---------------------------------------------------------------------Fedora Update Notification
FEDORA-2005-728
2005-08-17
---------------------------------------------------------------------Product     : Fedora Core 4
Name        : netpbm
Version     : 10.28                      
Release     : 1.FC4.2                  
Summary     : A library for handling different graphics file formats.
Description :
The netpbm package contains a library of functions that support
programs for handling various graphics file formats, including .pbm
(portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps),
.ppm (portable pixmaps), and others.

---------------------------------------------------------------------Update Information:

pstopnm in netpbm does not properly use the "-dSAFER" option
when calling Ghostscript to convert a PostScript file into a
(1) PBM, (2) PGM, or (3) PNM file, which allows external
user-complicit attackers to execute arbitrary commands. 
---------------------------------------------------------------------* Tue Aug  9 2005 Jindrich Novy  10.28-1.FC4.2
- fix CAN-2005-2471, unsafe gs calls from pstopnm (#165355)


---------------------------------------------------------------------This update can be downloaded from:
  
c75f2c0006ab6426c1bac141ed356a48  SRPMS/netpbm-10.28-1.FC4.2.src.rpm
ca0c2e549644066eb9c7c138516835b0  ppc/netpbm-10.28-1.FC4.2.ppc.rpm
1bd1efa2ae963b6b334c872af0fd6d69  ppc/netpbm-devel-10.28-1.FC4.2.ppc.rpm
ee199a8a3564ca536fc3a913b2616b4d  ppc/netpbm-progs-10.28-1.FC4.2.ppc.rpm
ea3cc0fcb9da447b0d9afa3444046578  ppc/debug/netpbm-debuginfo-10.28-1.FC4.2.ppc.rpm
cb51d09e97c1bc99a07c1fbc71c47dbb  ppc/netpbm-10.28-1.FC4.2.ppc64.rpm
d0cd8297ab8834026f6869775d5da348  x86_64/netpbm-10.28-1.FC4.2.x86_64.rpm
d4693dec7263b06ed6f83fe6bc193910  x86_64/netpbm-devel-10.28-1.FC4.2.x86_64.rpm
4edf64b8929c8e9bb6519ea595bae6ec  x86_64/netpbm-progs-10.28-1.FC4.2.x86_64.rpm
0b8e26bbcf2026cc9e39e553550827fc 
x86_64/debug/netpbm-debuginfo-10.28-1.FC4.2.x86_64.rpm
7dfa20764e441856e3bd693649a6fd45  x86_64/netpbm-10.28-1.FC4.2.i386.rpm
7dfa20764e441856e3bd693649a6fd45  i386/netpbm-10.28-1.FC4.2.i386.rpm
21207195f92b79d9fa489b18d0d76041  i386/netpbm-devel-10.28-1.FC4.2.i386.rpm
d5be30f7bb4099ba335f77efa70448b3  i386/netpbm-progs-10.28-1.FC4.2.i386.rpm
2487ef9bc6fcd162587a3f128a2556b8  i386/debug/netpbm-debuginfo-10.28-1.FC4.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
-----------------------------------------------------------------------fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

Fedora Core 4 Update: netpbm-10.28-1.FC4.2

August 18, 2005
Updated package.

Summary

The netpbm package contains a library of functions that support

programs for handling various graphics file formats, including .pbm

(portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps),

.ppm (portable pixmaps), and others.

pstopnm in netpbm does not properly use the "-dSAFER" option

when calling Ghostscript to convert a PostScript file into a

(1) PBM, (2) PGM, or (3) PNM file, which allows external

user-complicit attackers to execute arbitrary commands.

- fix CAN-2005-2471, unsafe gs calls from pstopnm (#165355)

c75f2c0006ab6426c1bac141ed356a48 SRPMS/netpbm-10.28-1.FC4.2.src.rpm

ca0c2e549644066eb9c7c138516835b0 ppc/netpbm-10.28-1.FC4.2.ppc.rpm

1bd1efa2ae963b6b334c872af0fd6d69 ppc/netpbm-devel-10.28-1.FC4.2.ppc.rpm

ee199a8a3564ca536fc3a913b2616b4d ppc/netpbm-progs-10.28-1.FC4.2.ppc.rpm

ea3cc0fcb9da447b0d9afa3444046578 ppc/debug/netpbm-debuginfo-10.28-1.FC4.2.ppc.rpm

cb51d09e97c1bc99a07c1fbc71c47dbb ppc/netpbm-10.28-1.FC4.2.ppc64.rpm

d0cd8297ab8834026f6869775d5da348 x86_64/netpbm-10.28-1.FC4.2.x86_64.rpm

d4693dec7263b06ed6f83fe6bc193910 x86_64/netpbm-devel-10.28-1.FC4.2.x86_64.rpm

4edf64b8929c8e9bb6519ea595bae6ec x86_64/netpbm-progs-10.28-1.FC4.2.x86_64.rpm

0b8e26bbcf2026cc9e39e553550827fc

x86_64/debug/netpbm-debuginfo-10.28-1.FC4.2.x86_64.rpm

7dfa20764e441856e3bd693649a6fd45 x86_64/netpbm-10.28-1.FC4.2.i386.rpm

7dfa20764e441856e3bd693649a6fd45 i386/netpbm-10.28-1.FC4.2.i386.rpm

21207195f92b79d9fa489b18d0d76041 i386/netpbm-devel-10.28-1.FC4.2.i386.rpm

d5be30f7bb4099ba335f77efa70448b3 i386/netpbm-progs-10.28-1.FC4.2.i386.rpm

2487ef9bc6fcd162587a3f128a2556b8 i386/debug/netpbm-debuginfo-10.28-1.FC4.2.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-announce-list

FEDORA-2005-728 2005-08-17 Name : netpbm Version : 10.28 Release : 1.FC4.2 Summary : A library for handling different graphics file formats. Description : The netpbm package contains a library of functions that support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps), and others. pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-complicit attackers to execute arbitrary commands. - fix CAN-2005-2471, unsafe gs calls from pstopnm (#165355) c75f2c0006ab6426c1bac141ed356a48 SRPMS/netpbm-10.28-1.FC4.2.src.rpm ca0c2e549644066eb9c7c138516835b0 ppc/netpbm-10.28-1.FC4.2.ppc.rpm 1bd1efa2ae963b6b334c872af0fd6d69 ppc/netpbm-devel-10.28-1.FC4.2.ppc.rpm ee199a8a3564ca536fc3a913b2616b4d ppc/netpbm-progs-10.28-1.FC4.2.ppc.rpm ea3cc0fcb9da447b0d9afa3444046578 ppc/debug/netpbm-debuginfo-10.28-1.FC4.2.ppc.rpm cb51d09e97c1bc99a07c1fbc71c47dbb ppc/netpbm-10.28-1.FC4.2.ppc64.rpm d0cd8297ab8834026f6869775d5da348 x86_64/netpbm-10.28-1.FC4.2.x86_64.rpm d4693dec7263b06ed6f83fe6bc193910 x86_64/netpbm-devel-10.28-1.FC4.2.x86_64.rpm 4edf64b8929c8e9bb6519ea595bae6ec x86_64/netpbm-progs-10.28-1.FC4.2.x86_64.rpm 0b8e26bbcf2026cc9e39e553550827fc x86_64/debug/netpbm-debuginfo-10.28-1.FC4.2.x86_64.rpm 7dfa20764e441856e3bd693649a6fd45 x86_64/netpbm-10.28-1.FC4.2.i386.rpm 7dfa20764e441856e3bd693649a6fd45 i386/netpbm-10.28-1.FC4.2.i386.rpm 21207195f92b79d9fa489b18d0d76041 i386/netpbm-devel-10.28-1.FC4.2.i386.rpm d5be30f7bb4099ba335f77efa70448b3 i386/netpbm-progs-10.28-1.FC4.2.i386.rpm 2487ef9bc6fcd162587a3f128a2556b8 i386/debug/netpbm-debuginfo-10.28-1.FC4.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. fedora-announce-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-announce-list

Change Log

References

Update Instructions

Severity
Name : netpbm
Version : 10.28
Release : 1.FC4.2
Summary : A library for handling different graphics file formats.

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved