Debian alert: netpbm-free

Posted by dave on Jan 19, 2004 4:09 AM EDT
Mailing list
Mail this story
Print this story

netpbm is graphics conversion toolkit made up of a large number of single-purpose programs. Many of these programs were found to create temporary files in an insecure manner, which could allow a local attacker to overwrite files with the privileges of the user invoking a vulnerable netpbm tool.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------- Debian Security Advisory DSA 426-1 [E-mail:security@debian.org] http://www.debian.org/security/ Matt Zimmerman January 18th, 2004 http://www.debian.org/security/faq - --------------------------------------------------------------------------

Package : netpbm-free Vulnerability : insecure temporary files Problem-Type : local Debian-specific: no CVE Ids : CAN-2003-0924

netpbm is graphics conversion toolkit made up of a large number of single-purpose programs. Many of these programs were found to create temporary files in an insecure manner, which could allow a local attacker to overwrite files with the privileges of the user invoking a vulnerable netpbm tool.

For the current stable distribution (woody) these problems have been fixed in version 2:9.20-8.4.

For the unstable distribution (sid) these problems have been fixed in version 2:9.25-9.

We recommend that you update your netpbm-free package.

Upgrade Instructions - --------------------

wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update will update the internal database apt-get upgrade will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.4.dsc Size/MD5 checksum: 662 2074eb1d13fa871111ec06f18ff57725 http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.4.diff.gz Size/MD5 checksum: 52834 0b7fbdc2e47c9a2a2e8da7eb54b98bb6 http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20.orig.tar.gz Size/MD5 checksum: 1882851 0f153116c21bc7d2e167e574a486c22f

Alpha architecture:

http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_alpha.deb Size/MD5 checksum: 77762 1b6724adf13a90cf981122831e20165c http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_alpha.deb Size/MD5 checksum: 135466 ed7e2fb447336275d65c0e984553ac9e http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_alpha.deb Size/MD5 checksum: 1413784 feca605bc7f99fe0b7eb1fe5ae6e4e10

ARM architecture:

http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_arm.deb Size/MD5 checksum: 64148 b8151d91f4b6461d61aff5ca93186356 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_arm.deb Size/MD5 checksum: 125526 5ad7c026d001b8033f7249fb59574f5e http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_arm.deb Size/MD5 checksum: 1127644 e014fc4f87defe6d845288dc19a7f9dc

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_i386.deb Size/MD5 checksum: 62450 6f7e06e132e08cabfd629d0cb89c7d98 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_i386.deb Size/MD5 checksum: 103436 2c5d4e71e3de9bc55303d81a842c97f6 http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_i386.deb Size/MD5 checksum: 1079210 794d6f39a9f8cb427f1ca2569f1b10ec

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_ia64.deb Size/MD5 checksum: 96534 8b8a73f914ec44486e23139547bc5c87 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_ia64.deb Size/MD5 checksum: 170446 39927dc25960cb6db29a1ebe7d09436a http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_ia64.deb Size/MD5 checksum: 1608638 6585784653a932078ba3354844e13fa7

HP Precision architecture:

http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.3_hppa.deb Size/MD5 checksum: 83914 666e951ffedd72f5d2a4e6abe379f94d http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.3_hppa.deb Size/MD5 checksum: 122954 bc35c5b3ca865b04c94b805ef3947b75 http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.3_hppa.deb Size/MD5 checksum: 1337394 248f5113d06737cb2d35c889fb26a95a

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_m68k.deb Size/MD5 checksum: 62048 60f5dfaf168d9a8ed74194ffa3a4e299 http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_m68k.deb Size/MD5 checksum: 102256 909a64f8620188f4bb17fb84613f3f60 http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_m68k.deb Size/MD5 checksum: 1016512 5caf53f54597bf2944ed798a4fe6c299

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/netpbm-fr



  Nav
» Read more about: Story Type: Security; Groups: Debian, GNU, HP, Intel

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.