Ubuntu alert USN-665-1 (netpbm-free) [LWN.net]


From:
    	       Marc Deslauriers <marc.deslauriers@canonical.com>
To:
    	       ubuntu-security-announce@lists.ubuntu.com
Subject:
    	       [USN-665-1] Netpbm vulnerability
Date:
    	       Thu, 06 Nov 2008 17:22:27 -0500
Message-ID:
    	       <1226010147.9467.7.camel@mdlinux>
Cc:
    	       bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
===========================================================
Ubuntu Security Notice USN-665-1          November 06, 2008
netpbm-free vulnerability
CVE-2008-0554
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  netpbm                          2:10.0-10ubuntu1.1

Ubuntu 7.10:
  netpbm                          2:10.0-11ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Netpbm could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted
GIF image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:    47416 8c934de07a571397513476c437cabb2f
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:     1177 8f3609a5895ebad9690b9775566598fe
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:  1926538 985e9f6d531ac0b2004f5cbebdeea87d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:   117090 c98ea1eed4289c4c50a8506a059f1012

http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:    67988 7c8c79e7157b4270e786689b70afebcc
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:  1240542 c83dcf0458f61476e3cbf8e3b973aae2

http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-...
      Size/MD5:   117554 0ade156c94cbd5f0c902720a17a36b91

http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-...
      Size/MD5:    76128 76f13c6a58ee22b753513baea9ee9b4c

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:   107600 61fac1e5c74250be84d52fd6725ab685

http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:    61830 da159f82fb4ee67a3a6c33d6e35042e9
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:  1158566 6c9f3d48e61081bd08fdef781e66f3ef

http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-...
      Size/MD5:   107768 6c9a5ffa2597bb4c140098ba6aee52f8

http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-...
      Size/MD5:    68350 f294764496a8886ec136bb28d9d9fc14

  powerpc architecture (Apple Macintosh G3/G4/G5):


http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:   118684 74b6e583202c40ff700c34a8526364cb

http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:    67920 1f5136910fa28a67c0f502da278e23c2
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:  1433978 584ef3d723e3a1be63d493c2b9fd7799

http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-...
      Size/MD5:   119082 a0f1c6d1fcdcf0751232728d074488eb

http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-...
      Size/MD5:    78724 d5c49cdfb811c9f10dad44fb098a09b4

  sparc architecture (Sun SPARC/UltraSPARC):


http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:   111480 cc24c22f5ed7c2d993dff941ca1278d2

http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:    62984 cd32c55c8d99a810046d1e852876db66
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:  1192324 ae062ef40a1cc92a5927b1d4aada29a7

http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-...
      Size/MD5:   111684 c2141a22c826a11065214829f8391c68

http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-...
      Size/MD5:    68932 35081c20279458fa43675fb68e2590b1

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:    50599 0558b91bb50122e9b8d97db673547f1c
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:     1261 885d22265365eda670af9b89253ae1df
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:  1926538 985e9f6d531ac0b2004f5cbebdeea87d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:   117796 949f0dd3e907cefed173791194f4569c

http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:    69278 727407bf53689821cdc4f1a5d160687b
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:  1259144 42f2b5a581deaf809c831fd5142fc3df

http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-...
      Size/MD5:   118266 9ff4f5fa4973cbc142255afadbfc6642

http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-...
      Size/MD5:    77262 d5666a23440e23e4cf8c2bb77adbfd64

  i386 architecture (x86 compatible Intel/AMD):


http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:   109480 d18aadd3ceed2454beb3358111799b24

http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:    65090 9c5cd559bf82a9d8cb3050f7641b5030
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:  1193458 afa6c3e0a74b0c690625767b31cdf3b5

http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-...
      Size/MD5:   109640 ccd27f32c25b529c51e751821a1adc14

http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-...
      Size/MD5:    71574 52e294370c9f5239bd4ea018f66132d3

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm...
      Size/MD5:   109476 99c83cb6461416e9dcbf004defb67783
    http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm...
      Size/MD5:    64636 b009900becf643ce5da0ebe0f7994bc4
    http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10...
      Size/MD5:  1210064 1dbfa228b0a857bb517c068a1823b875
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libne...
      Size/MD5:   109596 4356f5e395921e3d1ca1f9c916705d33
    http://ports.ubuntu.com/pool/universe/n/netpbm-free/libne...
      Size/MD5:    70978 c6ba0efc2b1cdc0d04de9c670db3ee88

  powerpc architecture (Apple Macintosh G3/G4/G5):


http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:   119718 f6c14468c7d34aad12aa44e20a34ee8c

http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:    72230 d717b745f707bfda7f266c3fb654b913
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:  1570838 9456e2d126e50e7569a0c7f35ecefb72

http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-...
      Size/MD5:   120036 3fd5889c1ccab9d5f2b8a9718fb810ca

http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-...
      Size/MD5:    85384 7575c0ac65d2d748cf4946ba1ccac931

  sparc architecture (Sun SPARC/UltraSPARC):


http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:   112128 d073826b938434f12d3fea1b2c8de8f4

http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:    64596 390b364d2efb37312a6470da82601417
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free...
      Size/MD5:  1239510 d8c259674b5241bd23702f36ed7572f9

http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-...
      Size/MD5:   112318 ce2e6033bca4f16fafaf608b22d87150

http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-...
      Size/MD5:    70588 332d02f00dafb2f4ac5b72fb5a04de56
(Log in to post comments)