Debians sikkerhedsbulletin

DSA-1021-1 netpbm-free -- usikker programudførsel

Rapporteret den:

28. mar 2006

Berørte pakker:

netpbm-free

Sårbar:

Referencer i sikkerhedsdatabaser:

I Debians fejlsporingssystem: Fejl 319757.
I Mitres CVE-ordbog: CVE-2005-2471.

Yderligere oplysninger:

Max Vozeler fra Debian Audit Project har opdaget at pstopnm, et program til konvertering fra Postscript til formaterne PBM, PGM ig PNM, startede Ghostscript på en usikker måde, hvilket kunne føre til udførelse af vilkårlige shell-kommandoer ved konvertering af særligt fremstillede Postscript-filer.

I den gamle stabile distribution (woody) er dette problem rettet i version 9.20-8.6.

I den stabile distribution (sarge) er dette problem rettet i version 10.0-8sarge3.

I den ustabile distribution (sid) er dette problem rettet i version 10.0-9.

Vi anbefaler at du opgraderer din netpbm-pakke.

Rettet i:

Debian GNU/Linux 3.0 (woody)

Kildekode:: http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.6.dsc; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.6.diff.gz; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_alpha.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_alpha.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_arm.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_arm.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_i386.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_i386.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_ia64.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_ia64.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_hppa.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_hppa.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_m68k.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_m68k.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_mips.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_mips.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_mipsel.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_mipsel.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_powerpc.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_powerpc.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_s390.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_s390.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_sparc.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_sparc.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_sparc.deb

Debian GNU/Linux 3.1 (sarge)

Kildekode:: http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge3.dsc; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge3.diff.gz; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_alpha.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_alpha.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_alpha.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_alpha.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_amd64.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_amd64.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_amd64.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_amd64.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_arm.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_arm.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_arm.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_arm.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_i386.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_i386.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_i386.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_i386.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_ia64.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_ia64.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_ia64.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_ia64.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_hppa.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_hppa.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_hppa.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_hppa.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_m68k.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_m68k.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_m68k.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_m68k.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_mips.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_mips.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_mips.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_mips.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_mipsel.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_mipsel.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_mipsel.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_mipsel.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_powerpc.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_powerpc.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_powerpc.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_powerpc.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_s390.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_s390.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_s390.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_s390.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_sparc.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_sparc.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_sparc.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_sparc.deb; http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.