lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1EhYcS-0006Qq-SC@mercury.mandriva.com>
Date: Wed, 30 Nov 2005 13:32:00 -0700
From: Mandriva Security Team <security@...driva.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:217 - Updated netpbm packages fix pnmtopng vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2005:217
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : netpbm
 Date    : November 30, 2005
 Affected: 10.1, Corporate 2.1, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Greg Roelofs discovered and fixed several buffer overflows in 
 pnmtopng which is also included in netpbm, a collection of 
 graphic conversion utilities, that can lead to the execution of 
 arbitrary code via a specially crafted PNM file.
 
 Multiple buffer overflows in pnmtopng in netpbm 10.0 and 
 earlier allow attackers to execute arbitrary code via a 
 crafted PNM file. (CVE-2005-3632)
 
 An off-by-one buffer overflow in pnmtopng, when using the -alpha 
 command line option, allows attackers to cause a denial of 
 service (crash) and possibly execute arbitrary code via a 
 crafted PNM file with exactly 256 colors. (CVE-2005-3662)
 
 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3632
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3662
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 550eae5a55b39101687b7a0532219627  10.1/RPMS/libnetpbm9-9.24-8.2.101mdk.i586.rpm
 b3b2ea4437130703b68a5b3868eaec0b  10.1/RPMS/libnetpbm9-devel-9.24-8.2.101mdk.i586.rpm
 653e84715019165ea620d64e5969714f  10.1/RPMS/libnetpbm9-static-devel-9.24-8.2.101mdk.i586.rpm
 ac1db50f9caf2731a0dbc63e55688ef9  10.1/RPMS/netpbm-9.24-8.2.101mdk.i586.rpm
 c0b1026156fd6376adba353b4f5d0528  10.1/SRPMS/netpbm-9.24-8.2.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 a4fb05222ac3917637ae6a0773f7cdc9  x86_64/10.1/RPMS/lib64netpbm9-9.24-8.2.101mdk.x86_64.rpm
 32951fca67c13886bdb779de08f8edf3  x86_64/10.1/RPMS/lib64netpbm9-devel-9.24-8.2.101mdk.x86_64.rpm
 dafac5b2622f774bc311ef6004e4fa3e  x86_64/10.1/RPMS/lib64netpbm9-static-devel-9.24-8.2.101mdk.x86_64.rpm
 6984338299c35aca2489b8dae94e9e65  x86_64/10.1/RPMS/netpbm-9.24-8.2.101mdk.x86_64.rpm
 c0b1026156fd6376adba353b4f5d0528  x86_64/10.1/SRPMS/netpbm-9.24-8.2.101mdk.src.rpm

 Corporate Server 2.1:
 cfeeabb6edac6d7234f6e09beb19ff36  corporate/2.1/RPMS/libnetpbm9-9.24-4.5.C21mdk.i586.rpm
 4b34fb42803f511646d0129d7fc7dd2f  corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.5.C21mdk.i586.rpm
 89b46b4d6a89797916ee54a48a38a732  corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.5.C21mdk.i586.rpm
 c4af1176267c16480c3d15f24dcb5db9  corporate/2.1/RPMS/netpbm-9.24-4.5.C21mdk.i586.rpm
 0bf9af1326905eb13fb3f4fb66424653  corporate/2.1/SRPMS/netpbm-9.24-4.5.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 27b0f5ef22581bc5c5c23bf880302c58  x86_64/corporate/2.1/RPMS/libnetpbm9-9.24-4.5.C21mdk.x86_64.rpm
 1743d3247a1e3de046fbf31ce37e443d  x86_64/corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.5.C21mdk.x86_64.rpm
 4e67e3d7940f30c3bc86cf5a2f215543  x86_64/corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.5.C21mdk.x86_64.rpm
 7ab637139c9b1977923cae04dd3cc9de  x86_64/corporate/2.1/RPMS/netpbm-9.24-4.5.C21mdk.x86_64.rpm
 0bf9af1326905eb13fb3f4fb66424653  x86_64/corporate/2.1/SRPMS/netpbm-9.24-4.5.C21mdk.src.rpm

 Corporate 3.0:
 784b993f4e0409fe5255c3228c72ea3b  corporate/3.0/RPMS/libnetpbm9-9.24-8.3.C30mdk.i586.rpm
 319272b7f74900cabd06c6fa5e0b52b2  corporate/3.0/RPMS/libnetpbm9-devel-9.24-8.3.C30mdk.i586.rpm
 e6feb19b8b2c0ac6d522c1a73035811d  corporate/3.0/RPMS/libnetpbm9-static-devel-9.24-8.3.C30mdk.i586.rpm
 42406aa8e04afd173d2194b50d11ca13  corporate/3.0/RPMS/netpbm-9.24-8.3.C30mdk.i586.rpm
 17a729bc07c296f77efb87301d122aa6  corporate/3.0/SRPMS/netpbm-9.24-8.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 d0f1d6da66166acfc0ce18dfd55548e1  x86_64/corporate/3.0/RPMS/lib64netpbm9-9.24-8.3.C30mdk.x86_64.rpm
 9e5d975423d7d00a1cfc5b1ea87c07c4  x86_64/corporate/3.0/RPMS/lib64netpbm9-devel-9.24-8.3.C30mdk.x86_64.rpm
 f3f7f6ec681c2edbf29e789e1f9e1887  x86_64/corporate/3.0/RPMS/lib64netpbm9-static-devel-9.24-8.3.C30mdk.x86_64.rpm
 5f27304b1b68639211c34e573c163b52  x86_64/corporate/3.0/RPMS/netpbm-9.24-8.3.C30mdk.x86_64.rpm
 17a729bc07c296f77efb87301d122aa6  x86_64/corporate/3.0/SRPMS/netpbm-9.24-8.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDjd9jmqjQ0CJFipgRAt4IAKCNp6xNOrPYD0iIxwaeULBFseKjxQCglNPW
poN0qS1nZtou9Y6VRFkumYA=
=PJfB
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ