lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100430015238.GA21911@severus.strandboge.com>
Date: Thu, 29 Apr 2010 20:52:38 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-934-1] Netpbm vulnerability

===========================================================
Ubuntu Security Notice USN-934-1             April 29, 2010
netpbm-free vulnerability
CVE-2009-4274
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  netpbm                          2:10.0-11.1ubuntu0.1

Ubuntu 9.04:
  netpbm                          2:10.0-12ubuntu0.9.04.1

Ubuntu 9.10:
  netpbm                          2:10.0-12ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Marc Schoenefeld discovered a buffer overflow in Netpbm when loading
certain images. If a user or automated system were tricked into opening a
specially crafted XPM image, a remote attacker could crash Netpbm. The
default compiler options for affected releases should reduce the
vulnerability to a denial of service.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-11.1ubuntu0.1.diff.gz
      Size/MD5:    51396 3b933cdaeeb90688e5d542dea6cbe199
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-11.1ubuntu0.1.dsc
      Size/MD5:      854 9dee645790f928eb2641cd5719d9cb14
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
      Size/MD5:  1926538 985e9f6d531ac0b2004f5cbebdeea87d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1ubuntu0.1_amd64.deb
      Size/MD5:   118022 e108a51c8b3e66a817e790709a8a2fe6
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11.1ubuntu0.1_amd64.deb
      Size/MD5:    69486 fe76fc6bbdd0a48f780ce1c3409f3e38
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11.1ubuntu0.1_amd64.deb
      Size/MD5:  1257782 c03bcd7ce2128e5c9a9df983c9ae036e
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11.1ubuntu0.1_amd64.deb
      Size/MD5:   118404 bd12f20af38061e666dc9383670ac1be
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11.1ubuntu0.1_amd64.deb
      Size/MD5:    77568 7e5d42b00cb558fefb33dcd473d12823

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1ubuntu0.1_i386.deb
      Size/MD5:   109694 898492b6a91dca7f82f77547454ef565
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11.1ubuntu0.1_i386.deb
      Size/MD5:    65382 6fafb325b673ad5dc77ef0e3bd529790
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11.1ubuntu0.1_i386.deb
      Size/MD5:  1192338 43c8cc47bb5dfb29bb412b34c3351494
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11.1ubuntu0.1_i386.deb
      Size/MD5:   109900 1af0b014bb7d630381772931a8e15fbb
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11.1ubuntu0.1_i386.deb
      Size/MD5:    71846 7d116391aacab2dd1ea70f7e91cf82c6

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1ubuntu0.1_lpia.deb
      Size/MD5:   109572 c0ca55067b1ce35bce96e1daad6f205c
    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-11.1ubuntu0.1_lpia.deb
      Size/MD5:    64722 1bc11f70f96157ab0682b70c7520bc41
    http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-11.1ubuntu0.1_lpia.deb
      Size/MD5:  1210620 1e886cac5ec91e3b37e9fcb8ccf06e34
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11.1ubuntu0.1_lpia.deb
      Size/MD5:   109686 5eb1bda6ec023f8fd2a4d34af3ade3e3
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-11.1ubuntu0.1_lpia.deb
      Size/MD5:    71022 b9ef4e3a234246ab4f13182df12f46c5

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1ubuntu0.1_powerpc.deb
      Size/MD5:   120124 6561cacb0a9277f16f5d779a88848faf
    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-11.1ubuntu0.1_powerpc.deb
      Size/MD5:    72616 c87f2376495cab70f64f22ac11b425e2
    http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-11.1ubuntu0.1_powerpc.deb
      Size/MD5:  1565012 7546b9c5f487122fcc4a53e417005c30
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11.1ubuntu0.1_powerpc.deb
      Size/MD5:   120474 27069053c59af434c160518c94acaea2
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-11.1ubuntu0.1_powerpc.deb
      Size/MD5:    85992 c8e01fe04ff180c25e08ebd061e1f68b

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1ubuntu0.1_sparc.deb
      Size/MD5:   111832 6e0989b7b9560c3a624a55899cd7fefe
    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-11.1ubuntu0.1_sparc.deb
      Size/MD5:    64674 bcabe8e5e9cfce983af10d952fa98cc0
    http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-11.1ubuntu0.1_sparc.deb
      Size/MD5:  1225306 a27e3a3163ab34ba47ad1188892ab5bb
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11.1ubuntu0.1_sparc.deb
      Size/MD5:   112074 b9b09cfb1a7d0788df0bdcaf357d2b47
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-11.1ubuntu0.1_sparc.deb
      Size/MD5:    70576 0380c476d0963d7e1199bdd241ea9745

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-12ubuntu0.9.04.1.diff.gz
      Size/MD5:    51469 78f6a3a70f29dbd3de3518e514d02422
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-12ubuntu0.9.04.1.dsc
      Size/MD5:     1282 80711ad731ed5a21e5833c619a704050
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
      Size/MD5:  1926538 985e9f6d531ac0b2004f5cbebdeea87d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu0.9.04.1_amd64.deb
      Size/MD5:   121830 4bc7ad40944c79669dec055f51164935
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu0.9.04.1_amd64.deb
      Size/MD5:    72256 97a7ea3c092d9b86ae8d545c2d1d84fb
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu0.9.04.1_amd64.deb
      Size/MD5:  1296934 b72beb3e5414f3056b984d439d99a4dc
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu0.9.04.1_amd64.deb
      Size/MD5:   122278 63ada11ecfbfa50f94fdcd387967469d
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu0.9.04.1_amd64.deb
      Size/MD5:    80618 5d48a9178417752d7be3315eaece3f27

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu0.9.04.1_i386.deb
      Size/MD5:   111308 d14be1569fc520a19e184c26fc04cbde
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu0.9.04.1_i386.deb
      Size/MD5:    66492 6e726eda1a56f3aae21a9b70591cca81
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu0.9.04.1_i386.deb
      Size/MD5:  1186290 fb1c74e6dc3c12bcdd457bd630f80992
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu0.9.04.1_i386.deb
      Size/MD5:   111672 71fa30688904f6a31bb2f6dc37b975f7
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu0.9.04.1_i386.deb
      Size/MD5:    73142 9120b99266e2656388176a62f39a7a50

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu0.9.04.1_lpia.deb
      Size/MD5:   110408 31ca163db78bb9c9b39dcd3244c8477d
    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu0.9.04.1_lpia.deb
      Size/MD5:    65630 50e084e1a72f3254893f1ec0ac84be4d
    http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu0.9.04.1_lpia.deb
      Size/MD5:  1201782 1d6f93e3f57d93a03b4d8b91a0cb9911
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu0.9.04.1_lpia.deb
      Size/MD5:   110626 f6321fc6b5b21ee71fbb3ecc4b16bc4f
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu0.9.04.1_lpia.deb
      Size/MD5:    72080 e3621916b6c6bba581c809255b15ebca

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu0.9.04.1_powerpc.deb
      Size/MD5:   121854 6e3fd3101ceeecfa7837d8de707c600a
    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu0.9.04.1_powerpc.deb
      Size/MD5:    73536 8c2191938c9cee81d7921590a9d56fab
    http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu0.9.04.1_powerpc.deb
      Size/MD5:  1538576 50b34ec3c1e0db222c5e4ceed3f37bd9
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu0.9.04.1_powerpc.deb
      Size/MD5:   122248 74a1fb9fa84fcea1acbacd614a36e708
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu0.9.04.1_powerpc.deb
      Size/MD5:    87142 f9358fb6afd6979ab48340bc565dfdea

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu0.9.04.1_sparc.deb
      Size/MD5:   112342 2b684ce5b72ee3750945a918355161e1
    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu0.9.04.1_sparc.deb
      Size/MD5:    64712 f0e50d792616573dc7d91674a83b08c0
    http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu0.9.04.1_sparc.deb
      Size/MD5:  1246284 1cb781727174a6ddfcda7b33b531c24f
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu0.9.04.1_sparc.deb
      Size/MD5:   112508 12681c89e6a0d6ef326a7880b5341480
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu0.9.04.1_sparc.deb
      Size/MD5:    71044 009197a03432978b752c27fee372592f

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-12ubuntu1.1.diff.gz
      Size/MD5:    53120 375beda86e990ccdeb84d02b40b3851b
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-12ubuntu1.1.dsc
      Size/MD5:     1257 78896c4fdc3f1868969909b5ffff1939
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
      Size/MD5:  1926538 985e9f6d531ac0b2004f5cbebdeea87d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu1.1_amd64.deb
      Size/MD5:   122492 b025e6bdbca03bf37058f0ee8f04b97d
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu1.1_amd64.deb
      Size/MD5:    72416 a821c3906f40e68cb7df777cec6f814e
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu1.1_amd64.deb
      Size/MD5:  1348222 10f74fba9571b655abf0f1f42085f2c4
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu1.1_amd64.deb
      Size/MD5:   122686 1c3bf9489e33a2de3d8d90fad517a19d
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu1.1_amd64.deb
      Size/MD5:    81566 5c09e338a334e66a6d4d8cdad9eb5048

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu1.1_i386.deb
      Size/MD5:   111216 ce88d5ca75781debfa4d15cb67ccd752
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu1.1_i386.deb
      Size/MD5:    66856 41f52a3145cf0d1d02051699555117bb
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu1.1_i386.deb
      Size/MD5:  1211310 1aea631cc8e4f02b2da393fec66bdfa4
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu1.1_i386.deb
      Size/MD5:   111520 d1da86390c7ab5078c525bdfbca7a158
    http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu1.1_i386.deb
      Size/MD5:    73548 7a6956b65b101594406c0d1b02790cac

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu1.1_lpia.deb
      Size/MD5:   113570 772eddf36a0c9f21b3d433327d62c8f0
    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu1.1_lpia.deb
      Size/MD5:    67286 1ed7e5da818f11629a2e59ef9ae0a78d
    http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu1.1_lpia.deb
      Size/MD5:  1243552 54e53d3523abaab3f5560e67ac52c515
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu1.1_lpia.deb
      Size/MD5:   113856 16b6015d780f2821562ff86ddb83415c
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu1.1_lpia.deb
      Size/MD5:    73808 cb745c3040dbe1d53687c552d4ef4ea4

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu1.1_powerpc.deb
      Size/MD5:   122284 8cc6227ad60468bc54d67cdff4ccb91a
    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu1.1_powerpc.deb
      Size/MD5:    71634 0c1e14204679de44cecb795e85bb0c09
    http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu1.1_powerpc.deb
      Size/MD5:  1318546 d7f3262ec9a653a8c9339497711c6208
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu1.1_powerpc.deb
      Size/MD5:   122598 ca549e7822edcfe54ce200807add4c1e
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu1.1_powerpc.deb
      Size/MD5:    78774 9838760022680b9f11fbb721d03d9083

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu1.1_sparc.deb
      Size/MD5:   113092 ee85fec79393b6020ee5433f8807c689
    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu1.1_sparc.deb
      Size/MD5:    65292 9486fa0af4b42ceb37fe27785efb1389
    http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu1.1_sparc.deb
      Size/MD5:  1284554 15646f57449988a7357798ae145c64eb
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu1.1_sparc.deb
      Size/MD5:   113268 c44b7fe9a19d28aa369d651b37b46a75
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu1.1_sparc.deb
      Size/MD5:    71674 cbe97c529ddbeb4db88bf93ea7359f41




Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ