Skip to navigation

Security Advisory netpbm security update

Advisory: RHSA-2005:843-8
Type: Security Advisory
Severity: Moderate
Issued on: 2005-12-20
Last updated on: 2005-12-20
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2005-3632
CVE-2005-3662

Details

Updated netpbm packages that fix two security issues are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The netpbm package contains a library of functions that support programs
for handling various graphics file formats.

A stack based buffer overflow bug was found in the way netpbm converts
Portable Anymap (PNM) files into Portable Network Graphics (PNG). A
specially crafted PNM file could allow an attacker to execute arbitrary
code by attempting to convert a PNM file to a PNG file when using pnmtopng
with the '-text' option. The Common Vulnerabilities and Exposures project
has assigned the name CVE-2005-3632 to this issue.

An "off by one" bug was found in the way netpbm converts Portable Anymap
(PNM) files into Portable Network Graphics (PNG). If a victim attempts to
convert a specially crafted 256 color PNM file to a PNG file, then it can
cause the pnmtopng utility to crash. The Common Vulnerabilities and
Exposures project has assigned the name CVE-2005-3662 to this issue.

All users of netpbm should upgrade to these updated packages, which contain
backported patches that resolve these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
netpbm-9.24-11.30.4.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: 19ad9f0ab04dbd18bb443a2f894c34eb
 
IA-32:
netpbm-9.24-11.30.4.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 36cae065fd4d943f53a4eb76ab1fc6b0
netpbm-devel-9.24-11.30.4.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 70469787c6d5c6b30e8a3dfd6398befb
netpbm-progs-9.24-11.30.4.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 4f09f963a50fd68ca3945b384d2c6f0c
 
x86_64:
netpbm-9.24-11.30.4.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 36cae065fd4d943f53a4eb76ab1fc6b0
netpbm-9.24-11.30.4.x86_64.rpm
File outdated by:  RHSA-2008:0131
    MD5: e0ef48b3172d3be3ff41fb0165c92cec
netpbm-devel-9.24-11.30.4.x86_64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 11101f273f9010346e2f66f0320dfeb2
netpbm-progs-9.24-11.30.4.x86_64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 2daa6fadc97f817f4a1aac69d1730e9d
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
netpbm-9.24-9.AS21.6.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: f9ba7f06f41f2aa95d2d86931f2aa7fd
 
IA-32:
netpbm-9.24-9.AS21.6.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 360ae1d9aaef8544b3a1ca00a2feaa4b
netpbm-devel-9.24-9.AS21.6.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: c45c19f689ba6628ef0e609e00854d89
netpbm-progs-9.24-9.AS21.6.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 6bc5d1878c9ebf6aaab762ed99bdfcfb
 
IA-64:
netpbm-9.24-9.AS21.6.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: c014f290d818568f0d58605aa3b143dd
netpbm-devel-9.24-9.AS21.6.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: ddddb9b88c82496eccab50ffc0173fc4
netpbm-progs-9.24-9.AS21.6.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: b11ae66486d6d362984ba99ab972b4b3
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
netpbm-9.24-11.30.4.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: 19ad9f0ab04dbd18bb443a2f894c34eb
 
IA-32:
netpbm-9.24-11.30.4.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 36cae065fd4d943f53a4eb76ab1fc6b0
netpbm-devel-9.24-11.30.4.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 70469787c6d5c6b30e8a3dfd6398befb
netpbm-progs-9.24-11.30.4.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 4f09f963a50fd68ca3945b384d2c6f0c
 
IA-64:
netpbm-9.24-11.30.4.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 36cae065fd4d943f53a4eb76ab1fc6b0
netpbm-9.24-11.30.4.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: b60f5790cc03bcaf05efa8bcfce97f73
netpbm-devel-9.24-11.30.4.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: d04b6fb6473d8ba03c98d14b78780c52
netpbm-progs-9.24-11.30.4.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 277c76e67e11b69aa4d5c15cfb831715
 
PPC:
netpbm-9.24-11.30.4.ppc.rpm
File outdated by:  RHSA-2008:0131
    MD5: b2a3cd86dbd9927b0ba1b6189886bcb5
netpbm-9.24-11.30.4.ppc64.rpm
File outdated by:  RHSA-2008:0131
    MD5: cab079cbf11baf472ce9b7d775dc897c
netpbm-devel-9.24-11.30.4.ppc.rpm
File outdated by:  RHSA-2008:0131
    MD5: 37a16559b3e387d60c6095812dfa64a6
netpbm-progs-9.24-11.30.4.ppc.rpm
File outdated by:  RHSA-2008:0131
    MD5: ff27be9c5b2075bf3ca9e27e0fe14383
 
s390:
netpbm-9.24-11.30.4.s390.rpm
File outdated by:  RHSA-2008:0131
    MD5: 2beab978ada99868ab0e9cc3180af5e2
netpbm-devel-9.24-11.30.4.s390.rpm
File outdated by:  RHSA-2008:0131
    MD5: b8de7d98668ff912c0c1f80bcb06de56
netpbm-progs-9.24-11.30.4.s390.rpm
File outdated by:  RHSA-2008:0131
    MD5: b8907a301fef7ec9b53dc39cce290099
 
s390x:
netpbm-9.24-11.30.4.s390.rpm
File outdated by:  RHSA-2008:0131
    MD5: 2beab978ada99868ab0e9cc3180af5e2
netpbm-9.24-11.30.4.s390x.rpm
File outdated by:  RHSA-2008:0131
    MD5: 1da23fee520b2afe4f598f14afffe7b2
netpbm-devel-9.24-11.30.4.s390x.rpm
File outdated by:  RHSA-2008:0131
    MD5: dec2d8f223ebd2bf912bc6b3af987e42
netpbm-progs-9.24-11.30.4.s390x.rpm
File outdated by:  RHSA-2008:0131
    MD5: 8edfb12940f8ff15ab8e5043ed41b8bc
 
x86_64:
netpbm-9.24-11.30.4.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 36cae065fd4d943f53a4eb76ab1fc6b0
netpbm-9.24-11.30.4.x86_64.rpm
File outdated by:  RHSA-2008:0131
    MD5: e0ef48b3172d3be3ff41fb0165c92cec
netpbm-devel-9.24-11.30.4.x86_64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 11101f273f9010346e2f66f0320dfeb2
netpbm-progs-9.24-11.30.4.x86_64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 2daa6fadc97f817f4a1aac69d1730e9d
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
netpbm-9.24-9.AS21.6.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: f9ba7f06f41f2aa95d2d86931f2aa7fd
 
IA-32:
netpbm-9.24-9.AS21.6.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 360ae1d9aaef8544b3a1ca00a2feaa4b
netpbm-devel-9.24-9.AS21.6.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: c45c19f689ba6628ef0e609e00854d89
netpbm-progs-9.24-9.AS21.6.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 6bc5d1878c9ebf6aaab762ed99bdfcfb
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
netpbm-9.24-11.30.4.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: 19ad9f0ab04dbd18bb443a2f894c34eb
 
IA-32:
netpbm-9.24-11.30.4.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 36cae065fd4d943f53a4eb76ab1fc6b0
netpbm-devel-9.24-11.30.4.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 70469787c6d5c6b30e8a3dfd6398befb
netpbm-progs-9.24-11.30.4.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 4f09f963a50fd68ca3945b384d2c6f0c
 
IA-64:
netpbm-9.24-11.30.4.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 36cae065fd4d943f53a4eb76ab1fc6b0
netpbm-9.24-11.30.4.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: b60f5790cc03bcaf05efa8bcfce97f73
netpbm-devel-9.24-11.30.4.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: d04b6fb6473d8ba03c98d14b78780c52
netpbm-progs-9.24-11.30.4.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 277c76e67e11b69aa4d5c15cfb831715
 
x86_64:
netpbm-9.24-11.30.4.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 36cae065fd4d943f53a4eb76ab1fc6b0
netpbm-9.24-11.30.4.x86_64.rpm
File outdated by:  RHSA-2008:0131
    MD5: e0ef48b3172d3be3ff41fb0165c92cec
netpbm-devel-9.24-11.30.4.x86_64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 11101f273f9010346e2f66f0320dfeb2
netpbm-progs-9.24-11.30.4.x86_64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 2daa6fadc97f817f4a1aac69d1730e9d
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
netpbm-9.24-9.AS21.6.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: f9ba7f06f41f2aa95d2d86931f2aa7fd
 
IA-32:
netpbm-9.24-9.AS21.6.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 360ae1d9aaef8544b3a1ca00a2feaa4b
netpbm-devel-9.24-9.AS21.6.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: c45c19f689ba6628ef0e609e00854d89
netpbm-progs-9.24-9.AS21.6.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 6bc5d1878c9ebf6aaab762ed99bdfcfb
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
netpbm-9.24-11.30.4.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: 19ad9f0ab04dbd18bb443a2f894c34eb
 
IA-32:
netpbm-9.24-11.30.4.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 36cae065fd4d943f53a4eb76ab1fc6b0
netpbm-devel-9.24-11.30.4.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 70469787c6d5c6b30e8a3dfd6398befb
netpbm-progs-9.24-11.30.4.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 4f09f963a50fd68ca3945b384d2c6f0c
 
IA-64:
netpbm-9.24-11.30.4.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 36cae065fd4d943f53a4eb76ab1fc6b0
netpbm-9.24-11.30.4.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: b60f5790cc03bcaf05efa8bcfce97f73
netpbm-devel-9.24-11.30.4.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: d04b6fb6473d8ba03c98d14b78780c52
netpbm-progs-9.24-11.30.4.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 277c76e67e11b69aa4d5c15cfb831715
 
x86_64:
netpbm-9.24-11.30.4.i386.rpm
File outdated by:  RHSA-2008:0131
    MD5: 36cae065fd4d943f53a4eb76ab1fc6b0
netpbm-9.24-11.30.4.x86_64.rpm
File outdated by:  RHSA-2008:0131
    MD5: e0ef48b3172d3be3ff41fb0165c92cec
netpbm-devel-9.24-11.30.4.x86_64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 11101f273f9010346e2f66f0320dfeb2
netpbm-progs-9.24-11.30.4.x86_64.rpm
File outdated by:  RHSA-2008:0131
    MD5: 2daa6fadc97f817f4a1aac69d1730e9d
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
netpbm-9.24-9.AS21.6.src.rpm
File outdated by:  RHSA-2008:0131
    MD5: f9ba7f06f41f2aa95d2d86931f2aa7fd
 
IA-64:
netpbm-9.24-9.AS21.6.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: c014f290d818568f0d58605aa3b143dd
netpbm-devel-9.24-9.AS21.6.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: ddddb9b88c82496eccab50ffc0173fc4
netpbm-progs-9.24-9.AS21.6.ia64.rpm
File outdated by:  RHSA-2008:0131
    MD5: b11ae66486d6d362984ba99ab972b4b3
 

Bugs fixed (see bugzilla for more information)

173342 - CVE-2005-3662 netpbm off by one error
173344 - CVE-2005-3632 Netpbm buffer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/