lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20051121181151.GA8298@piware.de>
Date: Mon, 21 Nov 2005 19:11:51 +0100
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-218-1] netpbm vulnerabilities

===========================================================
Ubuntu Security Notice USN-218-1	  November 21, 2005
netpbm-free vulnerabilities
CVE-2005-3632, CVE-2005-3662
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

netpbm

The problem can be corrected by upgrading the affected package to
version 2:10.0-5ubuntu0.3 (for Ubuntu 4.10), 2:10.0-8ubuntu0.3 (for
Ubuntu 5.04), or 2:10.0-8ubuntu1.2 (for Ubuntu 5.10).  In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Two buffer overflows were discovered in the 'pnmtopng' tool, which
were triggered by processing an image with exactly 256 colors when
using the -alpha option (CVE-2005-3662) or by processing a text file
with very long lines when using the -text option (CVE-2005-3632).

A remote attacker could exploit these to execute arbitrary code by
tricking an user or an automated system into processing a specially
crafted PNM file with pnmtopng.


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-5ubuntu0.3.diff.gz
      Size/MD5:    44598 ead4831ac6771ffa450843eda8de8b6f
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-5ubuntu0.3.dsc
      Size/MD5:      760 8917c4b8af6d1a2a312432fcd3ed3595
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
      Size/MD5:  1926538 985e9f6d531ac0b2004f5cbebdeea87d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-5ubuntu0.3_amd64.deb
      Size/MD5:   117936 1c8f6379000640b38056d7857f52e2d5
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-5ubuntu0.3_amd64.deb
      Size/MD5:    68660 e8439e9a1ebf81c4ecc1ae296eb6e6cf
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-5ubuntu0.3_amd64.deb
      Size/MD5:   118326 0f611ff7f14b29375998129c7bc7bb3e
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-5ubuntu0.3_amd64.deb
      Size/MD5:    77050 a9bb359d7c1c297507f09dcd31713fc4
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-5ubuntu0.3_amd64.deb
      Size/MD5:  1276834 d96f4842a748f3bdfcb197b84ad31343

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-5ubuntu0.3_i386.deb
      Size/MD5:   108846 01cd944ce5cedf30ea980cad29b0b650
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-5ubuntu0.3_i386.deb
      Size/MD5:    63554 f1a3ee5ec7dc9c4634e05c24ca618e9f
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-5ubuntu0.3_i386.deb
      Size/MD5:   108984 740b8804b55a2250fad6f0e458685f44
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-5ubuntu0.3_i386.deb
      Size/MD5:    70640 fd40bd8686b4c2369e452bf2e3d41cf7
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-5ubuntu0.3_i386.deb
      Size/MD5:  1182728 79baa9294649eb6046aef8e4d5066dd9

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-5ubuntu0.3_powerpc.deb
      Size/MD5:   123554 e6605bb4b223d8af420bd0f26f509bfc
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-5ubuntu0.3_powerpc.deb
      Size/MD5:    71010 278592a555bc51c000a09aa9f4908212
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-5ubuntu0.3_powerpc.deb
      Size/MD5:   123916 bb79f881171a0418700b5712712b3e61
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-5ubuntu0.3_powerpc.deb
      Size/MD5:    83060 d48ba48403439efeac5df60a2c832efc
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-5ubuntu0.3_powerpc.deb
      Size/MD5:  1522018 25fbe90b2b5cb254320e4f071c3ab9be

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-8ubuntu0.3.diff.gz
      Size/MD5:    46403 2473ab542348267405e98bf75086311a
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-8ubuntu0.3.dsc
      Size/MD5:      755 05ff6fa21964432cd93637a7f59c6f7a
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
      Size/MD5:  1926538 985e9f6d531ac0b2004f5cbebdeea87d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu0.3_amd64.deb
      Size/MD5:   118302 e21601f02d9bc91b8a5bd33e16057e62
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu0.3_amd64.deb
      Size/MD5:    69062 3bc568b6182ae3dcbc207d29c5207ec6
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu0.3_amd64.deb
      Size/MD5:   118688 1f9c424488313a30cbac7d7224d1a2d9
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu0.3_amd64.deb
      Size/MD5:    77408 dec047ea83819ba0211d04cbadb92e4b
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu0.3_amd64.deb
      Size/MD5:  1277814 b10eb7d5065bb20521402f7c2717da1f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu0.3_i386.deb
      Size/MD5:   109238 9a002099166088d06b80b5cd49f6dd3f
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu0.3_i386.deb
      Size/MD5:    64042 e00251fbdbfcd0f80601467587b9b351
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu0.3_i386.deb
      Size/MD5:   109360 23a0de8dc9b91c2630c86c8e7a4fa761
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu0.3_i386.deb
      Size/MD5:    70996 ee6837233c551f7debb5005cf50d1269
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu0.3_i386.deb
      Size/MD5:  1175376 0d3ce2fc556bed204e96cb2fe5b2b7ad

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu0.3_powerpc.deb
      Size/MD5:   123798 720500fb26ac19dfdb7c28649f4f05f7
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu0.3_powerpc.deb
      Size/MD5:    71434 0fd1546f624e500d3e9c4536f0f9af7f
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu0.3_powerpc.deb
      Size/MD5:   124178 f20226e6ea263211e923c9a128e29d11
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu0.3_powerpc.deb
      Size/MD5:    83614 b7dd80377a1712f9a60f800a41563cae
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu0.3_powerpc.deb
      Size/MD5:  1521624 8ded6f73e27ba56360b89d62c632cec7

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-8ubuntu1.2.dsc
      Size/MD5:      685 46d327d6366e42f80fd160bae5c6cccc
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-8ubuntu1.2.tar.gz
      Size/MD5:  1968551 8180ba0350e9e82213d14407d9d54062

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu1.2_amd64.deb
      Size/MD5:   116992 3ed365bb3649d860c0627f6492b41080
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu1.2_amd64.deb
      Size/MD5:    67868 6e3543ad0208c10834f4ef2383bdfb2e
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu1.2_amd64.deb
      Size/MD5:   117426 4349d9fc6235396a55c677a21b9ab1f9
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu1.2_amd64.deb
      Size/MD5:    76076 e1d13fda9eb8e0971381cd488f5ddad5
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu1.2_amd64.deb
      Size/MD5:  1242318 8a4d45754e7bb6ce0964078370bc06de

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu1.2_i386.deb
      Size/MD5:   107438 1306c512e533beb7d6db7cc898b3734e
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu1.2_i386.deb
      Size/MD5:    61650 e8d8a63ed3b0ccbe6a56fee32fa90f64
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu1.2_i386.deb
      Size/MD5:   107638 350bfd8c14c2b1fa81dc6b8d2e9b96e1
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu1.2_i386.deb
      Size/MD5:    68324 497f417f9e38a6939b8692dc63d25f5c
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu1.2_i386.deb
      Size/MD5:  1160942 4d1a5506904e1854d911484187256ee7

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu1.2_powerpc.deb
      Size/MD5:   118564 4672062e32dc60dd07ea7d0e13ebd587
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu1.2_powerpc.deb
      Size/MD5:    67760 d8a059493517d1e3e6cda86daddcb814
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu1.2_powerpc.deb
      Size/MD5:   118924 965a8a708f1ca929ea158059b088159a
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu1.2_powerpc.deb
      Size/MD5:    78716 db0b8a01d8831722012a9518abbbd749
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu1.2_powerpc.deb
      Size/MD5:  1442638 79ee88edaf92c82e421fca2df32c88ed

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ