lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NhoZ7-0003YY-39@titan.mandriva.com>
Date: Wed, 17 Feb 2010 19:24:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:039 ] netpbm


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:039
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : netpbm
 Date    : February 17, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
           Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability have been discovered and corrected in netpbm:
 
 Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm
 before 10.47.07 allows context-dependent attackers to cause a denial
 of service (application crash) or possibly execute arbitrary code
 via an XPM image file that contains a crafted header field associated
 with a large color index value (CVE-2009-4274).
 
 Packages for 2008.0 are provided for Corporate Desktop 2008.0
 customers.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4274
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 8bcad87072eb2e7bc56fb0dd5b85259a  2008.0/i586/libnetpbm10-10.34-8.4mdv2008.0.i586.rpm
 59ed2a66a9b7ba7892e8eca4fb13881c  2008.0/i586/libnetpbm-devel-10.34-8.4mdv2008.0.i586.rpm
 531166ffe9840c4acc26df23709e22fd  2008.0/i586/libnetpbm-static-devel-10.34-8.4mdv2008.0.i586.rpm
 2a84ec450978bf42f52a5e769c1cae9d  2008.0/i586/netpbm-10.34-8.4mdv2008.0.i586.rpm 
 575de6109fea969f98e92e94b042dda0  2008.0/SRPMS/netpbm-10.34-8.4mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 290a4caf55e0363712b56c275ba04ce0  2008.0/x86_64/lib64netpbm10-10.34-8.4mdv2008.0.x86_64.rpm
 f6ae08756eaa4dce2627a85085e17b46  2008.0/x86_64/lib64netpbm-devel-10.34-8.4mdv2008.0.x86_64.rpm
 2b49a1468231d86ad516b747af7984c2  2008.0/x86_64/lib64netpbm-static-devel-10.34-8.4mdv2008.0.x86_64.rpm
 e866478a921c955840a333ecf80ac46c  2008.0/x86_64/netpbm-10.34-8.4mdv2008.0.x86_64.rpm 
 575de6109fea969f98e92e94b042dda0  2008.0/SRPMS/netpbm-10.34-8.4mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 ee1ea92d859e3e7373775fe5a3a22bbb  2009.0/i586/libnetpbm10-10.35.46-1.2mdv2009.0.i586.rpm
 ace5a3ba900ad6a557588475e3bef3a8  2009.0/i586/libnetpbm-devel-10.35.46-1.2mdv2009.0.i586.rpm
 00b33b00223a2cc933b4c8ec0f0abdb1  2009.0/i586/libnetpbm-static-devel-10.35.46-1.2mdv2009.0.i586.rpm
 bd9d8c7dbf383bd9784f64557d63b5fc  2009.0/i586/netpbm-10.35.46-1.2mdv2009.0.i586.rpm 
 bfd3a9bc163067b71537abc9d400ff00  2009.0/SRPMS/netpbm-10.35.46-1.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 f635d7ef616dee3da2a71674daeaaf52  2009.0/x86_64/lib64netpbm10-10.35.46-1.2mdv2009.0.x86_64.rpm
 365fe028aa3a53a6bc7929a5bbbef00f  2009.0/x86_64/lib64netpbm-devel-10.35.46-1.2mdv2009.0.x86_64.rpm
 c3dbd8ad3f9b592e39a8f2141c872a45  2009.0/x86_64/lib64netpbm-static-devel-10.35.46-1.2mdv2009.0.x86_64.rpm
 e5a66e406c325bfab3be1552d0b07898  2009.0/x86_64/netpbm-10.35.46-1.2mdv2009.0.x86_64.rpm 
 bfd3a9bc163067b71537abc9d400ff00  2009.0/SRPMS/netpbm-10.35.46-1.2mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 779d04e7a3aaebcad8466198512da832  2009.1/i586/libnetpbm10-10.35.59-1.1mdv2009.1.i586.rpm
 cab822b6ada4810e636f59fd5f973f89  2009.1/i586/libnetpbm-devel-10.35.59-1.1mdv2009.1.i586.rpm
 a3368b94646adc06eaf89ce10eb5a2b9  2009.1/i586/libnetpbm-static-devel-10.35.59-1.1mdv2009.1.i586.rpm
 93b6279a74590026b1e16ea7473ddb97  2009.1/i586/netpbm-10.35.59-1.1mdv2009.1.i586.rpm 
 55555730694672069956ccccaa0d890b  2009.1/SRPMS/netpbm-10.35.59-1.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 8f412a3a9e0a3655c6431f75d2694ef9  2009.1/x86_64/lib64netpbm10-10.35.59-1.1mdv2009.1.x86_64.rpm
 3ff3df2d1bd3ae81be50de6f62c81cf4  2009.1/x86_64/lib64netpbm-devel-10.35.59-1.1mdv2009.1.x86_64.rpm
 bc23d8105469a7d597b71bf51d49dcb8  2009.1/x86_64/lib64netpbm-static-devel-10.35.59-1.1mdv2009.1.x86_64.rpm
 5a5158cf3c372be6c9a0db33e026f1f7  2009.1/x86_64/netpbm-10.35.59-1.1mdv2009.1.x86_64.rpm 
 55555730694672069956ccccaa0d890b  2009.1/SRPMS/netpbm-10.35.59-1.1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 4fa5cc0fd4bc8a7886d33c6ba937e701  2010.0/i586/libnetpbm10-10.35.64-4.1mdv2010.0.i586.rpm
 aeecf29a8b0ba59493cee20f7057356d  2010.0/i586/libnetpbm-devel-10.35.64-4.1mdv2010.0.i586.rpm
 e2fa1d2b95b9adeb79bbb3fab08a2b6d  2010.0/i586/libnetpbm-static-devel-10.35.64-4.1mdv2010.0.i586.rpm
 c11938419e48ae2ac9d237955324e899  2010.0/i586/netpbm-10.35.64-4.1mdv2010.0.i586.rpm 
 efb8bf31dfedfe90726c343daa917e1a  2010.0/SRPMS/netpbm-10.35.64-4.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 7d1d1796786b7001c3120fdbd39c6ce2  2010.0/x86_64/lib64netpbm10-10.35.64-4.1mdv2010.0.x86_64.rpm
 5c36756ee54b446e5769490f38d9c7a9  2010.0/x86_64/lib64netpbm-devel-10.35.64-4.1mdv2010.0.x86_64.rpm
 d87677cb5902e4b770da31d09d5074ee  2010.0/x86_64/lib64netpbm-static-devel-10.35.64-4.1mdv2010.0.x86_64.rpm
 d50867f0735a4dc22292d2e5e86a36fa  2010.0/x86_64/netpbm-10.35.64-4.1mdv2010.0.x86_64.rpm 
 efb8bf31dfedfe90726c343daa917e1a  2010.0/SRPMS/netpbm-10.35.64-4.1mdv2010.0.src.rpm

 Corporate 4.0:
 4ce1174f09ffd1a201d2700d92eb9159  corporate/4.0/i586/libnetpbm10-10.29-1.7.20060mlcs4.i586.rpm
 0b23ea99e1ef82b0269b451c8a3c8ca5  corporate/4.0/i586/libnetpbm10-devel-10.29-1.7.20060mlcs4.i586.rpm
 ed76d9c0709dd4096bb048c606949496  corporate/4.0/i586/libnetpbm10-static-devel-10.29-1.7.20060mlcs4.i586.rpm
 eb98ce5306a3d4f48f86f9eb0ff651cb  corporate/4.0/i586/netpbm-10.29-1.7.20060mlcs4.i586.rpm 
 ca94f75da48df2b08f0738885e699d10  corporate/4.0/SRPMS/netpbm-10.29-1.7.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 601edb209c88048519d828436aaa87a4  corporate/4.0/x86_64/lib64netpbm10-10.29-1.7.20060mlcs4.x86_64.rpm
 b9fa69d18db9736e078a4a37f0e8dd53  corporate/4.0/x86_64/lib64netpbm10-devel-10.29-1.7.20060mlcs4.x86_64.rpm
 008db822b44e044cffd17654a931edba  corporate/4.0/x86_64/lib64netpbm10-static-devel-10.29-1.7.20060mlcs4.x86_64.rpm
 03b9c9b998d779d41d199d4fe4fc7ba3  corporate/4.0/x86_64/netpbm-10.29-1.7.20060mlcs4.x86_64.rpm 
 ca94f75da48df2b08f0738885e699d10  corporate/4.0/SRPMS/netpbm-10.29-1.7.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 c63f9537584cf106e536f7d83bc54081  mes5/i586/libnetpbm10-10.35.46-1.2mdvmes5.i586.rpm
 986eff41c0358f28b28f611fd249adf3  mes5/i586/libnetpbm-devel-10.35.46-1.2mdvmes5.i586.rpm
 816e2b8b6ad495cc614a3e2173121e5c  mes5/i586/libnetpbm-static-devel-10.35.46-1.2mdvmes5.i586.rpm
 5e45816cc9bec160a2320d303b13f8a6  mes5/i586/netpbm-10.35.46-1.2mdvmes5.i586.rpm 
 2713691fd47d18d4af1467db4ca7329c  mes5/SRPMS/netpbm-10.35.46-1.2mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 e3368f94a486303a50f9abce9f7d657a  mes5/x86_64/lib64netpbm10-10.35.46-1.2mdvmes5.x86_64.rpm
 6f83d0317f9571169c4fe0db914529d9  mes5/x86_64/lib64netpbm-devel-10.35.46-1.2mdvmes5.x86_64.rpm
 6c844b6530612960b3bbf1ac0d701faf  mes5/x86_64/lib64netpbm-static-devel-10.35.46-1.2mdvmes5.x86_64.rpm
 793de9149882fb1cf01733a04fd5e617  mes5/x86_64/netpbm-10.35.46-1.2mdvmes5.x86_64.rpm 
 2713691fd47d18d4af1467db4ca7329c  mes5/SRPMS/netpbm-10.35.46-1.2mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLfAR2mqjQ0CJFipgRAm3UAKDD0sda+6F2DGdFVR1NArF0GU5qCgCgu+ON
BjPj/Zm5Th1AhYlHWW7nQfY=
=HT3Q
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ