Explore top 10 tips to secure your open-source projects now. Read More
×* bsc#1022790 * bsc#1022791 Cross-References: * CVE-2017-5849 . # Security update for netpbm Announcement ID: SUSE-SU-2024:0434-1 Rating: moderate References: * bsc#1022790 * bsc#1022791 Cross-References: * CVE-2017-5849 CVSS scores: * CVE-2017-5849 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2017-5849 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for netpbm fixes the following issues: * CVE-2017-5849: Fixed out-of-bound read and write issue that can occur in function putgreytile() and put1bitbwtile() (bsc#1022790, bsc#1022791). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-434=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-434=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-434=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-434=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * netpbm-10.66.3-8.10.1 * libnetpbm11-10.66.3-8.10.1 * netpbm-debugsource-10.66.3-8.10.1 * libnetpbm11-debuginfo-10.66.3-8.10.1 * netpbm-debuginfo-10.66.3-8.10.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libnetpbm11-32bit-10.66.3-8.10.1 *libnetpbm11-debuginfo-32bit-10.66.3-8.10.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * netpbm-10.66.3-8.10.1 * libnetpbm11-10.66.3-8.10.1 * netpbm-debugsource-10.66.3-8.10.1 * libnetpbm11-debuginfo-10.66.3-8.10.1 * netpbm-debuginfo-10.66.3-8.10.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libnetpbm11-32bit-10.66.3-8.10.1 * libnetpbm11-debuginfo-32bit-10.66.3-8.10.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * netpbm-10.66.3-8.10.1 * libnetpbm11-10.66.3-8.10.1 * netpbm-debugsource-10.66.3-8.10.1 * libnetpbm11-debuginfo-10.66.3-8.10.1 * netpbm-debuginfo-10.66.3-8.10.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libnetpbm11-32bit-10.66.3-8.10.1 * libnetpbm11-debuginfo-32bit-10.66.3-8.10.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * netpbm-debugsource-10.66.3-8.10.1 * netpbm-debuginfo-10.66.3-8.10.1 * libnetpbm-devel-10.66.3-8.10.1 ## References: * https://www.suse.com/security/cve/CVE-2017-5849.html * https://bugzilla.suse.com/show_bug.cgi?id=1022790 * https://bugzilla.suse.com/show_bug.cgi?id=1022791 . An update for netpbm rectifies a significant security vulnerability. The impacted SUSE offerings encompass both HPC and Server variants.. Netpbm Update, SUSE Security, Out-Of-Bounds Fix, Linux Security. . LinuxSecurity.com Team
This update for netpbm fixes the following issues: CVE-2017-5849: Fixed out-of-bound read and write issue that can occur in function putgreytile() and put1bitbwtile() (bsc#1022790, bsc#1022791).. # Security update for netpbm Announcement ID: SUSE-SU-2024:0435-1 Rating: moderate References: * bsc#1022790 * bsc#1022791 Cross-References: * CVE-2017-5849 CVSS scores: * CVE-2017-5849 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2017-5849 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for netpbm fixes the following issues: * CVE-2017-5849: Fixed out-of-bound read and write issue that can occur in function putgreytile() and put1bitbwtile() (bsc#1022790, bsc#1022791). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-435=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-435=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-435=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * netpbm-10.80.1-150000.3.14.1 * netpbm-debugsource-10.80.1-150000.3.14.1 * libnetpbm11-10.80.1-150000.3.14.1 * libnetpbm11-debuginfo-10.80.1-150000.3.14.1 * libnetpbm-devel-10.80.1-150000.3.14.1 *netpbm-vulnerable-debuginfo-10.80.1-150000.3.14.1 * netpbm-debuginfo-10.80.1-150000.3.14.1 * netpbm-vulnerable-10.80.1-150000.3.14.1 * openSUSE Leap 15.5 (x86_64) * libnetpbm11-32bit-10.80.1-150000.3.14.1 * libnetpbm11-32bit-debuginfo-10.80.1-150000.3.14.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * netpbm-10.80.1-150000.3.14.1 * netpbm-debugsource-10.80.1-150000.3.14.1 * libnetpbm11-10.80.1-150000.3.14.1 * libnetpbm11-debuginfo-10.80.1-150000.3.14.1 * netpbm-debuginfo-10.80.1-150000.3.14.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * netpbm-debugsource-10.80.1-150000.3.14.1 * netpbm-debuginfo-10.80.1-150000.3.14.1 * libnetpbm-devel-10.80.1-150000.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2017-5849.html * https://bugzilla.suse.com/show_bug.cgi?id=1022790 * https://bugzilla.suse.com/show_bug.cgi?id=1022791 . Critical patch release for netpbm tackles vulnerabilities linked to out-of-bounds access as well as notable risks in openSUSE. Apply updates immediately!. openSUSE, netpbm, security patch, out-of-bound, software update. . Severity: Important. LinuxSecurity.com Team
* bsc#1022790 * bsc#1022791 Cross-References: * CVE-2017-5849 . # Security update for netpbm Announcement ID: SUSE-SU-2024:0435-1 Rating: moderate References: * bsc#1022790 * bsc#1022791 Cross-References: * CVE-2017-5849 CVSS scores: * CVE-2017-5849 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2017-5849 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for netpbm fixes the following issues: * CVE-2017-5849: Fixed out-of-bound read and write issue that can occur in function putgreytile() and put1bitbwtile() (bsc#1022790, bsc#1022791). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-435=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-435=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-435=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * netpbm-10.80.1-150000.3.14.1 * netpbm-debugsource-10.80.1-150000.3.14.1 * libnetpbm11-10.80.1-150000.3.14.1 * libnetpbm11-debuginfo-10.80.1-150000.3.14.1 * libnetpbm-devel-10.80.1-150000.3.14.1 * netpbm-vulnerable-debuginfo-10.80.1-150000.3.14.1 * netpbm-debuginfo-10.80.1-150000.3.14.1 * netpbm-vulnerable-10.80.1-150000.3.14.1 * openSUSELeap 15.5 (x86_64) * libnetpbm11-32bit-10.80.1-150000.3.14.1 * libnetpbm11-32bit-debuginfo-10.80.1-150000.3.14.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * netpbm-10.80.1-150000.3.14.1 * netpbm-debugsource-10.80.1-150000.3.14.1 * libnetpbm11-10.80.1-150000.3.14.1 * libnetpbm11-debuginfo-10.80.1-150000.3.14.1 * netpbm-debuginfo-10.80.1-150000.3.14.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * netpbm-debugsource-10.80.1-150000.3.14.1 * netpbm-debuginfo-10.80.1-150000.3.14.1 * libnetpbm-devel-10.80.1-150000.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2017-5849.html * https://bugzilla.suse.com/show_bug.cgi?id=1022790 * https://bugzilla.suse.com/show_bug.cgi?id=1022791 . Uncover the most recent security patch for netpbm, highlighting the severity levels and guidance for remediation on SUSE Linux platforms.. SUSE Netpbm Update, Moderate Security Fix, Out-of-Bounds Issues. . LinuxSecurity.com Team
New upstream version 10.94.00. Introduced new script pamhomography.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-f62099fe51 2021-02-04 01:56:45.207227 --------------------------------------------------------------------------------Name : netpbm Product : Fedora 32 Version : 10.93.00 Release : 1.fc32 URL : Summary : A library for handling different graphics file formats Description : The netpbm package contains a library of functions which support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. --------------------------------------------------------------------------------Update Information: New upstream version 10.94.00. Introduced new script pamhomography. --------------------------------------------------------------------------------ChangeLog: * Mon Jan 25 2021 Josef Ridky - 10.93.00-1 - New upstream release 10.93.00 (#1911159) --------------------------------------------------------------------------------References: [ 1 ] Bug #1561207 - CVE-2018-8975 netpbm: heap-buffer-overflow in pm_mallocarray2 function in lib/util/mallocvar.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1561207 [ 2 ] Bug #1911159 - netpbm-10.93.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=1911159 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-f62099fe51' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
New upstream version 10.94.00. Introduced new script pamhomography.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-df9ede6a02 2021-01-31 01:21:54.388516 --------------------------------------------------------------------------------Name : netpbm Product : Fedora 33 Version : 10.93.00 Release : 1.fc33 URL : Summary : A library for handling different graphics file formats Description : The netpbm package contains a library of functions which support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. --------------------------------------------------------------------------------Update Information: New upstream version 10.94.00. Introduced new script pamhomography. --------------------------------------------------------------------------------ChangeLog: * Mon Jan 25 2021 Josef Ridky - 10.93.00-1 - New upstream release 10.93.00 (#1911159) --------------------------------------------------------------------------------References: [ 1 ] Bug #1561207 - CVE-2018-8975 netpbm: heap-buffer-overflow in pm_mallocarray2 function in lib/util/mallocvar.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1561207 [ 2 ] Bug #1911159 - netpbm-10.93.00 is available https://bugzilla.redhat.com/show_bug.cgi?id=1911159 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-df9ede6a02' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
An update that solves two vulnerabilities and has one errata is now available.. openSUSE Security Update: Security update for netpbm ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1605-1 Rating: moderate References: #1024288 #1024291 #1136936 Cross-References: CVE-2017-2579 CVE-2017-2580 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for netpbm fixes the following issues: Security issues fixed: - CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack() (bsc#1024288). - CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster() function (bsc#1024291). - create netpbm-vulnerable subpackage and move pstopnm there, as ghostscript is used to convert (bsc#1136936) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-1605=1 - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-1605=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): libnetpbm-devel-10.80.1-lp151.4.3.1 libnetpbm11-10.80.1-lp151.4.3.1 libnetpbm11-debuginfo-10.80.1-lp151.4.3.1 netpbm-10.80.1-lp151.4.3.1 netpbm-debuginfo-10.80.1-lp151.4.3.1 netpbm-debugsource-10.80.1-lp151.4.3.1 netpbm-vulnerable-10.80.1-lp151.4.3.1 netpbm-vulnerable-debuginfo-10.80.1-lp151.4.3.1 - openSUSE Leap 15.1 (x86_64): libnetpbm11-32bit-10.80.1-lp151.4.3.1 libnetpbm11-32bit-debuginfo-10.80.1-lp151.4.3.1 - openSUSE Leap 15.0 (i586 x86_64): libnetpbm-devel-10.80.1-lp150.2.6.1 libnetpbm11-10.80.1-lp150.2.6.1 libnetpbm11-debuginfo-10.80.1-lp150.2.6.1 netpbm-10.80.1-lp150.2.6.1 netpbm-debuginfo-10.80.1-lp150.2.6.1 netpbm-debugsource-10.80.1-lp150.2.6.1 netpbm-vulnerable-10.80.1-lp150.2.6.1 netpbm-vulnerable-debuginfo-10.80.1-lp150.2.6.1 - openSUSE Leap 15.0 (x86_64): libnetpbm11-32bit-10.80.1-lp150.2.6.1 libnetpbm11-32bit-debuginfo-10.80.1-lp150.2.6.1 References: https://www.suse.com/security/cve/CVE-2017-2579.html https://www.suse.com/security/cve/CVE-2017-2580.html https://bugzilla.suse.com/1024288 https://bugzilla.suse.com/1024291 https://bugzilla.suse.com/1136936 -- . This patch resolves significant vulnerabilities in netpbm for openSUSE Leap 15. Please update immediately to enhance your system's protection.. openSUSE Security Update, netpbm vulnerabilities, security patches. . Severity: Important. LinuxSecurity.com Team
An update that solves three vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for netpbm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1645-1 Rating: moderate References: #1024288 #1024291 #1086777 #1136936 Cross-References: CVE-2017-2579 CVE-2017-2580 CVE-2018-8975 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for netpbm fixes the following issues: Security issues fixed: - CVE-2018-8975: The pm_mallocarray2 function allowed remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file (bsc#1086777). - CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack() (bsc#1024288). - CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster() function (bsc#1024291). - create netpbm-vulnerable subpackage and move pstopnm there (bsc#1136936) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-1645=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-1645=1 - SUSE Linux Enterprise Server12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-1645=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-1645=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-1645=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-1645=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): libnetpbm-devel-10.66.3-8.7.2 netpbm-debuginfo-10.66.3-8.7.2 netpbm-debugsource-10.66.3-8.7.2 - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libnetpbm-devel-10.66.3-8.7.2 netpbm-debuginfo-10.66.3-8.7.2 netpbm-debugsource-10.66.3-8.7.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): libnetpbm11-10.66.3-8.7.2 libnetpbm11-debuginfo-10.66.3-8.7.2 netpbm-10.66.3-8.7.2 netpbm-debuginfo-10.66.3-8.7.2 netpbm-debugsource-10.66.3-8.7.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libnetpbm11-32bit-10.66.3-8.7.2 libnetpbm11-debuginfo-32bit-10.66.3-8.7.2 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libnetpbm11-10.66.3-8.7.2 libnetpbm11-debuginfo-10.66.3-8.7.2 netpbm-10.66.3-8.7.2 netpbm-debuginfo-10.66.3-8.7.2 netpbm-debugsource-10.66.3-8.7.2 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): libnetpbm11-32bit-10.66.3-8.7.2 libnetpbm11-debuginfo-32bit-10.66.3-8.7.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): libnetpbm11-10.66.3-8.7.2 libnetpbm11-32bit-10.66.3-8.7.2 libnetpbm11-debuginfo-10.66.3-8.7.2 libnetpbm11-debuginfo-32bit-10.66.3-8.7.2 netpbm-10.66.3-8.7.2 netpbm-debuginfo-10.66.3-8.7.2 netpbm-debugsource-10.66.3-8.7.2 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libnetpbm11-10.66.3-8.7.2 libnetpbm11-32bit-10.66.3-8.7.2 libnetpbm11-debuginfo-10.66.3-8.7.2 libnetpbm11-debuginfo-32bit-10.66.3-8.7.2 netpbm-10.66.3-8.7.2 netpbm-debuginfo-10.66.3-8.7.2 netpbm-debugsource-10.66.3-8.7.2 References: https://www.suse.com/security/cve/CVE-2017-2579.html https://www.suse.com/security/cve/CVE-2017-2580.html https://www.suse.com/security/cve/CVE-2018-8975.html https://bugzilla.suse.com/1024288 https://bugzilla.suse.com/1024291 https://bugzilla.suse.com/1086777 https://bugzilla.suse.com/1136936 _______________________________________________ sle-security-updates mailing list
An update that solves two vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for netpbm ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14101-1 Rating: moderate References: #1024288 #1024291 #1136936 Cross-References: CVE-2017-2579 CVE-2017-2580 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for netpbm fixes the following issues: Security issues fixed: - CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack() (bsc#1024288). - CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster() function (bsc#1024291). - created a netpbm-vulnerable subpackage and move pstopnm there, as it uses ghostscript for conversion (bsc#1136936) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-netpbm-14101=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-netpbm-14101=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-netpbm-14101=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-netpbm-14101=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libnetpbm10-10.26.44-101.15.5.2 netpbm-10.26.44-101.15.5.2 - SUSE Linux Enterprise Server 11-SP4-LTSS(ppc64 s390x x86_64): libnetpbm10-32bit-10.26.44-101.15.5.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libnetpbm10-10.26.44-101.15.5.2 netpbm-10.26.44-101.15.5.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): netpbm-debuginfo-10.26.44-101.15.5.2 netpbm-debugsource-10.26.44-101.15.5.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): netpbm-debuginfo-10.26.44-101.15.5.2 netpbm-debugsource-10.26.44-101.15.5.2 References: https://www.suse.com/security/cve/CVE-2017-2579.html https://www.suse.com/security/cve/CVE-2017-2580.html https://bugzilla.suse.com/1024288 https://bugzilla.suse.com/1024291 https://bugzilla.suse.com/1136936 _______________________________________________ sle-security-updates mailing list
Get the latest Linux and open source security news straight to your inbox.