lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1226010147.9467.7.camel@mdlinux>
Date: Thu, 06 Nov 2008 17:22:27 -0500
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-665-1] Netpbm vulnerability

===========================================================
Ubuntu Security Notice USN-665-1          November 06, 2008
netpbm-free vulnerability
CVE-2008-0554
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  netpbm                          2:10.0-10ubuntu1.1

Ubuntu 7.10:
  netpbm                          2:10.0-11ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Netpbm could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted
GIF image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-10ubuntu1.1.diff.gz
      Size/MD5:    47416 8c934de07a571397513476c437cabb2f
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-10ubuntu1.1.dsc
      Size/MD5:     1177 8f3609a5895ebad9690b9775566598fe
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
      Size/MD5:  1926538 985e9f6d531ac0b2004f5cbebdeea87d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-10ubuntu1.1_amd64.deb
      Size/MD5:   117090 c98ea1eed4289c4c50a8506a059f1012
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-10ubuntu1.1_amd64.deb
      Size/MD5:    67988 7c8c79e7157b4270e786689b70afebcc
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-10ubuntu1.1_amd64.deb
      Size/MD5:  1240542 c83dcf0458f61476e3cbf8e3b973aae2
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-10ubuntu1.1_amd64.deb
      Size/MD5:   117554 0ade156c94cbd5f0c902720a17a36b91
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-10ubuntu1.1_amd64.deb
      Size/MD5:    76128 76f13c6a58ee22b753513baea9ee9b4c

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-10ubuntu1.1_i386.deb
      Size/MD5:   107600 61fac1e5c74250be84d52fd6725ab685
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-10ubuntu1.1_i386.deb
      Size/MD5:    61830 da159f82fb4ee67a3a6c33d6e35042e9
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-10ubuntu1.1_i386.deb
      Size/MD5:  1158566 6c9f3d48e61081bd08fdef781e66f3ef
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-10ubuntu1.1_i386.deb
      Size/MD5:   107768 6c9a5ffa2597bb4c140098ba6aee52f8
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-10ubuntu1.1_i386.deb
      Size/MD5:    68350 f294764496a8886ec136bb28d9d9fc14

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-10ubuntu1.1_powerpc.deb
      Size/MD5:   118684 74b6e583202c40ff700c34a8526364cb
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-10ubuntu1.1_powerpc.deb
      Size/MD5:    67920 1f5136910fa28a67c0f502da278e23c2
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-10ubuntu1.1_powerpc.deb
      Size/MD5:  1433978 584ef3d723e3a1be63d493c2b9fd7799
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-10ubuntu1.1_powerpc.deb
      Size/MD5:   119082 a0f1c6d1fcdcf0751232728d074488eb
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-10ubuntu1.1_powerpc.deb
      Size/MD5:    78724 d5c49cdfb811c9f10dad44fb098a09b4

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-10ubuntu1.1_sparc.deb
      Size/MD5:   111480 cc24c22f5ed7c2d993dff941ca1278d2
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-10ubuntu1.1_sparc.deb
      Size/MD5:    62984 cd32c55c8d99a810046d1e852876db66
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-10ubuntu1.1_sparc.deb
      Size/MD5:  1192324 ae062ef40a1cc92a5927b1d4aada29a7
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-10ubuntu1.1_sparc.deb
      Size/MD5:   111684 c2141a22c826a11065214829f8391c68
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-10ubuntu1.1_sparc.deb
      Size/MD5:    68932 35081c20279458fa43675fb68e2590b1

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-11ubuntu0.1.diff.gz
      Size/MD5:    50599 0558b91bb50122e9b8d97db673547f1c
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-11ubuntu0.1.dsc
      Size/MD5:     1261 885d22265365eda670af9b89253ae1df
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
      Size/MD5:  1926538 985e9f6d531ac0b2004f5cbebdeea87d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11ubuntu0.1_amd64.deb
      Size/MD5:   117796 949f0dd3e907cefed173791194f4569c
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11ubuntu0.1_amd64.deb
      Size/MD5:    69278 727407bf53689821cdc4f1a5d160687b
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11ubuntu0.1_amd64.deb
      Size/MD5:  1259144 42f2b5a581deaf809c831fd5142fc3df
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11ubuntu0.1_amd64.deb
      Size/MD5:   118266 9ff4f5fa4973cbc142255afadbfc6642
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11ubuntu0.1_amd64.deb
      Size/MD5:    77262 d5666a23440e23e4cf8c2bb77adbfd64

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11ubuntu0.1_i386.deb
      Size/MD5:   109480 d18aadd3ceed2454beb3358111799b24
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11ubuntu0.1_i386.deb
      Size/MD5:    65090 9c5cd559bf82a9d8cb3050f7641b5030
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11ubuntu0.1_i386.deb
      Size/MD5:  1193458 afa6c3e0a74b0c690625767b31cdf3b5
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11ubuntu0.1_i386.deb
      Size/MD5:   109640 ccd27f32c25b529c51e751821a1adc14
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11ubuntu0.1_i386.deb
      Size/MD5:    71574 52e294370c9f5239bd4ea018f66132d3

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11ubuntu0.1_lpia.deb
      Size/MD5:   109476 99c83cb6461416e9dcbf004defb67783
    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-11ubuntu0.1_lpia.deb
      Size/MD5:    64636 b009900becf643ce5da0ebe0f7994bc4
    http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-11ubuntu0.1_lpia.deb
      Size/MD5:  1210064 1dbfa228b0a857bb517c068a1823b875
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11ubuntu0.1_lpia.deb
      Size/MD5:   109596 4356f5e395921e3d1ca1f9c916705d33
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-11ubuntu0.1_lpia.deb
      Size/MD5:    70978 c6ba0efc2b1cdc0d04de9c670db3ee88

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11ubuntu0.1_powerpc.deb
      Size/MD5:   119718 f6c14468c7d34aad12aa44e20a34ee8c
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11ubuntu0.1_powerpc.deb
      Size/MD5:    72230 d717b745f707bfda7f266c3fb654b913
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11ubuntu0.1_powerpc.deb
      Size/MD5:  1570838 9456e2d126e50e7569a0c7f35ecefb72
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11ubuntu0.1_powerpc.deb
      Size/MD5:   120036 3fd5889c1ccab9d5f2b8a9718fb810ca
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11ubuntu0.1_powerpc.deb
      Size/MD5:    85384 7575c0ac65d2d748cf4946ba1ccac931

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11ubuntu0.1_sparc.deb
      Size/MD5:   112128 d073826b938434f12d3fea1b2c8de8f4
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11ubuntu0.1_sparc.deb
      Size/MD5:    64596 390b364d2efb37312a6470da82601417
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11ubuntu0.1_sparc.deb
      Size/MD5:  1239510 d8c259674b5241bd23702f36ed7572f9
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11ubuntu0.1_sparc.deb
      Size/MD5:   112318 ce2e6033bca4f16fafaf608b22d87150
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11ubuntu0.1_sparc.deb
      Size/MD5:    70588 332d02f00dafb2f4ac5b72fb5a04de56



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ