[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1226010147.9467.7.camel@mdlinux>
Date: Thu, 06 Nov 2008 17:22:27 -0500
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-665-1] Netpbm vulnerability
===========================================================
Ubuntu Security Notice USN-665-1 November 06, 2008
netpbm-free vulnerability
CVE-2008-0554
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
netpbm 2:10.0-10ubuntu1.1
Ubuntu 7.10:
netpbm 2:10.0-11ubuntu0.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that Netpbm could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted
GIF image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-10ubuntu1.1.diff.gz
Size/MD5: 47416 8c934de07a571397513476c437cabb2f
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-10ubuntu1.1.dsc
Size/MD5: 1177 8f3609a5895ebad9690b9775566598fe
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
Size/MD5: 1926538 985e9f6d531ac0b2004f5cbebdeea87d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-10ubuntu1.1_amd64.deb
Size/MD5: 117090 c98ea1eed4289c4c50a8506a059f1012
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-10ubuntu1.1_amd64.deb
Size/MD5: 67988 7c8c79e7157b4270e786689b70afebcc
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-10ubuntu1.1_amd64.deb
Size/MD5: 1240542 c83dcf0458f61476e3cbf8e3b973aae2
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-10ubuntu1.1_amd64.deb
Size/MD5: 117554 0ade156c94cbd5f0c902720a17a36b91
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-10ubuntu1.1_amd64.deb
Size/MD5: 76128 76f13c6a58ee22b753513baea9ee9b4c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-10ubuntu1.1_i386.deb
Size/MD5: 107600 61fac1e5c74250be84d52fd6725ab685
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-10ubuntu1.1_i386.deb
Size/MD5: 61830 da159f82fb4ee67a3a6c33d6e35042e9
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-10ubuntu1.1_i386.deb
Size/MD5: 1158566 6c9f3d48e61081bd08fdef781e66f3ef
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-10ubuntu1.1_i386.deb
Size/MD5: 107768 6c9a5ffa2597bb4c140098ba6aee52f8
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-10ubuntu1.1_i386.deb
Size/MD5: 68350 f294764496a8886ec136bb28d9d9fc14
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-10ubuntu1.1_powerpc.deb
Size/MD5: 118684 74b6e583202c40ff700c34a8526364cb
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-10ubuntu1.1_powerpc.deb
Size/MD5: 67920 1f5136910fa28a67c0f502da278e23c2
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-10ubuntu1.1_powerpc.deb
Size/MD5: 1433978 584ef3d723e3a1be63d493c2b9fd7799
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-10ubuntu1.1_powerpc.deb
Size/MD5: 119082 a0f1c6d1fcdcf0751232728d074488eb
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-10ubuntu1.1_powerpc.deb
Size/MD5: 78724 d5c49cdfb811c9f10dad44fb098a09b4
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-10ubuntu1.1_sparc.deb
Size/MD5: 111480 cc24c22f5ed7c2d993dff941ca1278d2
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-10ubuntu1.1_sparc.deb
Size/MD5: 62984 cd32c55c8d99a810046d1e852876db66
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-10ubuntu1.1_sparc.deb
Size/MD5: 1192324 ae062ef40a1cc92a5927b1d4aada29a7
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-10ubuntu1.1_sparc.deb
Size/MD5: 111684 c2141a22c826a11065214829f8391c68
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-10ubuntu1.1_sparc.deb
Size/MD5: 68932 35081c20279458fa43675fb68e2590b1
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-11ubuntu0.1.diff.gz
Size/MD5: 50599 0558b91bb50122e9b8d97db673547f1c
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-11ubuntu0.1.dsc
Size/MD5: 1261 885d22265365eda670af9b89253ae1df
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
Size/MD5: 1926538 985e9f6d531ac0b2004f5cbebdeea87d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11ubuntu0.1_amd64.deb
Size/MD5: 117796 949f0dd3e907cefed173791194f4569c
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11ubuntu0.1_amd64.deb
Size/MD5: 69278 727407bf53689821cdc4f1a5d160687b
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11ubuntu0.1_amd64.deb
Size/MD5: 1259144 42f2b5a581deaf809c831fd5142fc3df
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11ubuntu0.1_amd64.deb
Size/MD5: 118266 9ff4f5fa4973cbc142255afadbfc6642
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11ubuntu0.1_amd64.deb
Size/MD5: 77262 d5666a23440e23e4cf8c2bb77adbfd64
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11ubuntu0.1_i386.deb
Size/MD5: 109480 d18aadd3ceed2454beb3358111799b24
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11ubuntu0.1_i386.deb
Size/MD5: 65090 9c5cd559bf82a9d8cb3050f7641b5030
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11ubuntu0.1_i386.deb
Size/MD5: 1193458 afa6c3e0a74b0c690625767b31cdf3b5
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11ubuntu0.1_i386.deb
Size/MD5: 109640 ccd27f32c25b529c51e751821a1adc14
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11ubuntu0.1_i386.deb
Size/MD5: 71574 52e294370c9f5239bd4ea018f66132d3
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11ubuntu0.1_lpia.deb
Size/MD5: 109476 99c83cb6461416e9dcbf004defb67783
http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-11ubuntu0.1_lpia.deb
Size/MD5: 64636 b009900becf643ce5da0ebe0f7994bc4
http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-11ubuntu0.1_lpia.deb
Size/MD5: 1210064 1dbfa228b0a857bb517c068a1823b875
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11ubuntu0.1_lpia.deb
Size/MD5: 109596 4356f5e395921e3d1ca1f9c916705d33
http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-11ubuntu0.1_lpia.deb
Size/MD5: 70978 c6ba0efc2b1cdc0d04de9c670db3ee88
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11ubuntu0.1_powerpc.deb
Size/MD5: 119718 f6c14468c7d34aad12aa44e20a34ee8c
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11ubuntu0.1_powerpc.deb
Size/MD5: 72230 d717b745f707bfda7f266c3fb654b913
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11ubuntu0.1_powerpc.deb
Size/MD5: 1570838 9456e2d126e50e7569a0c7f35ecefb72
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11ubuntu0.1_powerpc.deb
Size/MD5: 120036 3fd5889c1ccab9d5f2b8a9718fb810ca
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11ubuntu0.1_powerpc.deb
Size/MD5: 85384 7575c0ac65d2d748cf4946ba1ccac931
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11ubuntu0.1_sparc.deb
Size/MD5: 112128 d073826b938434f12d3fea1b2c8de8f4
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11ubuntu0.1_sparc.deb
Size/MD5: 64596 390b364d2efb37312a6470da82601417
http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11ubuntu0.1_sparc.deb
Size/MD5: 1239510 d8c259674b5241bd23702f36ed7572f9
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11ubuntu0.1_sparc.deb
Size/MD5: 112318 ce2e6033bca4f16fafaf608b22d87150
http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11ubuntu0.1_sparc.deb
Size/MD5: 70588 332d02f00dafb2f4ac5b72fb5a04de56
Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists