Skip to navigation

Security Advisory netpbm security update

Advisory: RHSA-2004:031-02
Type: Security Advisory
Severity: Moderate
Issued on: 2004-02-03
Last updated on: 2004-02-03
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2003-0924

Details

Updated NetPBM packages are available that fix a number of temporary file
vulnerabilities in the netpbm libraries.

The netpbm package contains a library of functions that support
programs for handling various graphics file formats, including .pbm
(portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps),
.ppm (portable pixmaps), and others.

A number of temporary file bugs have been found in versions of NetPBM.
These could make it possible for a local user to overwrite or create files
as a different user who happens to run one of the the vulnerable utilities.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0924 to this issue.

Users are advised to upgrade to the erratum packages, which contain patches
from Debian that correct these bugs.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate
Errors, you need to install a version of the up2date client with an updated
certificate. The latest version of up2date is available from the Red Hat
FTP site and may also be downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
netpbm-9.24-9.AS21.3.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: 8bbc9ff6c4b08893f2c03fc88bb23905
netpbm-9.24-9.AS21.3.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: 8bbc9ff6c4b08893f2c03fc88bb23905
 
IA-32:
netpbm-9.24-9.AS21.3.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: f4c7109c7a376c4c202fb6279ffcc4e5
netpbm-devel-9.24-9.AS21.3.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: f785e50afebe924800d21127e6b645b4
netpbm-progs-9.24-9.AS21.3.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 13fa445162e2e8494f9ad146af1ae434
 
IA-64:
netpbm-9.24-9.AS21.3.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 45f86efa10aaa64db8fa3c408f7b9397
netpbm-devel-9.24-9.AS21.3.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 12971730603f67369e01a65c23c4e931
netpbm-progs-9.24-9.AS21.3.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 5d26a76ce5f09e9d39551fdb1afa1d73
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
netpbm-9.24-11.30.1.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: b29c97494678db01c8887d94c3871c1d
netpbm-9.24-11.30.1.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: b29c97494678db01c8887d94c3871c1d
 
IA-32:
netpbm-9.24-11.30.1.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: b3e56c4b52c47d7fbc46d0c936c7a8ac
netpbm-devel-9.24-11.30.1.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 61f01cc1fa52359932542ae05ff58eac
netpbm-progs-9.24-11.30.1.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 8248d6d1bf5869576d4d2f3391289824
 
IA-64:
netpbm-9.24-11.30.1.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: b3e56c4b52c47d7fbc46d0c936c7a8ac
netpbm-9.24-11.30.1.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 9af2434d6aeab77499c790dd70323865
netpbm-devel-9.24-11.30.1.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: c57a05a0c29810cd94f24084c0142785
netpbm-progs-9.24-11.30.1.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: fae85f2380940047e5ef08bef7e946c3
 
PPC:
netpbm-9.24-11.30.1.ppc.rpm
File outdated by:  RHSA-2008:0131
    MD5: 98f39fd8b05e12c7ff97ab371c917d4c
netpbm-devel-9.24-11.30.1.ppc.rpm
File outdated by:  RHSA-2008:0131
    MD5: 795e390b200901e4a31622d993287a1b
netpbm-progs-9.24-11.30.1.ppc.rpm
File outdated by:  RHSA-2008:0131
    MD5: dcc87bac4fa4a1c24c8866dedc3b24cd
 
s390:
netpbm-9.24-11.30.1.s390.rpm
File outdated by:  RHSA-2008:0131
    MD5: d8c1b086406545bdb445ad8351d32064
netpbm-devel-9.24-11.30.1.s390.rpm
File outdated by:  RHSA-2008:0131
    MD5: 9aeb4fc506d5f6ecabbda9d53768bfbf
netpbm-progs-9.24-11.30.1.s390.rpm
File outdated by:  RHSA-2008:0131
    MD5: 72b0e00eff5ab8c9b12d024ccec8b4ef
 
s390x:
netpbm-9.24-11.30.1.s390.rpm
File outdated by:  RHSA-2008:0131
    MD5: d8c1b086406545bdb445ad8351d32064
netpbm-9.24-11.30.1.s390x.rpm
File outdated by:  RHSA-2008:0131
    MD5: 2da0b2f625e1183e9338078a9e157119
netpbm-devel-9.24-11.30.1.s390x.rpm
File outdated by:  RHSA-2008:0131
    MD5: 25fb541d7d744c0261ee8ff4f8a1f465
netpbm-progs-9.24-11.30.1.s390x.rpm
File outdated by:  RHSA-2008:0131
    MD5: b6b4abb4d5b430c71031bb83de31aa7f
 
x86_64:
netpbm-9.24-11.30.1.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: b3e56c4b52c47d7fbc46d0c936c7a8ac
netpbm-9.24-11.30.1.x86_64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 3cdce35a97c66ca2a89dbe7e82eaaf7f
netpbm-devel-9.24-11.30.1.x86_64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 7e988b8c649b9099ab4dd740a20a044a
netpbm-progs-9.24-11.30.1.x86_64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 0af149db153c4c5dfc6aa3bdeb00297d
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
netpbm-9.24-9.AS21.3.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: 8bbc9ff6c4b08893f2c03fc88bb23905
netpbm-9.24-9.AS21.3.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: 8bbc9ff6c4b08893f2c03fc88bb23905
 
IA-32:
netpbm-9.24-9.AS21.3.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: f4c7109c7a376c4c202fb6279ffcc4e5
netpbm-devel-9.24-9.AS21.3.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: f785e50afebe924800d21127e6b645b4
netpbm-progs-9.24-9.AS21.3.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 13fa445162e2e8494f9ad146af1ae434
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
netpbm-9.24-11.30.1.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: b29c97494678db01c8887d94c3871c1d
netpbm-9.24-11.30.1.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: b29c97494678db01c8887d94c3871c1d
 
IA-32:
netpbm-9.24-11.30.1.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: b3e56c4b52c47d7fbc46d0c936c7a8ac
netpbm-devel-9.24-11.30.1.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 61f01cc1fa52359932542ae05ff58eac
netpbm-progs-9.24-11.30.1.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 8248d6d1bf5869576d4d2f3391289824
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
netpbm-9.24-9.AS21.3.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: 8bbc9ff6c4b08893f2c03fc88bb23905
netpbm-9.24-9.AS21.3.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: 8bbc9ff6c4b08893f2c03fc88bb23905
 
IA-32:
netpbm-9.24-9.AS21.3.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: f4c7109c7a376c4c202fb6279ffcc4e5
netpbm-devel-9.24-9.AS21.3.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: f785e50afebe924800d21127e6b645b4
netpbm-progs-9.24-9.AS21.3.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 13fa445162e2e8494f9ad146af1ae434
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
netpbm-9.24-11.30.1.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: b29c97494678db01c8887d94c3871c1d
netpbm-9.24-11.30.1.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: b29c97494678db01c8887d94c3871c1d
 
IA-32:
netpbm-9.24-11.30.1.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: b3e56c4b52c47d7fbc46d0c936c7a8ac
netpbm-devel-9.24-11.30.1.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 61f01cc1fa52359932542ae05ff58eac
netpbm-progs-9.24-11.30.1.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 8248d6d1bf5869576d4d2f3391289824
 
IA-64:
netpbm-9.24-11.30.1.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: b3e56c4b52c47d7fbc46d0c936c7a8ac
netpbm-9.24-11.30.1.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 9af2434d6aeab77499c790dd70323865
netpbm-devel-9.24-11.30.1.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: c57a05a0c29810cd94f24084c0142785
netpbm-progs-9.24-11.30.1.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: fae85f2380940047e5ef08bef7e946c3
 
x86_64:
netpbm-9.24-11.30.1.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: b3e56c4b52c47d7fbc46d0c936c7a8ac
netpbm-9.24-11.30.1.x86_64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 3cdce35a97c66ca2a89dbe7e82eaaf7f
netpbm-devel-9.24-11.30.1.x86_64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 7e988b8c649b9099ab4dd740a20a044a
netpbm-progs-9.24-11.30.1.x86_64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 0af149db153c4c5dfc6aa3bdeb00297d
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
netpbm-9.24-9.AS21.3.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: 8bbc9ff6c4b08893f2c03fc88bb23905
netpbm-9.24-9.AS21.3.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: 8bbc9ff6c4b08893f2c03fc88bb23905
 
IA-64:
netpbm-9.24-9.AS21.3.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 45f86efa10aaa64db8fa3c408f7b9397
netpbm-devel-9.24-9.AS21.3.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 12971730603f67369e01a65c23c4e931
netpbm-progs-9.24-9.AS21.3.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 5d26a76ce5f09e9d39551fdb1afa1d73
 

Bugs fixed (see bugzilla for more information)

113841 - CAN-2003-0924 netpbm temporary file vulnerabilities


References


Keywords

symlink, tmp, tmpfile


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/