Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Tue, 13 Dec 2011 08:14:57 -0600 Reply-To: Pat RieheckySender: Security Errata for Scientific Linux From: Pat Riehecky Organization: Fermilab Subject: FASTBUGS for SL 5x i386, x86_64 now available MIME-Version: 1.0 The following FASTBUGS have been uploaded to i386: acpid-1.0.4-12.el5.i386.rpm gtk2-2.10.4-21.el5_7.7.i386.rpm gtk2-devel-2.10.4-21.el5_7.7.i386.rpm sos-1.7-9.54.el5_7.1.noarch.rpm x86_64: acpid-1.0.4-12.el5.x86_64.rpm gtk2-2.10.4-21.el5_7.7.i386.rpm gtk2-2.10.4-21.el5_7.7.x86_64.rpm gtk2-devel-2.10.4-21.el5_7.7.i386.rpm gtk2-devel-2.10.4-21.el5_7.7.x86_64.rpm sos-1.7-9.54.el5_7.1.noarch.rpm Date: Tue, 13 Dec 2011 11:08:42 -0600 Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it. Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Important: netpbm on SL4.x, SL5.x i386/x86_64 Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it. Synopsis: Important: netpbm security update Issue Date: 2011-12-12 CVE Numbers: CVE-2009-4274 CVE-2011-4516 The netpbm packages contain a library of functions which support programs for handling various graphics file formats, including.pbm (Portable Bit Map),.pgm (Portable Gray Map),.pnm (Portable Any Map),.ppm (Portable Pixel Map), and others. Two heap-based buffer overflow flaws were found in the embedded JasPer library, which is used to provide support for Part 1 of the JPEG 2000 image compression standard in the jpeg2ktopam and pamtojpeg2k tools. An attacker could create a malicious JPEG 2000 compressed image file that could cause jpeg2ktopam to crash or, potentially, execute arbitrary code with the privileges of the user running jpeg2ktopam. These flaws do not affect pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517) A stack-based buffer overflow flaw was found in the way the xpmtoppm tool processed X PixMap (XPM) image files. An attacker could create a malicious XPM file that would cause xpmtoppm to crash or, potentially, execute arbitrary code with the privileges of the user running xpmtoppm. (CVE-2009-4274) All users of netpbm are advised to upgrade to these updated packages, which contain backported patches to correct these issues. SL4: i386 netpbm-10.35.58-8.el4.i386.rpm netpbm-debuginfo-10.35.58-8.el4.i386.rpm netpbm-devel-10.35.58-8.el4.i386.rpm netpbm-progs-10.35.58-8.el4.i386.rpm x86_64 netpbm-10.35.58-8.el4.i386.rpm netpbm-10.35.58-8.el4.x86_64.rpm netpbm-debuginfo-10.35.58-8.el4.i386.rpm netpbm-debuginfo-10.35.58-8.el4.x86_64.rpm netpbm-devel-10.35.58-8.el4.x86_64.rpm netpbm-progs-10.35.58-8.el4.x86_64.rpm SL5: i386 netpbm-10.35.58-8.el5_7.3.i386.rpm netpbm-debuginfo-10.35.58-8.el5_7.3.i386.rpm netpbm-devel-10.35.58-8.el5_7.3.i386.rpm netpbm-progs-10.35.58-8.el5_7.3.i386.rpm x86_64 netpbm-10.35.58-8.el5_7.3.i386.rpm netpbm-10.35.58-8.el5_7.3.x86_64.rpm netpbm-debuginfo-10.35.58-8.el5_7.3.i386.rpm netpbm-debuginfo-10.35.58-8.el5_7.3.x86_64.rpm netpbm-devel-10.35.58-8.el5_7.3.i386.rpm netpbm-devel-10.35.58-8.el5_7.3.x86_64.rpm netpbm-progs-10.35.58-8.el5_7.3.x86_64.rpm - Scientific Linux Development Team