drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberläufe in netpbm
Name: |
Pufferüberläufe in netpbm |
|
ID: |
USN-218-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 4.10, Ubuntu 5.04, Ubuntu 5.10 |
|
Datum: |
Mo, 21. November 2005, 19:28 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3662 |
|
Applikationen: |
netpbm |
|
Originalnachricht |
--===============0829490723== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="qMm9M+Fa2AknHoGS" Content-Disposition: inline
--qMm9M+Fa2AknHoGS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
=========================================================== Ubuntu Security Notice USN-218-1 November 21, 2005 netpbm-free vulnerabilities CVE-2005-3632, CVE-2005-3662 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
netpbm
The problem can be corrected by upgrading the affected package to version 2:10.0-5ubuntu0.3 (for Ubuntu 4.10), 2:10.0-8ubuntu0.3 (for Ubuntu 5.04), or 2:10.0-8ubuntu1.2 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Two buffer overflows were discovered in the 'pnmtopng' tool, which were triggered by processing an image with exactly 256 colors when using the -alpha option (CVE-2005-3662) or by processing a text file with very long lines when using the -text option (CVE-2005-3632).
A remote attacker could exploit these to execute arbitrary code by tricking an user or an automated system into processing a specially crafted PNM file with pnmtopng.
Updated packages for Ubuntu 4.10:
Source archives:
netpbm-free_10.0-5ubuntu0.3.diff.gz Size/MD5: 44598 ead4831ac6771ffa450843eda8de8b6f netpbm-free_10.0-5ubuntu0.3.dsc Size/MD5: 760 8917c4b8af6d1a2a312432fcd3ed3595 netpbm-free_10.0.orig.tar.gz Size/MD5: 1926538 985e9f6d531ac0b2004f5cbebdeea87d
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
libnetpbm10-dev_10.0-5ubuntu0.3_amd64.deb Size/MD5: 117936 1c8f6379000640b38056d7857f52e2d5 libnetpbm10_10.0-5ubuntu0.3_amd64.deb Size/MD5: 68660 e8439e9a1ebf81c4ecc1ae296eb6e6cf libnetpbm9-dev_10.0-5ubuntu0.3_amd64.deb Size/MD5: 118326 0f611ff7f14b29375998129c7bc7bb3e libnetpbm9_10.0-5ubuntu0.3_amd64.deb Size/MD5: 77050 a9bb359d7c1c297507f09dcd31713fc4 netpbm_10.0-5ubuntu0.3_amd64.deb Size/MD5: 1276834 d96f4842a748f3bdfcb197b84ad31343
i386 architecture (x86 compatible Intel/AMD)
libnetpbm10-dev_10.0-5ubuntu0.3_i386.deb Size/MD5: 108846 01cd944ce5cedf30ea980cad29b0b650 libnetpbm10_10.0-5ubuntu0.3_i386.deb Size/MD5: 63554 f1a3ee5ec7dc9c4634e05c24ca618e9f libnetpbm9-dev_10.0-5ubuntu0.3_i386.deb Size/MD5: 108984 740b8804b55a2250fad6f0e458685f44 libnetpbm9_10.0-5ubuntu0.3_i386.deb Size/MD5: 70640 fd40bd8686b4c2369e452bf2e3d41cf7 netpbm_10.0-5ubuntu0.3_i386.deb Size/MD5: 1182728 79baa9294649eb6046aef8e4d5066dd9
powerpc architecture (Apple Macintosh G3/G4/G5)
libnetpbm10-dev_10.0-5ubuntu0.3_powerpc.deb Size/MD5: 123554 e6605bb4b223d8af420bd0f26f509bfc libnetpbm10_10.0-5ubuntu0.3_powerpc.deb Size/MD5: 71010 278592a555bc51c000a09aa9f4908212 libnetpbm9-dev_10.0-5ubuntu0.3_powerpc.deb Size/MD5: 123916 bb79f881171a0418700b5712712b3e61 libnetpbm9_10.0-5ubuntu0.3_powerpc.deb Size/MD5: 83060 d48ba48403439efeac5df60a2c832efc netpbm_10.0-5ubuntu0.3_powerpc.deb Size/MD5: 1522018 25fbe90b2b5cb254320e4f071c3ab9be
Updated packages for Ubuntu 5.04:
Source archives:
netpbm-free_10.0-8ubuntu0.3.diff.gz Size/MD5: 46403 2473ab542348267405e98bf75086311a netpbm-free_10.0-8ubuntu0.3.dsc Size/MD5: 755 05ff6fa21964432cd93637a7f59c6f7a netpbm-free_10.0.orig.tar.gz Size/MD5: 1926538 985e9f6d531ac0b2004f5cbebdeea87d
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
libnetpbm10-dev_10.0-8ubuntu0.3_amd64.deb Size/MD5: 118302 e21601f02d9bc91b8a5bd33e16057e62 libnetpbm10_10.0-8ubuntu0.3_amd64.deb Size/MD5: 69062 3bc568b6182ae3dcbc207d29c5207ec6 libnetpbm9-dev_10.0-8ubuntu0.3_amd64.deb Size/MD5: 118688 1f9c424488313a30cbac7d7224d1a2d9 libnetpbm9_10.0-8ubuntu0.3_amd64.deb Size/MD5: 77408 dec047ea83819ba0211d04cbadb92e4b netpbm_10.0-8ubuntu0.3_amd64.deb Size/MD5: 1277814 b10eb7d5065bb20521402f7c2717da1f
i386 architecture (x86 compatible Intel/AMD)
libnetpbm10-dev_10.0-8ubuntu0.3_i386.deb Size/MD5: 109238 9a002099166088d06b80b5cd49f6dd3f libnetpbm10_10.0-8ubuntu0.3_i386.deb Size/MD5: 64042 e00251fbdbfcd0f80601467587b9b351 libnetpbm9-dev_10.0-8ubuntu0.3_i386.deb Size/MD5: 109360 23a0de8dc9b91c2630c86c8e7a4fa761 libnetpbm9_10.0-8ubuntu0.3_i386.deb Size/MD5: 70996 ee6837233c551f7debb5005cf50d1269 netpbm_10.0-8ubuntu0.3_i386.deb Size/MD5: 1175376 0d3ce2fc556bed204e96cb2fe5b2b7ad
powerpc architecture (Apple Macintosh G3/G4/G5)
libnetpbm10-dev_10.0-8ubuntu0.3_powerpc.deb Size/MD5: 123798 720500fb26ac19dfdb7c28649f4f05f7 libnetpbm10_10.0-8ubuntu0.3_powerpc.deb Size/MD5: 71434 0fd1546f624e500d3e9c4536f0f9af7f libnetpbm9-dev_10.0-8ubuntu0.3_powerpc.deb Size/MD5: 124178 f20226e6ea263211e923c9a128e29d11 libnetpbm9_10.0-8ubuntu0.3_powerpc.deb Size/MD5: 83614 b7dd80377a1712f9a60f800a41563cae netpbm_10.0-8ubuntu0.3_powerpc.deb Size/MD5: 1521624 8ded6f73e27ba56360b89d62c632cec7
Updated packages for Ubuntu 5.10:
Source archives:
netpbm-free_10.0-8ubuntu1.2.dsc Size/MD5: 685 46d327d6366e42f80fd160bae5c6cccc netpbm-free_10.0-8ubuntu1.2.tar.gz Size/MD5: 1968551 8180ba0350e9e82213d14407d9d54062
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
libnetpbm10-dev_10.0-8ubuntu1.2_amd64.deb Size/MD5: 116992 3ed365bb3649d860c0627f6492b41080 libnetpbm10_10.0-8ubuntu1.2_amd64.deb Size/MD5: 67868 6e3543ad0208c10834f4ef2383bdfb2e libnetpbm9-dev_10.0-8ubuntu1.2_amd64.deb Size/MD5: 117426 4349d9fc6235396a55c677a21b9ab1f9 libnetpbm9_10.0-8ubuntu1.2_amd64.deb Size/MD5: 76076 e1d13fda9eb8e0971381cd488f5ddad5 netpbm_10.0-8ubuntu1.2_amd64.deb Size/MD5: 1242318 8a4d45754e7bb6ce0964078370bc06de
i386 architecture (x86 compatible Intel/AMD)
libnetpbm10-dev_10.0-8ubuntu1.2_i386.deb Size/MD5: 107438 1306c512e533beb7d6db7cc898b3734e libnetpbm10_10.0-8ubuntu1.2_i386.deb Size/MD5: 61650 e8d8a63ed3b0ccbe6a56fee32fa90f64 libnetpbm9-dev_10.0-8ubuntu1.2_i386.deb Size/MD5: 107638 350bfd8c14c2b1fa81dc6b8d2e9b96e1 libnetpbm9_10.0-8ubuntu1.2_i386.deb Size/MD5: 68324 497f417f9e38a6939b8692dc63d25f5c netpbm_10.0-8ubuntu1.2_i386.deb Size/MD5: 1160942 4d1a5506904e1854d911484187256ee7
powerpc architecture (Apple Macintosh G3/G4/G5)
libnetpbm10-dev_10.0-8ubuntu1.2_powerpc.deb Size/MD5: 118564 4672062e32dc60dd07ea7d0e13ebd587 libnetpbm10_10.0-8ubuntu1.2_powerpc.deb Size/MD5: 67760 d8a059493517d1e3e6cda86daddcb814 libnetpbm9-dev_10.0-8ubuntu1.2_powerpc.deb Size/MD5: 118924 965a8a708f1ca929ea158059b088159a libnetpbm9_10.0-8ubuntu1.2_powerpc.deb Size/MD5: 78716 db0b8a01d8831722012a9518abbbd749 netpbm_10.0-8ubuntu1.2_powerpc.deb Size/MD5: 1442638 79ee88edaf92c82e421fca2df32c88ed
--qMm9M+Fa2AknHoGS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDgg3nDecnbV4Fd/IRAuChAJ4nkRJ/Le1qJF0G4BJiIEDECKGX4gCdHLyA pkGDI9UgHGIdS3EOjNfKZ8s= =FT5p -----END PGP SIGNATURE-----
--qMm9M+Fa2AknHoGS--
--===============0829490723== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0829490723==--
|
|
|
|