amd64.deb
Size/MD5: 76926 35566ec63583650875ef38f1da6ca89f
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-5ubuntu0.2_amd64.deb
Size/MD5: 1276546 0ec021850356b6ced6edaacc97945cfd
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-5ubuntu0.2_i386.deb
Size/MD5: 108700 27cc3f4ec7b7282b5e0379ed59b9a89e
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-5ubuntu0.2_i386.deb
Size/MD5: 63416 f8c3e3eae7a756f1d2b7990bae52f045
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-5ubuntu0.2_i386.deb
Size/MD5: 108838 b86e4ac8bd02fea0c0bcc6aeb70d27eb
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-5ubuntu0.2_i386.deb
Size/MD5: 70510 c18691ec27cf464e85ba300ca4d9336e
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-5ubuntu0.2_i386.deb
Size/MD5: 1182526 ae05b3f0bff5bc5023c06dcb20f6420d
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-5ubuntu0.2_powerpc.deb
Size/MD5: 123450 14fb0a6b7f23fdbd2bfcf2a7d1b7ff81
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-5ubuntu0.2_powerpc.deb
Size/MD5: 70888 183ad6e6a06931546aaf61e3a4b18a5f
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-5ubuntu0.2_powerpc.deb
Size/MD5: 123804 329a5a72aebd077af324572164682f63
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-5ubuntu0.2_powerpc.deb
Size/MD5: 82914 cd17b36d585b74f981cf60a114590cca
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-5ubuntu0.2_powerpc.deb
Size/MD5: 1521750 2b8a7d6de621d3c6d3b8cd5c08696152
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-8ubuntu0.2.diff.gz
Size/MD5: 45618 dbc755c12a206a568cb9ae9aca66940f
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-8ubuntu0.2.dsc
Size/MD5: 755 06eb537fd60b01cbb11a8880784fd60e
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
Size/MD5: 1926538 985e9f6d531ac0b2004f5cbebdeea87d
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu0.2_amd64.deb
Size/MD5: 118166 0bf95304d5065d615ed018de0b9cd922
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu0.2_amd64.deb
Size/MD5: 68912 ae2423d1ef5f0121bab95bc6e329f87a
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu0.2_amd64.deb
Size/MD5: 118540 0648911f2721bd0c75a4d7ace1fa70a4
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu0.2_amd64.deb
Size/MD5: 77258 2551bfcefd60ec8e8345d4428b6ab470
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu0.2_amd64.deb
Size/MD5: 1277566 901de41c9fff67f8fcda5d145b020123
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu0.2_i386.deb
Size/MD5: 109086 1d53a295fe6284fb71a4e3bd8edc588a
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu0.2_i386.deb
Size/MD5: 63816 a00c3bf07303ec2e33fb65169b1e41ff
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu0.2_i386.deb
Size/MD5: 109210 830c462141a5ded03b75466ab070c119
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu0.2_i386.deb
Size/MD5: 70854 56139e102e3d054bfec68dfeef3f7e77
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu0.2_i386.deb
Size/MD5: 1175132 e1a599e6755b8c33f0e12ed1cc13820f
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu0.2_powerpc.deb
Size/MD5: 123704 cb98b033340ef2df0f7fee4985a1b354
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu0.2_powerpc.deb
Size/MD5: 71282 820b73d9f97eb01ddc76efa0e9ef7075
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu0.2_powerpc.deb
Size/MD5: 124060 ad9aedd0b1782c972ad1aef051dc8c71
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu0.2_powerpc.deb
Size/MD5: 83474 9f76ab656a5426df156366286767e8c5
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu0.2_powerpc.deb
Size/MD5: 1521478 0336c4c312eac0c1a93e3268ae6160c5
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-8ubuntu1.1.diff.gz
Size/MD5: 45620 826ac92f261cf70074c4d78d992878da
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-8ubuntu1.1.dsc
Size/MD5: 755 47a6df3dba7264b0be29a1e5b8c62ba2
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
Size/MD5: 1926538 985e9f6d531ac0b2004f5cbebdeea87d
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu1.1_amd64.deb
Size/MD5: 116828 1c489ace971102d9a1af3f5217e63e64
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu1.1_amd64.deb
Size/MD5: 67706 d1f4222c1f1e543c82a5e776ca577ff2
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu1.1_amd64.deb
Size/MD5: 117236 42a3121b3926259f3083373eb34b1a9b
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu1.1_amd64.deb
Size/MD5: 75928 4a5fdb6cac7e5f1eba63e64f3902a969
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu1.1_amd64.deb
Size/MD5: 1241976 aa040939f7118af06f5c6eeeeeef3399
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu1.1_i386.deb
Size/MD5: 107270 fb8872a27c2262af63c1c5cec8614fc1
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu1.1_i386.deb
Size/MD5: 61480 dd46612c56651fb0477fa07bc8fcf711
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu1.1_i386.deb
Size/MD5: 107466 f45507f92f3e6be48e12e02cdf5dcdd7
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu1.1_i386.deb
Size/MD5: 68158 bfed171ef82483414c2ad4d815f542ea
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu1.1_i386.deb
Size/MD5: 1160746 30e57da1508d126e448f69022cf1c86f
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu1.1_powerpc.deb
Size/MD5: 118410 7002907e8975e88f87ad2183d1a8372d
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu1.1_powerpc.deb
Size/MD5: 67588 70ca72b325fc88b68cf474aaf0bb648c
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu1.1_powerpc.deb
Size/MD5: 118768 49495ad4fe3372cc9e39bf60687f180c
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu1.1_powerpc.deb
Size/MD5: 78582 2224fe9c53dc10215cbaf961f483edc6
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu1.1_powerpc.deb
Size/MD5: 1442428 ca17b30fcc16331a918d9fb852f36d1f
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists