[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 904-1] New netpbm packages fix arbitrary code execution



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 904-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
November 21st, 2005                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : netpbm-free
Vulnerability  : buffer overflows
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2005-3632

Greg Roelofs discovered and fixed several buffer overflows in pnmtopng
which is also included in netpbm, a collection of graphic conversion
utilities, that can lead to the execution of arbitrary code via a
specially crafted PNM file.

For the old stable distribution (woody) these problems have been fixed in
version 9.20-8.5.

For the stable distribution (sarge) these problems have been fixed in
version 10.0-8sarge2.

For the unstable distribution (sid) these problems will be fixed in
version 10.0-11.

We recommend that you upgrade your netpbm package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.5.dsc
      Size/MD5 checksum:      662 96a668f0bb42e934723b9b817689cc15
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.5.diff.gz
      Size/MD5 checksum:    53572 9f2a3165379c73a32e804b204b9b1e59
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20.orig.tar.gz
      Size/MD5 checksum:  1882851 0f153116c21bc7d2e167e574a486c22f

  Alpha architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_alpha.deb
      Size/MD5 checksum:    77848 627c196dd4639c50f6da9690496be51e
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_alpha.deb
      Size/MD5 checksum:   135546 806a23dbf8413a1f843aa11fbbfa781b
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_alpha.deb
      Size/MD5 checksum:  1414082 fa04a52a558e6c669be2d094f93a4e56

  ARM architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_arm.deb
      Size/MD5 checksum:    64254 6f3e8baa362a0a3bbaa786c6a407d650
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_arm.deb
      Size/MD5 checksum:   125610 74820b9a024736466427ce1d11a6adcd
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_arm.deb
      Size/MD5 checksum:  1127918 4a832be9b32a6f862587021e25fc86f4

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_i386.deb
      Size/MD5 checksum:    62566 727555759e3ee96e14afc427fd1a4ed4
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_i386.deb
      Size/MD5 checksum:   103548 e4d71b9a616d71d62fda09bda5488edd
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_i386.deb
      Size/MD5 checksum:  1078678 e308c85fd1bee7a94f7d07eb0814e607

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_ia64.deb
      Size/MD5 checksum:    96604 aa26dc77cfae42c85fc827080c3c14cc
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_ia64.deb
      Size/MD5 checksum:   170564 0f28db29582f8574fe5efec313f0381a
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_ia64.deb
      Size/MD5 checksum:  1608842 b600f6008f1bec860ace6011e2fa9c0a

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_hppa.deb
      Size/MD5 checksum:    84002 62a268babaa314dcdd5b033c72266a11
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_hppa.deb
      Size/MD5 checksum:   123008 aee769727d4ab3aa31ff9c81e8711758
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_hppa.deb
      Size/MD5 checksum:  1337864 2267fdf93760dadda27bedeba21caaa9

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_m68k.deb
      Size/MD5 checksum:    62134 16cf3e3a10d721afec49783d7c3fbf92
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_m68k.deb
      Size/MD5 checksum:   102356 c3d4d655a64999384c32fe344a599682
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_m68k.deb
      Size/MD5 checksum:  1016676 2fc4559a8210aab615c916b802ba7684

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_mips.deb
      Size/MD5 checksum:    66994 825061bf9972d1ded323d5acdcd710b3
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_mips.deb
      Size/MD5 checksum:   123604 437b49b289dc3072ebaae26ebbbbff66
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_mips.deb
      Size/MD5 checksum:  1181322 2de610968c7e02bbf260b212a6a1ac84

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_mipsel.deb
      Size/MD5 checksum:    66838 565e13796a04a757af7e5020290dcde4
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_mipsel.deb
      Size/MD5 checksum:   123662 64da6e70b45ddb6f4468f46e7c44e9d6
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_mipsel.deb
      Size/MD5 checksum:  1180028 b29bbde4848b486ee1c2f533197d6752

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_powerpc.deb
      Size/MD5 checksum:    69042 21dd1ef5cbe08aceb71b58d7d1a7a16f
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_powerpc.deb
      Size/MD5 checksum:   117970 b2c077652d4f90fa4f03e0f28534559e
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_powerpc.deb
      Size/MD5 checksum:  1154096 2e415b674c4e3d73d79894a2a6d54e52

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_s390.deb
      Size/MD5 checksum:    66788 a4b358db59bf28ce606efa8ed31f8428
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_s390.deb
      Size/MD5 checksum:   116142 cf4293b7b0ae9e370b5f4fcd4bc8d112
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_s390.deb
      Size/MD5 checksum:  1130568 d0e7577566b78bc0a24dec621fd81e85

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_sparc.deb
      Size/MD5 checksum:    65400 d17577ed10e69ee74f75e703b385882e
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_sparc.deb
      Size/MD5 checksum:   118692 903289a73a661db5132034669d22ba45
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_sparc.deb
      Size/MD5 checksum:  1435808 07cb72079ccdedd112694b06fd034552


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge2.dsc
      Size/MD5 checksum:      749 8ab3b792bc83b9d768a09132935966a4
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge2.diff.gz
      Size/MD5 checksum:    45837 4182abb160edf2f5081bfc2b7bc31377
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
      Size/MD5 checksum:  1926538 985e9f6d531ac0b2004f5cbebdeea87d

  Alpha architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_alpha.deb
      Size/MD5 checksum:    82672 37d22ebe7276477898ac5a80f3c3ca00
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_alpha.deb
      Size/MD5 checksum:   145984 c88fc97f0e29e0388ca2d17aba17ba09
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_alpha.deb
      Size/MD5 checksum:    91588 d13c945e0bb3e9bee58e0ff2b170207e
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_alpha.deb
      Size/MD5 checksum:   146408 f2776a853306abf2dcfa40623d576e06
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_alpha.deb
      Size/MD5 checksum:  1594906 2bdc07c20834ae3bf3f4457357de1f19

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_amd64.deb
      Size/MD5 checksum:    68748 ef2f34beb730485fee2a4ffd875941f8
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_amd64.deb
      Size/MD5 checksum:   118008 ff2f3169d6fb407bf8f2c72161321b1a
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_amd64.deb
      Size/MD5 checksum:    77132 776dab5922464bc0e0530498f8cb1b54
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_amd64.deb
      Size/MD5 checksum:   118400 ae18aec98ef8662f6666e0f8d32c87d3
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_amd64.deb
      Size/MD5 checksum:  1277520 c212cf4f1ec34de9c59268312b298956

  ARM architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_arm.deb
      Size/MD5 checksum:    61804 55de08dc9496ac0ab77b17a2c766c80c
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_arm.deb
      Size/MD5 checksum:   114652 ea128cedb8a31391821c3d377adcc196
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_arm.deb
      Size/MD5 checksum:    68900 025644277b7b494a6b67850085f32f02
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_arm.deb
      Size/MD5 checksum:   115068 01c46f8400fb00dbd4f2ab57cff93466
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_arm.deb
      Size/MD5 checksum:  1226686 d11f8e54b13050f7b5823fd0f72330a1

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_i386.deb
      Size/MD5 checksum:    64926 ce68c6c99dd0d6946caa158974a3a201
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_i386.deb
      Size/MD5 checksum:   110566 39d16a56f46bd49d39a6dc6fd89aa08a
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_i386.deb
      Size/MD5 checksum:    72040 e5dffe84d5d74b74d0e8acaaed1c3d55
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_i386.deb
      Size/MD5 checksum:   110738 305012924bc7390035d1d69b6c5c721d
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_i386.deb
      Size/MD5 checksum:  1178734 999eddf08e1d0c24d16f601a220c9b93

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_ia64.deb
      Size/MD5 checksum:    96466 544eb8f9ff0086c3e9d3abdec86fbec9
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_ia64.deb
      Size/MD5 checksum:   154668 80d6aebf07b4338ce1816959226c1227
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_ia64.deb
      Size/MD5 checksum:   107210 515ff376d227fa5cd1e3f314da465934
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_ia64.deb
      Size/MD5 checksum:   155020 3b539cd2d6b0fee495dcc954faedf0a1
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_ia64.deb
      Size/MD5 checksum:  1816522 cb9920b1ce0035f070db19adbc15373b

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_hppa.deb
      Size/MD5 checksum:    77962 4640e42165c5a28faee159623eaf3b47
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_hppa.deb
      Size/MD5 checksum:   128068 045b1b3c72a4b538de0eef9f39f22bf4
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_hppa.deb
      Size/MD5 checksum:    88608 5e57aa608b3b5bb7da235d8f81de6fd5
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_hppa.deb
      Size/MD5 checksum:   128532 7620a8001c3436855b929cd80c8f7af6
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_hppa.deb
      Size/MD5 checksum:  1410172 936284480aff9674517eccfaae99f76d

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_m68k.deb
      Size/MD5 checksum:    62276 a7695c8d946d05b977686d8c5a43d569
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_m68k.deb
      Size/MD5 checksum:   105384 428c32376928676f579b4acc808df5ba
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_m68k.deb
      Size/MD5 checksum:    69594 bc6914997fd9942c4881124feff14bd6
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_m68k.deb
      Size/MD5 checksum:   105604 f11be5ff58c8fd6ee632bf01647e4199
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_m68k.deb
      Size/MD5 checksum:  1119642 fbd4be6544590ec08a818220e08d0e71

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_mips.deb
      Size/MD5 checksum:    68680 554ee1f49b1399d0e0ce57aaccfdaa22
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_mips.deb
      Size/MD5 checksum:   120034 acb9e8860ffd41b6abedaacae15d22cc
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_mips.deb
      Size/MD5 checksum:    75504 5e82d1e1f5e806d470d6f139a474ed77
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_mips.deb
      Size/MD5 checksum:   120384 6c23833c6690f184a9f4099cf2de7d38
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_mips.deb
      Size/MD5 checksum:  1671538 565ffe085afee85bdadb3931716aff9a

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_mipsel.deb
      Size/MD5 checksum:    68390 09eaf6ff62842b12bba001003ceda8dc
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_mipsel.deb
      Size/MD5 checksum:   120134 ea9ca48c392b946b75591818b1a7f08a
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_mipsel.deb
      Size/MD5 checksum:    75164 26701ac67beabf7d842e894a0d40130c
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_mipsel.deb
      Size/MD5 checksum:   120442 ab43c7303e4a3d00cf281f5a05e4e83f
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_mipsel.deb
      Size/MD5 checksum:  1678264 f4df4fa5a4873fa38fcdf06a93d867b2

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_powerpc.deb
      Size/MD5 checksum:    71138 5537258e9e342998750d9b6506982164
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_powerpc.deb
      Size/MD5 checksum:   123604 e12f868f695adfcef8a6256cbb89daaa
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_powerpc.deb
      Size/MD5 checksum:    83324 129d59fb7fdfda0dfd06327eda4ea214
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_powerpc.deb
      Size/MD5 checksum:   123910 193561799536112dbfac38c50cb89a6b
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_powerpc.deb
      Size/MD5 checksum:  1521584 f2ec44857eaf4bf9e591a2e0d993d65c

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_s390.deb
      Size/MD5 checksum:    70438 deaf1eac0c8c8e1ed2e676aee31cec47
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_s390.deb
      Size/MD5 checksum:   115184 4a96f38c41c6e0bf4c66aa3419178a22
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_s390.deb
      Size/MD5 checksum:    77632 ca8446b3919271228491d8b255fd5bf9
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_s390.deb
      Size/MD5 checksum:   115652 37cb64b6ac171da0fffa8944fbe5f60d
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_s390.deb
      Size/MD5 checksum:  1256870 427dae51b929fdb0ef16feb60019fdcd

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_sparc.deb
      Size/MD5 checksum:    67734 b3eacbd2deeb9da5fed21fa03647951f
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_sparc.deb
      Size/MD5 checksum:   117286 fce7a4a7d08697f2cf5b2b22c94934ea
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_sparc.deb
      Size/MD5 checksum:    74492 81ece0d62781d46579cfc923e2f9ad4d
    http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_sparc.deb
      Size/MD5 checksum:   117698 5217fe47475db4e8d0e8f99ff5675aca
    http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_sparc.deb
      Size/MD5 checksum:  1279416 f0e1ad2342fefbdce08630777d03c579


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDgf5OW5ql+IAeqTIRAmMmAJ9mjT2xHOCjQj43OERq7JFtD3ze6gCfRPh0
E/yFbQi4Oo+JrV/fUw4h3u0=
=Z1R9
-----END PGP SIGNATURE-----



Reply to: