[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100430015238.GA21911@severus.strandboge.com>
Date: Thu, 29 Apr 2010 20:52:38 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-934-1] Netpbm vulnerability
===========================================================
Ubuntu Security Notice USN-934-1 April 29, 2010
netpbm-free vulnerability
CVE-2009-4274
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
netpbm 2:10.0-11.1ubuntu0.1
Ubuntu 9.04:
netpbm 2:10.0-12ubuntu0.9.04.1
Ubuntu 9.10:
netpbm 2:10.0-12ubuntu1.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Marc Schoenefeld discovered a buffer overflow in Netpbm when loading
certain images. If a user or automated system were tricked into opening a
specially crafted XPM image, a remote attacker could crash Netpbm. The
default compiler options for affected releases should reduce the
vulnerability to a denial of service.
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-11.1ubuntu0.1.diff.gz
Size/MD5: 51396 3b933cdaeeb90688e5d542dea6cbe199
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-11.1ubuntu0.1.dsc
Size/MD5: 854 9dee645790f928eb2641cd5719d9cb14
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
Size/MD5: 1926538 985e9f6d531ac0b2004f5cbebdeea87d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1ubuntu0.1_amd64.deb
Size/MD5: 118022 e108a51c8b3e66a817e790709a8a2fe6
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11.1ubuntu0.1_amd64.deb
Size/MD5: 69486 fe76fc6bbdd0a48f780ce1c3409f3e38
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11.1ubuntu0.1_amd64.deb
Size/MD5: 1257782 c03bcd7ce2128e5c9a9df983c9ae036e
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11.1ubuntu0.1_amd64.deb
Size/MD5: 118404 bd12f20af38061e666dc9383670ac1be
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11.1ubuntu0.1_amd64.deb
Size/MD5: 77568 7e5d42b00cb558fefb33dcd473d12823
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1ubuntu0.1_i386.deb
Size/MD5: 109694 898492b6a91dca7f82f77547454ef565
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11.1ubuntu0.1_i386.deb
Size/MD5: 65382 6fafb325b673ad5dc77ef0e3bd529790
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11.1ubuntu0.1_i386.deb
Size/MD5: 1192338 43c8cc47bb5dfb29bb412b34c3351494
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11.1ubuntu0.1_i386.deb
Size/MD5: 109900 1af0b014bb7d630381772931a8e15fbb
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11.1ubuntu0.1_i386.deb
Size/MD5: 71846 7d116391aacab2dd1ea70f7e91cf82c6
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1ubuntu0.1_lpia.deb
Size/MD5: 109572 c0ca55067b1ce35bce96e1daad6f205c
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-11.1ubuntu0.1_lpia.deb
Size/MD5: 64722 1bc11f70f96157ab0682b70c7520bc41
http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-11.1ubuntu0.1_lpia.deb
Size/MD5: 1210620 1e886cac5ec91e3b37e9fcb8ccf06e34
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11.1ubuntu0.1_lpia.deb
Size/MD5: 109686 5eb1bda6ec023f8fd2a4d34af3ade3e3
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-11.1ubuntu0.1_lpia.deb
Size/MD5: 71022 b9ef4e3a234246ab4f13182df12f46c5
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1ubuntu0.1_powerpc.deb
Size/MD5: 120124 6561cacb0a9277f16f5d779a88848faf
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-11.1ubuntu0.1_powerpc.deb
Size/MD5: 72616 c87f2376495cab70f64f22ac11b425e2
http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-11.1ubuntu0.1_powerpc.deb
Size/MD5: 1565012 7546b9c5f487122fcc4a53e417005c30
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11.1ubuntu0.1_powerpc.deb
Size/MD5: 120474 27069053c59af434c160518c94acaea2
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-11.1ubuntu0.1_powerpc.deb
Size/MD5: 85992 c8e01fe04ff180c25e08ebd061e1f68b
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1ubuntu0.1_sparc.deb
Size/MD5: 111832 6e0989b7b9560c3a624a55899cd7fefe
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-11.1ubuntu0.1_sparc.deb
Size/MD5: 64674 bcabe8e5e9cfce983af10d952fa98cc0
http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-11.1ubuntu0.1_sparc.deb
Size/MD5: 1225306 a27e3a3163ab34ba47ad1188892ab5bb
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11.1ubuntu0.1_sparc.deb
Size/MD5: 112074 b9b09cfb1a7d0788df0bdcaf357d2b47
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-11.1ubuntu0.1_sparc.deb
Size/MD5: 70576 0380c476d0963d7e1199bdd241ea9745
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-12ubuntu0.9.04.1.diff.gz
Size/MD5: 51469 78f6a3a70f29dbd3de3518e514d02422
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-12ubuntu0.9.04.1.dsc
Size/MD5: 1282 80711ad731ed5a21e5833c619a704050
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
Size/MD5: 1926538 985e9f6d531ac0b2004f5cbebdeea87d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu0.9.04.1_amd64.deb
Size/MD5: 121830 4bc7ad40944c79669dec055f51164935
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu0.9.04.1_amd64.deb
Size/MD5: 72256 97a7ea3c092d9b86ae8d545c2d1d84fb
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu0.9.04.1_amd64.deb
Size/MD5: 1296934 b72beb3e5414f3056b984d439d99a4dc
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu0.9.04.1_amd64.deb
Size/MD5: 122278 63ada11ecfbfa50f94fdcd387967469d
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu0.9.04.1_amd64.deb
Size/MD5: 80618 5d48a9178417752d7be3315eaece3f27
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu0.9.04.1_i386.deb
Size/MD5: 111308 d14be1569fc520a19e184c26fc04cbde
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu0.9.04.1_i386.deb
Size/MD5: 66492 6e726eda1a56f3aae21a9b70591cca81
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu0.9.04.1_i386.deb
Size/MD5: 1186290 fb1c74e6dc3c12bcdd457bd630f80992
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu0.9.04.1_i386.deb
Size/MD5: 111672 71fa30688904f6a31bb2f6dc37b975f7
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu0.9.04.1_i386.deb
Size/MD5: 73142 9120b99266e2656388176a62f39a7a50
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu0.9.04.1_lpia.deb
Size/MD5: 110408 31ca163db78bb9c9b39dcd3244c8477d
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu0.9.04.1_lpia.deb
Size/MD5: 65630 50e084e1a72f3254893f1ec0ac84be4d
http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu0.9.04.1_lpia.deb
Size/MD5: 1201782 1d6f93e3f57d93a03b4d8b91a0cb9911
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu0.9.04.1_lpia.deb
Size/MD5: 110626 f6321fc6b5b21ee71fbb3ecc4b16bc4f
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu0.9.04.1_lpia.deb
Size/MD5: 72080 e3621916b6c6bba581c809255b15ebca
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu0.9.04.1_powerpc.deb
Size/MD5: 121854 6e3fd3101ceeecfa7837d8de707c600a
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu0.9.04.1_powerpc.deb
Size/MD5: 73536 8c2191938c9cee81d7921590a9d56fab
http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu0.9.04.1_powerpc.deb
Size/MD5: 1538576 50b34ec3c1e0db222c5e4ceed3f37bd9
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu0.9.04.1_powerpc.deb
Size/MD5: 122248 74a1fb9fa84fcea1acbacd614a36e708
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu0.9.04.1_powerpc.deb
Size/MD5: 87142 f9358fb6afd6979ab48340bc565dfdea
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu0.9.04.1_sparc.deb
Size/MD5: 112342 2b684ce5b72ee3750945a918355161e1
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu0.9.04.1_sparc.deb
Size/MD5: 64712 f0e50d792616573dc7d91674a83b08c0
http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu0.9.04.1_sparc.deb
Size/MD5: 1246284 1cb781727174a6ddfcda7b33b531c24f
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu0.9.04.1_sparc.deb
Size/MD5: 112508 12681c89e6a0d6ef326a7880b5341480
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu0.9.04.1_sparc.deb
Size/MD5: 71044 009197a03432978b752c27fee372592f
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-12ubuntu1.1.diff.gz
Size/MD5: 53120 375beda86e990ccdeb84d02b40b3851b
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-12ubuntu1.1.dsc
Size/MD5: 1257 78896c4fdc3f1868969909b5ffff1939
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
Size/MD5: 1926538 985e9f6d531ac0b2004f5cbebdeea87d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu1.1_amd64.deb
Size/MD5: 122492 b025e6bdbca03bf37058f0ee8f04b97d
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu1.1_amd64.deb
Size/MD5: 72416 a821c3906f40e68cb7df777cec6f814e
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu1.1_amd64.deb
Size/MD5: 1348222 10f74fba9571b655abf0f1f42085f2c4
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu1.1_amd64.deb
Size/MD5: 122686 1c3bf9489e33a2de3d8d90fad517a19d
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu1.1_amd64.deb
Size/MD5: 81566 5c09e338a334e66a6d4d8cdad9eb5048
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu1.1_i386.deb
Size/MD5: 111216 ce88d5ca75781debfa4d15cb67ccd752
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu1.1_i386.deb
Size/MD5: 66856 41f52a3145cf0d1d02051699555117bb
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu1.1_i386.deb
Size/MD5: 1211310 1aea631cc8e4f02b2da393fec66bdfa4
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu1.1_i386.deb
Size/MD5: 111520 d1da86390c7ab5078c525bdfbca7a158
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu1.1_i386.deb
Size/MD5: 73548 7a6956b65b101594406c0d1b02790cac
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu1.1_lpia.deb
Size/MD5: 113570 772eddf36a0c9f21b3d433327d62c8f0
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu1.1_lpia.deb
Size/MD5: 67286 1ed7e5da818f11629a2e59ef9ae0a78d
http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu1.1_lpia.deb
Size/MD5: 1243552 54e53d3523abaab3f5560e67ac52c515
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu1.1_lpia.deb
Size/MD5: 113856 16b6015d780f2821562ff86ddb83415c
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu1.1_lpia.deb
Size/MD5: 73808 cb745c3040dbe1d53687c552d4ef4ea4
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu1.1_powerpc.deb
Size/MD5: 122284 8cc6227ad60468bc54d67cdff4ccb91a
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu1.1_powerpc.deb
Size/MD5: 71634 0c1e14204679de44cecb795e85bb0c09
http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu1.1_powerpc.deb
Size/MD5: 1318546 d7f3262ec9a653a8c9339497711c6208
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu1.1_powerpc.deb
Size/MD5: 122598 ca549e7822edcfe54ce200807add4c1e
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu1.1_powerpc.deb
Size/MD5: 78774 9838760022680b9f11fbb721d03d9083
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu1.1_sparc.deb
Size/MD5: 113092 ee85fec79393b6020ee5433f8807c689
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu1.1_sparc.deb
Size/MD5: 65292 9486fa0af4b42ceb37fe27785efb1389
http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu1.1_sparc.deb
Size/MD5: 1284554 15646f57449988a7357798ae145c64eb
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu1.1_sparc.deb
Size/MD5: 113268 c44b7fe9a19d28aa369d651b37b46a75
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu1.1_sparc.deb
Size/MD5: 71674 cbe97c529ddbeb4db88bf93ea7359f41
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists