RedHat: Moderate: netpbm security update | LinuxSecurity.com
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: netpbm security update
Advisory ID:       RHSA-2005:843-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-843.html
Issue date:        2005-12-20
Updated on:        2005-12-20
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2005-3632 CVE-2005-3662
- ---------------------------------------------------------------------

1. Summary:

Updated netpbm packages that fix two security issues are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The netpbm package contains a library of functions that support programs
for handling various graphics file formats.

A stack based buffer overflow bug was found in the way netpbm converts
Portable Anymap (PNM) files into Portable Network Graphics (PNG). A
specially crafted PNM file could allow an attacker to execute arbitrary
code by attempting to convert a PNM file to a PNG file when using pnmtopng
with the '-text' option. The Common Vulnerabilities and Exposures project
has assigned the name CVE-2005-3632 to this issue.

An "off by one" bug was found in the way netpbm converts Portable Anymap
(PNM) files into Portable Network Graphics (PNG). If a victim attempts to
convert a specially crafted 256 color PNM file to a PNG file, then it can
cause the pnmtopng utility to crash. The Common Vulnerabilities and
Exposures project has assigned the name CVE-2005-3662 to this issue.

All users of netpbm should upgrade to these updated packages, which contain
backported patches that resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (https://bugzilla.redhat.com/):

173342 - CVE-2005-3662 netpbm off by one error
173344 - CVE-2005-3632 Netpbm buffer overflow


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/netpbm-9.24-9.AS21.6.src.rpm
f9ba7f06f41f2aa95d2d86931f2aa7fd  netpbm-9.24-9.AS21.6.src.rpm

i386:
360ae1d9aaef8544b3a1ca00a2feaa4b  netpbm-9.24-9.AS21.6.i386.rpm
c45c19f689ba6628ef0e609e00854d89  netpbm-devel-9.24-9.AS21.6.i386.rpm
6bc5d1878c9ebf6aaab762ed99bdfcfb  netpbm-progs-9.24-9.AS21.6.i386.rpm

ia64:
c014f290d818568f0d58605aa3b143dd  netpbm-9.24-9.AS21.6.ia64.rpm
ddddb9b88c82496eccab50ffc0173fc4  netpbm-devel-9.24-9.AS21.6.ia64.rpm
b11ae66486d6d362984ba99ab972b4b3  netpbm-progs-9.24-9.AS21.6.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/netpbm-9.24-9.AS21.6.src.rpm
f9ba7f06f41f2aa95d2d86931f2aa7fd  netpbm-9.24-9.AS21.6.src.rpm

ia64:
c014f290d818568f0d58605aa3b143dd  netpbm-9.24-9.AS21.6.ia64.rpm
ddddb9b88c82496eccab50ffc0173fc4  netpbm-devel-9.24-9.AS21.6.ia64.rpm
b11ae66486d6d362984ba99ab972b4b3  netpbm-progs-9.24-9.AS21.6.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/netpbm-9.24-9.AS21.6.src.rpm
f9ba7f06f41f2aa95d2d86931f2aa7fd  netpbm-9.24-9.AS21.6.src.rpm

i386:
360ae1d9aaef8544b3a1ca00a2feaa4b  netpbm-9.24-9.AS21.6.i386.rpm
c45c19f689ba6628ef0e609e00854d89  netpbm-devel-9.24-9.AS21.6.i386.rpm
6bc5d1878c9ebf6aaab762ed99bdfcfb  netpbm-progs-9.24-9.AS21.6.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/netpbm-9.24-9.AS21.6.src.rpm
f9ba7f06f41f2aa95d2d86931f2aa7fd  netpbm-9.24-9.AS21.6.src.rpm

i386:
360ae1d9aaef8544b3a1ca00a2feaa4b  netpbm-9.24-9.AS21.6.i386.rpm
c45c19f689ba6628ef0e609e00854d89  netpbm-devel-9.24-9.AS21.6.i386.rpm
6bc5d1878c9ebf6aaab762ed99bdfcfb  netpbm-progs-9.24-9.AS21.6.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/netpbm-9.24-11.30.4.src.rpm
19ad9f0ab04dbd18bb443a2f894c34eb  netpbm-9.24-11.30.4.src.rpm

i386:
36cae065fd4d943f53a4eb76ab1fc6b0  netpbm-9.24-11.30.4.i386.rpm
70469787c6d5c6b30e8a3dfd6398befb  netpbm-devel-9.24-11.30.4.i386.rpm
4f09f963a50fd68ca3945b384d2c6f0c  netpbm-progs-9.24-11.30.4.i386.rpm

ia64:
36cae065fd4d943f53a4eb76ab1fc6b0  netpbm-9.24-11.30.4.i386.rpm
b60f5790cc03bcaf05efa8bcfce97f73  netpbm-9.24-11.30.4.ia64.rpm
d04b6fb6473d8ba03c98d14b78780c52  netpbm-devel-9.24-11.30.4.ia64.rpm
277c76e67e11b69aa4d5c15cfb831715  netpbm-progs-9.24-11.30.4.ia64.rpm

ppc:
b2a3cd86dbd9927b0ba1b6189886bcb5  netpbm-9.24-11.30.4.ppc.rpm
cab079cbf11baf472ce9b7d775dc897c  netpbm-9.24-11.30.4.ppc64.rpm
37a16559b3e387d60c6095812dfa64a6  netpbm-devel-9.24-11.30.4.ppc.rpm
ff27be9c5b2075bf3ca9e27e0fe14383  netpbm-progs-9.24-11.30.4.ppc.rpm

s390:
2beab978ada99868ab0e9cc3180af5e2  netpbm-9.24-11.30.4.s390.rpm
b8de7d98668ff912c0c1f80bcb06de56  netpbm-devel-9.24-11.30.4.s390.rpm
b8907a301fef7ec9b53dc39cce290099  netpbm-progs-9.24-11.30.4.s390.rpm

s390x:
2beab978ada99868ab0e9cc3180af5e2  netpbm-9.24-11.30.4.s390.rpm
1da23fee520b2afe4f598f14afffe7b2  netpbm-9.24-11.30.4.s390x.rpm
dec2d8f223ebd2bf912bc6b3af987e42  netpbm-devel-9.24-11.30.4.s390x.rpm
8edfb12940f8ff15ab8e5043ed41b8bc  netpbm-progs-9.24-11.30.4.s390x.rpm

x86_64:
36cae065fd4d943f53a4eb76ab1fc6b0  netpbm-9.24-11.30.4.i386.rpm
e0ef48b3172d3be3ff41fb0165c92cec  netpbm-9.24-11.30.4.x86_64.rpm
11101f273f9010346e2f66f0320dfeb2  netpbm-devel-9.24-11.30.4.x86_64.rpm
2daa6fadc97f817f4a1aac69d1730e9d  netpbm-progs-9.24-11.30.4.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/netpbm-9.24-11.30.4.src.rpm
19ad9f0ab04dbd18bb443a2f894c34eb  netpbm-9.24-11.30.4.src.rpm

i386:
36cae065fd4d943f53a4eb76ab1fc6b0  netpbm-9.24-11.30.4.i386.rpm
70469787c6d5c6b30e8a3dfd6398befb  netpbm-devel-9.24-11.30.4.i386.rpm
4f09f963a50fd68ca3945b384d2c6f0c  netpbm-progs-9.24-11.30.4.i386.rpm

x86_64:
36cae065fd4d943f53a4eb76ab1fc6b0  netpbm-9.24-11.30.4.i386.rpm
e0ef48b3172d3be3ff41fb0165c92cec  netpbm-9.24-11.30.4.x86_64.rpm
11101f273f9010346e2f66f0320dfeb2  netpbm-devel-9.24-11.30.4.x86_64.rpm
2daa6fadc97f817f4a1aac69d1730e9d  netpbm-progs-9.24-11.30.4.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/netpbm-9.24-11.30.4.src.rpm
19ad9f0ab04dbd18bb443a2f894c34eb  netpbm-9.24-11.30.4.src.rpm

i386:
36cae065fd4d943f53a4eb76ab1fc6b0  netpbm-9.24-11.30.4.i386.rpm
70469787c6d5c6b30e8a3dfd6398befb  netpbm-devel-9.24-11.30.4.i386.rpm
4f09f963a50fd68ca3945b384d2c6f0c  netpbm-progs-9.24-11.30.4.i386.rpm

ia64:
36cae065fd4d943f53a4eb76ab1fc6b0  netpbm-9.24-11.30.4.i386.rpm
b60f5790cc03bcaf05efa8bcfce97f73  netpbm-9.24-11.30.4.ia64.rpm
d04b6fb6473d8ba03c98d14b78780c52  netpbm-devel-9.24-11.30.4.ia64.rpm
277c76e67e11b69aa4d5c15cfb831715  netpbm-progs-9.24-11.30.4.ia64.rpm

x86_64:
36cae065fd4d943f53a4eb76ab1fc6b0  netpbm-9.24-11.30.4.i386.rpm
e0ef48b3172d3be3ff41fb0165c92cec  netpbm-9.24-11.30.4.x86_64.rpm
11101f273f9010346e2f66f0320dfeb2  netpbm-devel-9.24-11.30.4.x86_64.rpm
2daa6fadc97f817f4a1aac69d1730e9d  netpbm-progs-9.24-11.30.4.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/netpbm-9.24-11.30.4.src.rpm
19ad9f0ab04dbd18bb443a2f894c34eb  netpbm-9.24-11.30.4.src.rpm

i386:
36cae065fd4d943f53a4eb76ab1fc6b0  netpbm-9.24-11.30.4.i386.rpm
70469787c6d5c6b30e8a3dfd6398befb  netpbm-devel-9.24-11.30.4.i386.rpm
4f09f963a50fd68ca3945b384d2c6f0c  netpbm-progs-9.24-11.30.4.i386.rpm

ia64:
36cae065fd4d943f53a4eb76ab1fc6b0  netpbm-9.24-11.30.4.i386.rpm
b60f5790cc03bcaf05efa8bcfce97f73  netpbm-9.24-11.30.4.ia64.rpm
d04b6fb6473d8ba03c98d14b78780c52  netpbm-devel-9.24-11.30.4.ia64.rpm
277c76e67e11b69aa4d5c15cfb831715  netpbm-progs-9.24-11.30.4.ia64.rpm

x86_64:
36cae065fd4d943f53a4eb76ab1fc6b0  netpbm-9.24-11.30.4.i386.rpm
e0ef48b3172d3be3ff41fb0165c92cec  netpbm-9.24-11.30.4.x86_64.rpm
11101f273f9010346e2f66f0320dfeb2  netpbm-devel-9.24-11.30.4.x86_64.rpm
2daa6fadc97f817f4a1aac69d1730e9d  netpbm-progs-9.24-11.30.4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3632
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3662

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

RedHat: Moderate: netpbm security update

Updated netpbm packages that fix two security issues are now available

Summary

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (https://bugzilla.redhat.com/):

173342 - CVE-2005-3662 netpbm off by one error 173344 - CVE-2005-3632 Netpbm buffer overflow


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/netpbm-9.24-9.AS21.6.src.rpm f9ba7f06f41f2aa95d2d86931f2aa7fd netpbm-9.24-9.AS21.6.src.rpm

i386: 360ae1d9aaef8544b3a1ca00a2feaa4b netpbm-9.24-9.AS21.6.i386.rpm c45c19f689ba6628ef0e609e00854d89 netpbm-devel-9.24-9.AS21.6.i386.rpm 6bc5d1878c9ebf6aaab762ed99bdfcfb netpbm-progs-9.24-9.AS21.6.i386.rpm

ia64: c014f290d818568f0d58605aa3b143dd netpbm-9.24-9.AS21.6.ia64.rpm ddddb9b88c82496eccab50ffc0173fc4 netpbm-devel-9.24-9.AS21.6.ia64.rpm b11ae66486d6d362984ba99ab972b4b3 netpbm-progs-9.24-9.AS21.6.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/netpbm-9.24-9.AS21.6.src.rpm f9ba7f06f41f2aa95d2d86931f2aa7fd netpbm-9.24-9.AS21.6.src.rpm

ia64: c014f290d818568f0d58605aa3b143dd netpbm-9.24-9.AS21.6.ia64.rpm ddddb9b88c82496eccab50ffc0173fc4 netpbm-devel-9.24-9.AS21.6.ia64.rpm b11ae66486d6d362984ba99ab972b4b3 netpbm-progs-9.24-9.AS21.6.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/netpbm-9.24-9.AS21.6.src.rpm f9ba7f06f41f2aa95d2d86931f2aa7fd netpbm-9.24-9.AS21.6.src.rpm

i386: 360ae1d9aaef8544b3a1ca00a2feaa4b netpbm-9.24-9.AS21.6.i386.rpm c45c19f689ba6628ef0e609e00854d89 netpbm-devel-9.24-9.AS21.6.i386.rpm 6bc5d1878c9ebf6aaab762ed99bdfcfb netpbm-progs-9.24-9.AS21.6.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/netpbm-9.24-9.AS21.6.src.rpm f9ba7f06f41f2aa95d2d86931f2aa7fd netpbm-9.24-9.AS21.6.src.rpm

i386: 360ae1d9aaef8544b3a1ca00a2feaa4b netpbm-9.24-9.AS21.6.i386.rpm c45c19f689ba6628ef0e609e00854d89 netpbm-devel-9.24-9.AS21.6.i386.rpm 6bc5d1878c9ebf6aaab762ed99bdfcfb netpbm-progs-9.24-9.AS21.6.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/netpbm-9.24-11.30.4.src.rpm 19ad9f0ab04dbd18bb443a2f894c34eb netpbm-9.24-11.30.4.src.rpm

i386: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm 70469787c6d5c6b30e8a3dfd6398befb netpbm-devel-9.24-11.30.4.i386.rpm 4f09f963a50fd68ca3945b384d2c6f0c netpbm-progs-9.24-11.30.4.i386.rpm

ia64: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm b60f5790cc03bcaf05efa8bcfce97f73 netpbm-9.24-11.30.4.ia64.rpm d04b6fb6473d8ba03c98d14b78780c52 netpbm-devel-9.24-11.30.4.ia64.rpm 277c76e67e11b69aa4d5c15cfb831715 netpbm-progs-9.24-11.30.4.ia64.rpm

ppc: b2a3cd86dbd9927b0ba1b6189886bcb5 netpbm-9.24-11.30.4.ppc.rpm cab079cbf11baf472ce9b7d775dc897c netpbm-9.24-11.30.4.ppc64.rpm 37a16559b3e387d60c6095812dfa64a6 netpbm-devel-9.24-11.30.4.ppc.rpm ff27be9c5b2075bf3ca9e27e0fe14383 netpbm-progs-9.24-11.30.4.ppc.rpm

s390: 2beab978ada99868ab0e9cc3180af5e2 netpbm-9.24-11.30.4.s390.rpm b8de7d98668ff912c0c1f80bcb06de56 netpbm-devel-9.24-11.30.4.s390.rpm b8907a301fef7ec9b53dc39cce290099 netpbm-progs-9.24-11.30.4.s390.rpm

s390x: 2beab978ada99868ab0e9cc3180af5e2 netpbm-9.24-11.30.4.s390.rpm 1da23fee520b2afe4f598f14afffe7b2 netpbm-9.24-11.30.4.s390x.rpm dec2d8f223ebd2bf912bc6b3af987e42 netpbm-devel-9.24-11.30.4.s390x.rpm 8edfb12940f8ff15ab8e5043ed41b8bc netpbm-progs-9.24-11.30.4.s390x.rpm

x86_64: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm e0ef48b3172d3be3ff41fb0165c92cec netpbm-9.24-11.30.4.x86_64.rpm 11101f273f9010346e2f66f0320dfeb2 netpbm-devel-9.24-11.30.4.x86_64.rpm 2daa6fadc97f817f4a1aac69d1730e9d netpbm-progs-9.24-11.30.4.x86_64.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/netpbm-9.24-11.30.4.src.rpm 19ad9f0ab04dbd18bb443a2f894c34eb netpbm-9.24-11.30.4.src.rpm

i386: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm 70469787c6d5c6b30e8a3dfd6398befb netpbm-devel-9.24-11.30.4.i386.rpm 4f09f963a50fd68ca3945b384d2c6f0c netpbm-progs-9.24-11.30.4.i386.rpm

x86_64: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm e0ef48b3172d3be3ff41fb0165c92cec netpbm-9.24-11.30.4.x86_64.rpm 11101f273f9010346e2f66f0320dfeb2 netpbm-devel-9.24-11.30.4.x86_64.rpm 2daa6fadc97f817f4a1aac69d1730e9d netpbm-progs-9.24-11.30.4.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/netpbm-9.24-11.30.4.src.rpm 19ad9f0ab04dbd18bb443a2f894c34eb netpbm-9.24-11.30.4.src.rpm

i386: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm 70469787c6d5c6b30e8a3dfd6398befb netpbm-devel-9.24-11.30.4.i386.rpm 4f09f963a50fd68ca3945b384d2c6f0c netpbm-progs-9.24-11.30.4.i386.rpm

ia64: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm b60f5790cc03bcaf05efa8bcfce97f73 netpbm-9.24-11.30.4.ia64.rpm d04b6fb6473d8ba03c98d14b78780c52 netpbm-devel-9.24-11.30.4.ia64.rpm 277c76e67e11b69aa4d5c15cfb831715 netpbm-progs-9.24-11.30.4.ia64.rpm

x86_64: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm e0ef48b3172d3be3ff41fb0165c92cec netpbm-9.24-11.30.4.x86_64.rpm 11101f273f9010346e2f66f0320dfeb2 netpbm-devel-9.24-11.30.4.x86_64.rpm 2daa6fadc97f817f4a1aac69d1730e9d netpbm-progs-9.24-11.30.4.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/netpbm-9.24-11.30.4.src.rpm 19ad9f0ab04dbd18bb443a2f894c34eb netpbm-9.24-11.30.4.src.rpm

i386: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm 70469787c6d5c6b30e8a3dfd6398befb netpbm-devel-9.24-11.30.4.i386.rpm 4f09f963a50fd68ca3945b384d2c6f0c netpbm-progs-9.24-11.30.4.i386.rpm

ia64: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm b60f5790cc03bcaf05efa8bcfce97f73 netpbm-9.24-11.30.4.ia64.rpm d04b6fb6473d8ba03c98d14b78780c52 netpbm-devel-9.24-11.30.4.ia64.rpm 277c76e67e11b69aa4d5c15cfb831715 netpbm-progs-9.24-11.30.4.ia64.rpm

x86_64: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm e0ef48b3172d3be3ff41fb0165c92cec netpbm-9.24-11.30.4.x86_64.rpm 11101f273f9010346e2f66f0320dfeb2 netpbm-devel-9.24-11.30.4.x86_64.rpm 2daa6fadc97f817f4a1aac69d1730e9d netpbm-progs-9.24-11.30.4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3662

Package List

Severity
Advisory ID: RHSA-2005:843-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-843.html
Issued Date: : 2005-12-20
Updated on: 2005-12-20
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3632 CVE-2005-3662 - ---------------------------------------------------------------------

Topic

Updated netpbm packages that fix two security issues are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Relevant Releases Architectures

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64

Red Hat Linux Advanced Workstation 2.1 - ia64

Red Hat Enterprise Linux ES version 2.1 - i386

Red Hat Enterprise Linux WS version 2.1 - i386

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Desktop version 3 - i386, x86_64

Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The netpbm package contains a library of functions that support programs

for handling various graphics file formats.

A stack based buffer overflow bug was found in the way netpbm converts

Portable Anymap (PNM) files into Portable Network Graphics (PNG). A

specially crafted PNM file could allow an attacker to execute arbitrary

code by attempting to convert a PNM file to a PNG file when using pnmtopng

with the '-text' option. The Common Vulnerabilities and Exposures project

has assigned the name CVE-2005-3632 to this issue.

An "off by one" bug was found in the way netpbm converts Portable Anymap

(PNM) files into Portable Network Graphics (PNG). If a victim attempts to

convert a specially crafted 256 color PNM file to a PNG file, then it can

cause the pnmtopng utility to crash. The Common Vulnerabilities and

Exposures project has assigned the name CVE-2005-3662 to this issue.

All users of netpbm should upgrade to these updated packages, which contain

backported patches that resolve these issues.

Bugs Fixed

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.