Login
Newsletter
Werbung
Sicherheit: Pufferüberlauf in netpbm
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in netpbm
ID: MDKSA-2005:199
Distribution: Mandriva
Plattformen: Mandriva 10.2, Mandriva 2006.0
Datum: Di, 1. November 2005, 17:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2978
Applikationen: netpbm

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1130364327-24125-9

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2005:199
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : netpbm
 Date    : October 26, 2005
 Affected: 10.2, 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 Pnmtopng in netpbm 10.2X, when using the -trans option, uses 
 uninitialized size and index variables when converting Portable 
 Anymap (PNM) images to Portable Network Graphics (PNG), which might 
 allow attackers to execute arbitrary code by modifying the stack.
 
 Netpbm 9.2X is not affected by this vulnerability.
 
 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2978
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.2:
 ea24ad6ff612f0fce46eff6fb2233599 
 10.2/RPMS/libnetpbm10-10.26-2.2.102mdk.i586.rpm
 b91191e8a7596085eb467894dd84232e 
 10.2/RPMS/libnetpbm10-devel-10.26-2.2.102mdk.i586.rpm
 8965b6516f0be5e952bfd179f1024630 
 10.2/RPMS/libnetpbm10-static-devel-10.26-2.2.102mdk.i586.rpm
 1ae015666de512fb398060ec73c8bbea  10.2/RPMS/netpbm-10.26-2.2.102mdk.i586.rpm
 868de752ab4de8dc609a2b3c47432190  10.2/SRPMS/netpbm-10.26-2.2.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 b43b2e9787434ece104048f245fbe392 
 x86_64/10.2/RPMS/lib64netpbm10-10.26-2.2.102mdk.x86_64.rpm
 0a8a3e79a679f0a15265e4fa1d36df51 
 x86_64/10.2/RPMS/lib64netpbm10-devel-10.26-2.2.102mdk.x86_64.rpm
 dcab386cd578ab45a7f664e3e3a2f90b 
 x86_64/10.2/RPMS/lib64netpbm10-static-devel-10.26-2.2.102mdk.x86_64.rpm
 69b5ad7432ba251c210f91589a0ccdbf 
 x86_64/10.2/RPMS/netpbm-10.26-2.2.102mdk.x86_64.rpm
 868de752ab4de8dc609a2b3c47432190 
 x86_64/10.2/SRPMS/netpbm-10.26-2.2.102mdk.src.rpm

 Mandriva Linux 2006.0:
 4ffed80a15a8d15cd8c9d2c227d3c03d 
 2006.0/RPMS/libnetpbm10-10.29-1.2.20060mdk.i586.rpm
 55a9bee09a885a83c553819d7c8d22ab 
 2006.0/RPMS/libnetpbm10-devel-10.29-1.2.20060mdk.i586.rpm
 e1f55280419d7641251ad1f3fc8d31ec 
 2006.0/RPMS/libnetpbm10-static-devel-10.29-1.2.20060mdk.i586.rpm
 8482ee2780ac0ccbc2cf177b3ba3b2f0 
 2006.0/RPMS/netpbm-10.29-1.2.20060mdk.i586.rpm
 2ffcf5c132e2dd0013aef1b0ccdb214f 
 2006.0/SRPMS/netpbm-10.29-1.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 ca343baca521cc747f6254c9442a44a2 
 x86_64/2006.0/RPMS/lib64netpbm10-10.29-1.2.20060mdk.x86_64.rpm
 17aa56ad4fb21994e79cd6ca51466908 
 x86_64/2006.0/RPMS/lib64netpbm10-devel-10.29-1.2.20060mdk.x86_64.rpm
 8356a5735527b39db5786e2e66fce0f7 
 x86_64/2006.0/RPMS/lib64netpbm10-static-devel-10.29-1.2.20060mdk.x86_64.rpm
 80d8111cfc32bbf7a92fcb57fc331d9e 
 x86_64/2006.0/RPMS/netpbm-10.29-1.2.20060mdk.x86_64.rpm
 2ffcf5c132e2dd0013aef1b0ccdb214f 
 x86_64/2006.0/SRPMS/netpbm-10.29-1.2.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDX/dsmqjQ0CJFipgRApn2AKCp29/lilSIzOYcCUFSEz+MumBKygCgypmK
qv5fbcy/7m96KZC3lSfVwAE=
=26MT
-----END PGP SIGNATURE-----

------------=_1130364327-24125-9
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1130364327-24125-9--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung