[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20051121181151.GA8298@piware.de>
Date: Mon, 21 Nov 2005 19:11:51 +0100
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-218-1] netpbm vulnerabilities
===========================================================
Ubuntu Security Notice USN-218-1 November 21, 2005
netpbm-free vulnerabilities
CVE-2005-3632, CVE-2005-3662
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
netpbm
The problem can be corrected by upgrading the affected package to
version 2:10.0-5ubuntu0.3 (for Ubuntu 4.10), 2:10.0-8ubuntu0.3 (for
Ubuntu 5.04), or 2:10.0-8ubuntu1.2 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Two buffer overflows were discovered in the 'pnmtopng' tool, which
were triggered by processing an image with exactly 256 colors when
using the -alpha option (CVE-2005-3662) or by processing a text file
with very long lines when using the -text option (CVE-2005-3632).
A remote attacker could exploit these to execute arbitrary code by
tricking an user or an automated system into processing a specially
crafted PNM file with pnmtopng.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-5ubuntu0.3.diff.gz
Size/MD5: 44598 ead4831ac6771ffa450843eda8de8b6f
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-5ubuntu0.3.dsc
Size/MD5: 760 8917c4b8af6d1a2a312432fcd3ed3595
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
Size/MD5: 1926538 985e9f6d531ac0b2004f5cbebdeea87d
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-5ubuntu0.3_amd64.deb
Size/MD5: 117936 1c8f6379000640b38056d7857f52e2d5
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-5ubuntu0.3_amd64.deb
Size/MD5: 68660 e8439e9a1ebf81c4ecc1ae296eb6e6cf
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-5ubuntu0.3_amd64.deb
Size/MD5: 118326 0f611ff7f14b29375998129c7bc7bb3e
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-5ubuntu0.3_amd64.deb
Size/MD5: 77050 a9bb359d7c1c297507f09dcd31713fc4
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-5ubuntu0.3_amd64.deb
Size/MD5: 1276834 d96f4842a748f3bdfcb197b84ad31343
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-5ubuntu0.3_i386.deb
Size/MD5: 108846 01cd944ce5cedf30ea980cad29b0b650
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-5ubuntu0.3_i386.deb
Size/MD5: 63554 f1a3ee5ec7dc9c4634e05c24ca618e9f
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-5ubuntu0.3_i386.deb
Size/MD5: 108984 740b8804b55a2250fad6f0e458685f44
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-5ubuntu0.3_i386.deb
Size/MD5: 70640 fd40bd8686b4c2369e452bf2e3d41cf7
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-5ubuntu0.3_i386.deb
Size/MD5: 1182728 79baa9294649eb6046aef8e4d5066dd9
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-5ubuntu0.3_powerpc.deb
Size/MD5: 123554 e6605bb4b223d8af420bd0f26f509bfc
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-5ubuntu0.3_powerpc.deb
Size/MD5: 71010 278592a555bc51c000a09aa9f4908212
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-5ubuntu0.3_powerpc.deb
Size/MD5: 123916 bb79f881171a0418700b5712712b3e61
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-5ubuntu0.3_powerpc.deb
Size/MD5: 83060 d48ba48403439efeac5df60a2c832efc
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-5ubuntu0.3_powerpc.deb
Size/MD5: 1522018 25fbe90b2b5cb254320e4f071c3ab9be
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-8ubuntu0.3.diff.gz
Size/MD5: 46403 2473ab542348267405e98bf75086311a
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-8ubuntu0.3.dsc
Size/MD5: 755 05ff6fa21964432cd93637a7f59c6f7a
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
Size/MD5: 1926538 985e9f6d531ac0b2004f5cbebdeea87d
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu0.3_amd64.deb
Size/MD5: 118302 e21601f02d9bc91b8a5bd33e16057e62
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu0.3_amd64.deb
Size/MD5: 69062 3bc568b6182ae3dcbc207d29c5207ec6
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu0.3_amd64.deb
Size/MD5: 118688 1f9c424488313a30cbac7d7224d1a2d9
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu0.3_amd64.deb
Size/MD5: 77408 dec047ea83819ba0211d04cbadb92e4b
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu0.3_amd64.deb
Size/MD5: 1277814 b10eb7d5065bb20521402f7c2717da1f
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu0.3_i386.deb
Size/MD5: 109238 9a002099166088d06b80b5cd49f6dd3f
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu0.3_i386.deb
Size/MD5: 64042 e00251fbdbfcd0f80601467587b9b351
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu0.3_i386.deb
Size/MD5: 109360 23a0de8dc9b91c2630c86c8e7a4fa761
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu0.3_i386.deb
Size/MD5: 70996 ee6837233c551f7debb5005cf50d1269
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu0.3_i386.deb
Size/MD5: 1175376 0d3ce2fc556bed204e96cb2fe5b2b7ad
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu0.3_powerpc.deb
Size/MD5: 123798 720500fb26ac19dfdb7c28649f4f05f7
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu0.3_powerpc.deb
Size/MD5: 71434 0fd1546f624e500d3e9c4536f0f9af7f
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu0.3_powerpc.deb
Size/MD5: 124178 f20226e6ea263211e923c9a128e29d11
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu0.3_powerpc.deb
Size/MD5: 83614 b7dd80377a1712f9a60f800a41563cae
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu0.3_powerpc.deb
Size/MD5: 1521624 8ded6f73e27ba56360b89d62c632cec7
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-8ubuntu1.2.dsc
Size/MD5: 685 46d327d6366e42f80fd160bae5c6cccc
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-8ubuntu1.2.tar.gz
Size/MD5: 1968551 8180ba0350e9e82213d14407d9d54062
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu1.2_amd64.deb
Size/MD5: 116992 3ed365bb3649d860c0627f6492b41080
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu1.2_amd64.deb
Size/MD5: 67868 6e3543ad0208c10834f4ef2383bdfb2e
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu1.2_amd64.deb
Size/MD5: 117426 4349d9fc6235396a55c677a21b9ab1f9
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu1.2_amd64.deb
Size/MD5: 76076 e1d13fda9eb8e0971381cd488f5ddad5
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu1.2_amd64.deb
Size/MD5: 1242318 8a4d45754e7bb6ce0964078370bc06de
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu1.2_i386.deb
Size/MD5: 107438 1306c512e533beb7d6db7cc898b3734e
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu1.2_i386.deb
Size/MD5: 61650 e8d8a63ed3b0ccbe6a56fee32fa90f64
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu1.2_i386.deb
Size/MD5: 107638 350bfd8c14c2b1fa81dc6b8d2e9b96e1
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu1.2_i386.deb
Size/MD5: 68324 497f417f9e38a6939b8692dc63d25f5c
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu1.2_i386.deb
Size/MD5: 1160942 4d1a5506904e1854d911484187256ee7
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu1.2_powerpc.deb
Size/MD5: 118564 4672062e32dc60dd07ea7d0e13ebd587
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu1.2_powerpc.deb
Size/MD5: 67760 d8a059493517d1e3e6cda86daddcb814
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu1.2_powerpc.deb
Size/MD5: 118924 965a8a708f1ca929ea158059b088159a
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu1.2_powerpc.deb
Size/MD5: 78716 db0b8a01d8831722012a9518abbbd749
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu1.2_powerpc.deb
Size/MD5: 1442638 79ee88edaf92c82e421fca2df32c88ed
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists