Security Advisory Moderate: netpbm security update

Advisory: RHSA-2008:0131-2
Type: Security Advisory
Severity: Moderate
Issued on: 2008-02-28
Last updated on: 2008-02-28
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: com.redhat.rhsa-20080131.xml
CVEs (cve.mitre.org): CVE-2008-0554

Details

Updated netpbm packages that fix a security issue are now available for Red
Hat Enterprise Linux 2.1, 3, and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The netpbm package contains a library of functions for editing and
converting between various graphics file formats, including .pbm (portable
bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable
pixmaps) and others. The package includes no interactive tools and is
primarily used by other programs (eg CGI scripts that manage web-site
images).

An input validation flaw was discovered in the GIF-to-PNM converter
(giftopnm) shipped with the netpbm package. An attacker could create a
carefully crafted GIF file which could cause giftopnm to crash or possibly
execute arbitrary code as the user running giftopnm. (CVE-2008-0554)

All users are advised to upgrade to these updated packages which contain a
backported patch which resolves this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
netpbm-9.24-11.30.5.src.rpm     246b0cbca269f329f1f517d25de49a35
 
IA-32:
netpbm-9.24-11.30.5.i386.rpm     40bc99699e9e00962a5ff66604b4c804
netpbm-devel-9.24-11.30.5.i386.rpm     9163623372295e7871a89db6ffa415a8
netpbm-progs-9.24-11.30.5.i386.rpm     744727a8e336537517b271be6540b9b7
 
x86_64:
netpbm-9.24-11.30.5.i386.rpm     40bc99699e9e00962a5ff66604b4c804
netpbm-9.24-11.30.5.x86_64.rpm     5bc80877d303df933f3b9e6a54f501d9
netpbm-devel-9.24-11.30.5.x86_64.rpm     7b166fa6a522f9751e8edcd67d4b5190
netpbm-progs-9.24-11.30.5.x86_64.rpm     ec818bda9c0a4ebe70ad29c27e4c7425
 
Red Hat Desktop (v. 4)
SRPMS:
netpbm-10.25-2.EL4.6.el4_6.1.src.rpm     fb4481c56b5e87d4c73667520866c79e
 
IA-32:
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm     ff70d7e1338f9841d3ac9dd6beab8db8
netpbm-devel-10.25-2.EL4.6.el4_6.1.i386.rpm     f7bb233a63d817c7a53d3b7deec5bd9e
netpbm-progs-10.25-2.EL4.6.el4_6.1.i386.rpm     49dc5382f0189d49d5c9e4776150ed20
 
x86_64:
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm     ff70d7e1338f9841d3ac9dd6beab8db8
netpbm-10.25-2.EL4.6.el4_6.1.x86_64.rpm     44ac5cb6007421b5a594756a3085023b
netpbm-devel-10.25-2.EL4.6.el4_6.1.x86_64.rpm     3586dd054b2b9292fe2538830ef02470
netpbm-progs-10.25-2.EL4.6.el4_6.1.x86_64.rpm     bbf1a19b9a6b13ac62ea06cf33a4cf3a
 
Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
netpbm-9.24-9.AS21.7.src.rpm     f5c10fbb052c30fb3b2b068611fe74e8
 
IA-32:
netpbm-9.24-9.AS21.7.i386.rpm     0e76eb27df51ec0ea0d809a7b83de558
netpbm-devel-9.24-9.AS21.7.i386.rpm     119f7ba2908b14bcd30944343e4c7d25
netpbm-progs-9.24-9.AS21.7.i386.rpm     7eca7094a4a42816797bc8de21ba7628
 
IA-64:
netpbm-9.24-9.AS21.7.ia64.rpm     6dde305852c951347097bc6ea91265bb
netpbm-devel-9.24-9.AS21.7.ia64.rpm     5358f44c1adfac3bbbeade50d19f208b
netpbm-progs-9.24-9.AS21.7.ia64.rpm     e96cf3834d6d5f5f836ae1e19c935779
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
netpbm-9.24-11.30.5.src.rpm     246b0cbca269f329f1f517d25de49a35
 
IA-32:
netpbm-9.24-11.30.5.i386.rpm     40bc99699e9e00962a5ff66604b4c804
netpbm-devel-9.24-11.30.5.i386.rpm     9163623372295e7871a89db6ffa415a8
netpbm-progs-9.24-11.30.5.i386.rpm     744727a8e336537517b271be6540b9b7
 
IA-64:
netpbm-9.24-11.30.5.i386.rpm     40bc99699e9e00962a5ff66604b4c804
netpbm-9.24-11.30.5.ia64.rpm     f4dcff3010aac9be801abc64817b9b45
netpbm-devel-9.24-11.30.5.ia64.rpm     8332e03ff5fad703c5980c0c3c90fd69
netpbm-progs-9.24-11.30.5.ia64.rpm     bb618be803cba5f506208e6066e60a2a
 
PPC:
netpbm-9.24-11.30.5.ppc.rpm     45c051b163338c836125397d53d0da64
netpbm-9.24-11.30.5.ppc64.rpm     56f13dbcbbc9cebc679be418feffe582
netpbm-devel-9.24-11.30.5.ppc.rpm     3e19013b96fd5d869e595f8a2152659a
netpbm-progs-9.24-11.30.5.ppc.rpm     6e1b9083992a6e84ef74e705a8c4f38a
 
s390:
netpbm-9.24-11.30.5.s390.rpm     400de4b4e96757244944340bfef59309
netpbm-devel-9.24-11.30.5.s390.rpm     ede91c0e5c81c5c063c0704d26d74a09
netpbm-progs-9.24-11.30.5.s390.rpm     ff7c53f9c9163dbb22f2c38ed3498499
 
s390x:
netpbm-9.24-11.30.5.s390.rpm     400de4b4e96757244944340bfef59309
netpbm-9.24-11.30.5.s390x.rpm     4a3268588234d25138c144847681e9bb
netpbm-devel-9.24-11.30.5.s390x.rpm     e8b7caa47b9dfae03831917f25000281
netpbm-progs-9.24-11.30.5.s390x.rpm     6c428fc3ff29ff4cf6b51a0a15c70d62
 
x86_64:
netpbm-9.24-11.30.5.i386.rpm     40bc99699e9e00962a5ff66604b4c804
netpbm-9.24-11.30.5.x86_64.rpm     5bc80877d303df933f3b9e6a54f501d9
netpbm-devel-9.24-11.30.5.x86_64.rpm     7b166fa6a522f9751e8edcd67d4b5190
netpbm-progs-9.24-11.30.5.x86_64.rpm     ec818bda9c0a4ebe70ad29c27e4c7425
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
netpbm-10.25-2.EL4.6.el4_6.1.src.rpm     fb4481c56b5e87d4c73667520866c79e
 
IA-32:
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm     ff70d7e1338f9841d3ac9dd6beab8db8
netpbm-devel-10.25-2.EL4.6.el4_6.1.i386.rpm     f7bb233a63d817c7a53d3b7deec5bd9e
netpbm-progs-10.25-2.EL4.6.el4_6.1.i386.rpm     49dc5382f0189d49d5c9e4776150ed20
 
IA-64:
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm     ff70d7e1338f9841d3ac9dd6beab8db8
netpbm-10.25-2.EL4.6.el4_6.1.ia64.rpm     01218a60d9596a5ebc9fa0305e62260a
netpbm-devel-10.25-2.EL4.6.el4_6.1.ia64.rpm     cb7be920902dbfdd25f876245b87aed3
netpbm-progs-10.25-2.EL4.6.el4_6.1.ia64.rpm     1c15371ecf33dfe9ebd4458b30688ae2
 
PPC:
netpbm-10.25-2.EL4.6.el4_6.1.ppc.rpm     1212f7f26f1c7a8f960451a1632a33c4
netpbm-10.25-2.EL4.6.el4_6.1.ppc64.rpm     4068105f6075152681f0f180142a1c0d
netpbm-devel-10.25-2.EL4.6.el4_6.1.ppc.rpm     3315c2d369aa84b050d5da3ecb8272cc
netpbm-progs-10.25-2.EL4.6.el4_6.1.ppc.rpm     c3b9c427be3d55da358b67aab820ae53
 
s390:
netpbm-10.25-2.EL4.6.el4_6.1.s390.rpm     26390a1b7fed6e8245af21946e8a2c3d
netpbm-devel-10.25-2.EL4.6.el4_6.1.s390.rpm     e19a6511a9430f0421a0267e1653f565
netpbm-progs-10.25-2.EL4.6.el4_6.1.s390.rpm     da158ef72ae11cca449585c18a538e44
 
s390x:
netpbm-10.25-2.EL4.6.el4_6.1.s390.rpm     26390a1b7fed6e8245af21946e8a2c3d
netpbm-10.25-2.EL4.6.el4_6.1.s390x.rpm     51751ad566b62bbcbaef97380cb223dc
netpbm-devel-10.25-2.EL4.6.el4_6.1.s390x.rpm     c303908c99ebfa3599f72f8577f6f1f8
netpbm-progs-10.25-2.EL4.6.el4_6.1.s390x.rpm     b5cb5a53e4a8240d9c43963c90d4956e
 
x86_64:
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm     ff70d7e1338f9841d3ac9dd6beab8db8
netpbm-10.25-2.EL4.6.el4_6.1.x86_64.rpm     44ac5cb6007421b5a594756a3085023b
netpbm-devel-10.25-2.EL4.6.el4_6.1.x86_64.rpm     3586dd054b2b9292fe2538830ef02470
netpbm-progs-10.25-2.EL4.6.el4_6.1.x86_64.rpm     bbf1a19b9a6b13ac62ea06cf33a4cf3a
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
netpbm-9.24-9.AS21.7.src.rpm     f5c10fbb052c30fb3b2b068611fe74e8
 
IA-32:
netpbm-9.24-9.AS21.7.i386.rpm     0e76eb27df51ec0ea0d809a7b83de558
netpbm-devel-9.24-9.AS21.7.i386.rpm     119f7ba2908b14bcd30944343e4c7d25
netpbm-progs-9.24-9.AS21.7.i386.rpm     7eca7094a4a42816797bc8de21ba7628
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
netpbm-9.24-11.30.5.src.rpm     246b0cbca269f329f1f517d25de49a35
 
IA-32:
netpbm-9.24-11.30.5.i386.rpm     40bc99699e9e00962a5ff66604b4c804
netpbm-devel-9.24-11.30.5.i386.rpm     9163623372295e7871a89db6ffa415a8
netpbm-progs-9.24-11.30.5.i386.rpm     744727a8e336537517b271be6540b9b7
 
IA-64:
netpbm-9.24-11.30.5.i386.rpm     40bc99699e9e00962a5ff66604b4c804
netpbm-9.24-11.30.5.ia64.rpm     f4dcff3010aac9be801abc64817b9b45
netpbm-devel-9.24-11.30.5.ia64.rpm     8332e03ff5fad703c5980c0c3c90fd69
netpbm-progs-9.24-11.30.5.ia64.rpm     bb618be803cba5f506208e6066e60a2a
 
x86_64:
netpbm-9.24-11.30.5.i386.rpm     40bc99699e9e00962a5ff66604b4c804
netpbm-9.24-11.30.5.x86_64.rpm     5bc80877d303df933f3b9e6a54f501d9
netpbm-devel-9.24-11.30.5.x86_64.rpm     7b166fa6a522f9751e8edcd67d4b5190
netpbm-progs-9.24-11.30.5.x86_64.rpm     ec818bda9c0a4ebe70ad29c27e4c7425
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
netpbm-10.25-2.EL4.6.el4_6.1.src.rpm     fb4481c56b5e87d4c73667520866c79e
 
IA-32:
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm     ff70d7e1338f9841d3ac9dd6beab8db8
netpbm-devel-10.25-2.EL4.6.el4_6.1.i386.rpm     f7bb233a63d817c7a53d3b7deec5bd9e
netpbm-progs-10.25-2.EL4.6.el4_6.1.i386.rpm     49dc5382f0189d49d5c9e4776150ed20
 
IA-64:
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm     ff70d7e1338f9841d3ac9dd6beab8db8
netpbm-10.25-2.EL4.6.el4_6.1.ia64.rpm     01218a60d9596a5ebc9fa0305e62260a
netpbm-devel-10.25-2.EL4.6.el4_6.1.ia64.rpm     cb7be920902dbfdd25f876245b87aed3
netpbm-progs-10.25-2.EL4.6.el4_6.1.ia64.rpm     1c15371ecf33dfe9ebd4458b30688ae2
 
x86_64:
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm     ff70d7e1338f9841d3ac9dd6beab8db8
netpbm-10.25-2.EL4.6.el4_6.1.x86_64.rpm     44ac5cb6007421b5a594756a3085023b
netpbm-devel-10.25-2.EL4.6.el4_6.1.x86_64.rpm     3586dd054b2b9292fe2538830ef02470
netpbm-progs-10.25-2.EL4.6.el4_6.1.x86_64.rpm     bbf1a19b9a6b13ac62ea06cf33a4cf3a
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
netpbm-9.24-9.AS21.7.src.rpm     f5c10fbb052c30fb3b2b068611fe74e8
 
IA-32:
netpbm-9.24-9.AS21.7.i386.rpm     0e76eb27df51ec0ea0d809a7b83de558
netpbm-devel-9.24-9.AS21.7.i386.rpm     119f7ba2908b14bcd30944343e4c7d25
netpbm-progs-9.24-9.AS21.7.i386.rpm     7eca7094a4a42816797bc8de21ba7628
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
netpbm-9.24-11.30.5.src.rpm     246b0cbca269f329f1f517d25de49a35
 
IA-32:
netpbm-9.24-11.30.5.i386.rpm     40bc99699e9e00962a5ff66604b4c804
netpbm-devel-9.24-11.30.5.i386.rpm     9163623372295e7871a89db6ffa415a8
netpbm-progs-9.24-11.30.5.i386.rpm     744727a8e336537517b271be6540b9b7
 
IA-64:
netpbm-9.24-11.30.5.i386.rpm     40bc99699e9e00962a5ff66604b4c804
netpbm-9.24-11.30.5.ia64.rpm     f4dcff3010aac9be801abc64817b9b45
netpbm-devel-9.24-11.30.5.ia64.rpm     8332e03ff5fad703c5980c0c3c90fd69
netpbm-progs-9.24-11.30.5.ia64.rpm     bb618be803cba5f506208e6066e60a2a
 
x86_64:
netpbm-9.24-11.30.5.i386.rpm     40bc99699e9e00962a5ff66604b4c804
netpbm-9.24-11.30.5.x86_64.rpm     5bc80877d303df933f3b9e6a54f501d9
netpbm-devel-9.24-11.30.5.x86_64.rpm     7b166fa6a522f9751e8edcd67d4b5190
netpbm-progs-9.24-11.30.5.x86_64.rpm     ec818bda9c0a4ebe70ad29c27e4c7425
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
netpbm-10.25-2.EL4.6.el4_6.1.src.rpm     fb4481c56b5e87d4c73667520866c79e
 
IA-32:
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm     ff70d7e1338f9841d3ac9dd6beab8db8
netpbm-devel-10.25-2.EL4.6.el4_6.1.i386.rpm     f7bb233a63d817c7a53d3b7deec5bd9e
netpbm-progs-10.25-2.EL4.6.el4_6.1.i386.rpm     49dc5382f0189d49d5c9e4776150ed20
 
IA-64:
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm     ff70d7e1338f9841d3ac9dd6beab8db8
netpbm-10.25-2.EL4.6.el4_6.1.ia64.rpm     01218a60d9596a5ebc9fa0305e62260a
netpbm-devel-10.25-2.EL4.6.el4_6.1.ia64.rpm     cb7be920902dbfdd25f876245b87aed3
netpbm-progs-10.25-2.EL4.6.el4_6.1.ia64.rpm     1c15371ecf33dfe9ebd4458b30688ae2
 
x86_64:
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm     ff70d7e1338f9841d3ac9dd6beab8db8
netpbm-10.25-2.EL4.6.el4_6.1.x86_64.rpm     44ac5cb6007421b5a594756a3085023b
netpbm-devel-10.25-2.EL4.6.el4_6.1.x86_64.rpm     3586dd054b2b9292fe2538830ef02470
netpbm-progs-10.25-2.EL4.6.el4_6.1.x86_64.rpm     bbf1a19b9a6b13ac62ea06cf33a4cf3a
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
netpbm-9.24-9.AS21.7.src.rpm     f5c10fbb052c30fb3b2b068611fe74e8
 
IA-64:
netpbm-9.24-9.AS21.7.ia64.rpm     6dde305852c951347097bc6ea91265bb
netpbm-devel-9.24-9.AS21.7.ia64.rpm     5358f44c1adfac3bbbeade50d19f208b
netpbm-progs-9.24-9.AS21.7.ia64.rpm     e96cf3834d6d5f5f836ae1e19c935779
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

431525 - CVE-2008-0554 netpbm: GIF handling buffer overflow in giftopnm


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0554
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/