LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2005-727 (netpbm)



From:
    	      Jindrich Novy <jnovy@redhat.com>


To:
    	      fedora-announce-list@redhat.com


Subject:
    	      [SECURITY] Fedora Core 3 Update: netpbm-10.28-1.FC3.2


Date:
    	      Wed, 17 Aug 2005 16:32:06 -0400


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-727
2005-08-17
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : netpbm
Version     : 10.28                      
Release     : 1.FC3.2                  
Summary     : A library for handling different graphics file formats.
Description :
The netpbm package contains a library of functions that support
programs for handling various graphics file formats, including .pbm
(portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps),
.ppm (portable pixmaps), and others.

---------------------------------------------------------------------
Update Information:

pstopnm in netpbm does not properly use the "-dSAFER" option
when calling Ghostscript to convert a PostScript file into a
(1) PBM, (2) PGM, or (3) PNM file, which allows external
user-complicit attackers to execute arbitrary commands.


---------------------------------------------------------------------
* Tue Aug  9 2005 Jindrich Novy <jnovy@redhat.com> 10.28-1.FC3.2
- fix CAN-2005-2471, unsafe gs calls from pstopnm (#165355)


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/u...

682fef4118379453f9904ed11025d19c  SRPMS/netpbm-10.28-1.FC3.2.src.rpm
52025f87544eeff14dbd28e041f8f835  x86_64/netpbm-10.28-1.FC3.2.x86_64.rpm
f54e3b276f7de91c60e0274a7e4fa296  x86_64/netpbm-devel-10.28-1.FC3.2.x86_64.rpm
ba23352b4a3408cc09b5a94c7a3ba763  x86_64/netpbm-progs-10.28-1.FC3.2.x86_64.rpm
4f2c90bc63f325618f3f62606c53a8d1 
x86_64/debug/netpbm-debuginfo-10.28-1.FC3.2.x86_64.rpm
77147e145fab7be9d1d3979bd8a6623b  x86_64/netpbm-10.28-1.FC3.2.i386.rpm
77147e145fab7be9d1d3979bd8a6623b  i386/netpbm-10.28-1.FC3.2.i386.rpm
ca36d8da2ce9258dda55bef56459cddf  i386/netpbm-devel-10.28-1.FC3.2.i386.rpm
76580d236a22bf1093ff1deaedd448f9  i386/netpbm-progs-10.28-1.FC3.2.i386.rpm
765ecc1610149fb2ee54b4f59b0e8a44  i386/debug/netpbm-debuginfo-10.28-1.FC3.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds