Login
Newsletter
Werbung

Sicherheit: Ausführen beliebigen Codes in netpbm (Fedora Core 3)
Aktuelle Meldungen Distributionen
Name: Ausführen beliebigen Codes in netpbm (Fedora Core 3)
ID: FEDORA-2005-727
Distribution: Fedora
Plattformen: Fedora Core 3
Datum: Mi, 17. August 2005, 13:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2471
Applikationen: netpbm

Originalnachricht

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-727
2005-08-17
---------------------------------------------------------------------

Product : Fedora Core 3
Name : netpbm
Version : 10.28
Release : 1.FC3.2
Summary : A library for handling different graphics file formats.
Description :
The netpbm package contains a library of functions that support
programs for handling various graphics file formats, including .pbm
(portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps),
.ppm (portable pixmaps), and others.

---------------------------------------------------------------------
Update Information:

pstopnm in netpbm does not properly use the "-dSAFER" option
when calling Ghostscript to convert a PostScript file into a
(1) PBM, (2) PGM, or (3) PNM file, which allows external
user-complicit attackers to execute arbitrary commands.


---------------------------------------------------------------------
* Tue Aug 9 2005 Jindrich Novy <jnovy@redhat.com> 10.28-1.FC3.2
- fix CAN-2005-2471, unsafe gs calls from pstopnm (#165355)


---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

682fef4118379453f9904ed11025d19c SRPMS/netpbm-10.28-1.FC3.2.src.rpm
52025f87544eeff14dbd28e041f8f835 x86_64/netpbm-10.28-1.FC3.2.x86_64.rpm
f54e3b276f7de91c60e0274a7e4fa296 x86_64/netpbm-devel-10.28-1.FC3.2.x86_64.rpm
ba23352b4a3408cc09b5a94c7a3ba763 x86_64/netpbm-progs-10.28-1.FC3.2.x86_64.rpm
4f2c90bc63f325618f3f62606c53a8d1
x86_64/debug/netpbm-debuginfo-10.28-1.FC3.2.x86_64.rpm
77147e145fab7be9d1d3979bd8a6623b x86_64/netpbm-10.28-1.FC3.2.i386.rpm
77147e145fab7be9d1d3979bd8a6623b i386/netpbm-10.28-1.FC3.2.i386.rpm
ca36d8da2ce9258dda55bef56459cddf i386/netpbm-devel-10.28-1.FC3.2.i386.rpm
76580d236a22bf1093ff1deaedd448f9 i386/netpbm-progs-10.28-1.FC3.2.i386.rpm
765ecc1610149fb2ee54b4f59b0e8a44
i386/debug/netpbm-debuginfo-10.28-1.FC3.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung