- --------------------------------------------------------------------------Debian Security Advisory DSA 904-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
November 21st, 2005                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------Package        : netpbm-free
Vulnerability  : buffer overflows
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2005-3632

Greg Roelofs discovered and fixed several buffer overflows in pnmtopng
which is also included in netpbm, a collection of graphic conversion
utilities, that can lead to the execution of arbitrary code via a
specially crafted PNM file.

For the old stable distribution (woody) these problems have been fixed in
version 9.20-8.5.

For the stable distribution (sarge) these problems have been fixed in
version 10.0-8sarge2.

For the unstable distribution (sid) these problems will be fixed in
version 10.0-11.

We recommend that you upgrade your netpbm package.


Upgrade Instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------  Source archives:

          Size/MD5 checksum:      662 96a668f0bb42e934723b9b817689cc15
          Size/MD5 checksum:    53572 9f2a3165379c73a32e804b204b9b1e59
          Size/MD5 checksum:  1882851 0f153116c21bc7d2e167e574a486c22f

  Alpha architecture:

          Size/MD5 checksum:    77848 627c196dd4639c50f6da9690496be51e
          Size/MD5 checksum:   135546 806a23dbf8413a1f843aa11fbbfa781b
          Size/MD5 checksum:  1414082 fa04a52a558e6c669be2d094f93a4e56

  ARM architecture:

          Size/MD5 checksum:    64254 6f3e8baa362a0a3bbaa786c6a407d650
          Size/MD5 checksum:   125610 74820b9a024736466427ce1d11a6adcd
          Size/MD5 checksum:  1127918 4a832be9b32a6f862587021e25fc86f4

  Intel IA-32 architecture:

          Size/MD5 checksum:    62566 727555759e3ee96e14afc427fd1a4ed4
          Size/MD5 checksum:   103548 e4d71b9a616d71d62fda09bda5488edd
          Size/MD5 checksum:  1078678 e308c85fd1bee7a94f7d07eb0814e607

  Intel IA-64 architecture:

          Size/MD5 checksum:    96604 aa26dc77cfae42c85fc827080c3c14cc
          Size/MD5 checksum:   170564 0f28db29582f8574fe5efec313f0381a
          Size/MD5 checksum:  1608842 b600f6008f1bec860ace6011e2fa9c0a

  HP Precision architecture:

          Size/MD5 checksum:    84002 62a268babaa314dcdd5b033c72266a11
          Size/MD5 checksum:   123008 aee769727d4ab3aa31ff9c81e8711758
          Size/MD5 checksum:  1337864 2267fdf93760dadda27bedeba21caaa9

  Motorola 680x0 architecture:

          Size/MD5 checksum:    62134 16cf3e3a10d721afec49783d7c3fbf92
          Size/MD5 checksum:   102356 c3d4d655a64999384c32fe344a599682
          Size/MD5 checksum:  1016676 2fc4559a8210aab615c916b802ba7684

  Big endian MIPS architecture:

          Size/MD5 checksum:    66994 825061bf9972d1ded323d5acdcd710b3
          Size/MD5 checksum:   123604 437b49b289dc3072ebaae26ebbbbff66
          Size/MD5 checksum:  1181322 2de610968c7e02bbf260b212a6a1ac84

  Little endian MIPS architecture:

          Size/MD5 checksum:    66838 565e13796a04a757af7e5020290dcde4
          Size/MD5 checksum:   123662 64da6e70b45ddb6f4468f46e7c44e9d6
          Size/MD5 checksum:  1180028 b29bbde4848b486ee1c2f533197d6752

  PowerPC architecture:

          Size/MD5 checksum:    69042 21dd1ef5cbe08aceb71b58d7d1a7a16f
          Size/MD5 checksum:   117970 b2c077652d4f90fa4f03e0f28534559e
          Size/MD5 checksum:  1154096 2e415b674c4e3d73d79894a2a6d54e52

  IBM S/390 architecture:

          Size/MD5 checksum:    66788 a4b358db59bf28ce606efa8ed31f8428
          Size/MD5 checksum:   116142 cf4293b7b0ae9e370b5f4fcd4bc8d112
          Size/MD5 checksum:  1130568 d0e7577566b78bc0a24dec621fd81e85

  Sun Sparc architecture:

          Size/MD5 checksum:    65400 d17577ed10e69ee74f75e703b385882e
          Size/MD5 checksum:   118692 903289a73a661db5132034669d22ba45
          Size/MD5 checksum:  1435808 07cb72079ccdedd112694b06fd034552


Debian GNU/Linux 3.1 alias sarge
- --------------------------------  Source archives:

          Size/MD5 checksum:      749 8ab3b792bc83b9d768a09132935966a4
          Size/MD5 checksum:    45837 4182abb160edf2f5081bfc2b7bc31377
          Size/MD5 checksum:  1926538 985e9f6d531ac0b2004f5cbebdeea87d

  Alpha architecture:

          Size/MD5 checksum:    82672 37d22ebe7276477898ac5a80f3c3ca00
          Size/MD5 checksum:   145984 c88fc97f0e29e0388ca2d17aba17ba09
          Size/MD5 checksum:    91588 d13c945e0bb3e9bee58e0ff2b170207e
          Size/MD5 checksum:   146408 f2776a853306abf2dcfa40623d576e06
          Size/MD5 checksum:  1594906 2bdc07c20834ae3bf3f4457357de1f19

  AMD64 architecture:

          Size/MD5 checksum:    68748 ef2f34beb730485fee2a4ffd875941f8
          Size/MD5 checksum:   118008 ff2f3169d6fb407bf8f2c72161321b1a
          Size/MD5 checksum:    77132 776dab5922464bc0e0530498f8cb1b54
          Size/MD5 checksum:   118400 ae18aec98ef8662f6666e0f8d32c87d3
          Size/MD5 checksum:  1277520 c212cf4f1ec34de9c59268312b298956

  ARM architecture:

          Size/MD5 checksum:    61804 55de08dc9496ac0ab77b17a2c766c80c
          Size/MD5 checksum:   114652 ea128cedb8a31391821c3d377adcc196
          Size/MD5 checksum:    68900 025644277b7b494a6b67850085f32f02
          Size/MD5 checksum:   115068 01c46f8400fb00dbd4f2ab57cff93466
          Size/MD5 checksum:  1226686 d11f8e54b13050f7b5823fd0f72330a1

  Intel IA-32 architecture:

          Size/MD5 checksum:    64926 ce68c6c99dd0d6946caa158974a3a201
          Size/MD5 checksum:   110566 39d16a56f46bd49d39a6dc6fd89aa08a
          Size/MD5 checksum:    72040 e5dffe84d5d74b74d0e8acaaed1c3d55
          Size/MD5 checksum:   110738 305012924bc7390035d1d69b6c5c721d
          Size/MD5 checksum:  1178734 999eddf08e1d0c24d16f601a220c9b93

  Intel IA-64 architecture:

          Size/MD5 checksum:    96466 544eb8f9ff0086c3e9d3abdec86fbec9
          Size/MD5 checksum:   154668 80d6aebf07b4338ce1816959226c1227
          Size/MD5 checksum:   107210 515ff376d227fa5cd1e3f314da465934
          Size/MD5 checksum:   155020 3b539cd2d6b0fee495dcc954faedf0a1
          Size/MD5 checksum:  1816522 cb9920b1ce0035f070db19adbc15373b

  HP Precision architecture:

          Size/MD5 checksum:    77962 4640e42165c5a28faee159623eaf3b47
          Size/MD5 checksum:   128068 045b1b3c72a4b538de0eef9f39f22bf4
          Size/MD5 checksum:    88608 5e57aa608b3b5bb7da235d8f81de6fd5
          Size/MD5 checksum:   128532 7620a8001c3436855b929cd80c8f7af6
          Size/MD5 checksum:  1410172 936284480aff9674517eccfaae99f76d

  Motorola 680x0 architecture:

          Size/MD5 checksum:    62276 a7695c8d946d05b977686d8c5a43d569
          Size/MD5 checksum:   105384 428c32376928676f579b4acc808df5ba
          Size/MD5 checksum:    69594 bc6914997fd9942c4881124feff14bd6
          Size/MD5 checksum:   105604 f11be5ff58c8fd6ee632bf01647e4199
          Size/MD5 checksum:  1119642 fbd4be6544590ec08a818220e08d0e71

  Big endian MIPS architecture:

          Size/MD5 checksum:    68680 554ee1f49b1399d0e0ce57aaccfdaa22
          Size/MD5 checksum:   120034 acb9e8860ffd41b6abedaacae15d22cc
          Size/MD5 checksum:    75504 5e82d1e1f5e806d470d6f139a474ed77
          Size/MD5 checksum:   120384 6c23833c6690f184a9f4099cf2de7d38
          Size/MD5 checksum:  1671538 565ffe085afee85bdadb3931716aff9a

  Little endian MIPS architecture:

          Size/MD5 checksum:    68390 09eaf6ff62842b12bba001003ceda8dc
          Size/MD5 checksum:   120134 ea9ca48c392b946b75591818b1a7f08a
          Size/MD5 checksum:    75164 26701ac67beabf7d842e894a0d40130c
          Size/MD5 checksum:   120442 ab43c7303e4a3d00cf281f5a05e4e83f
          Size/MD5 checksum:  1678264 f4df4fa5a4873fa38fcdf06a93d867b2

  PowerPC architecture:

          Size/MD5 checksum:    71138 5537258e9e342998750d9b6506982164
          Size/MD5 checksum:   123604 e12f868f695adfcef8a6256cbb89daaa
          Size/MD5 checksum:    83324 129d59fb7fdfda0dfd06327eda4ea214
          Size/MD5 checksum:   123910 193561799536112dbfac38c50cb89a6b
          Size/MD5 checksum:  1521584 f2ec44857eaf4bf9e591a2e0d993d65c

  IBM S/390 architecture:

          Size/MD5 checksum:    70438 deaf1eac0c8c8e1ed2e676aee31cec47
          Size/MD5 checksum:   115184 4a96f38c41c6e0bf4c66aa3419178a22
          Size/MD5 checksum:    77632 ca8446b3919271228491d8b255fd5bf9
          Size/MD5 checksum:   115652 37cb64b6ac171da0fffa8944fbe5f60d
          Size/MD5 checksum:  1256870 427dae51b929fdb0ef16feb60019fdcd

  Sun Sparc architecture:

          Size/MD5 checksum:    67734 b3eacbd2deeb9da5fed21fa03647951f
          Size/MD5 checksum:   117286 fce7a4a7d08697f2cf5b2b22c94934ea
          Size/MD5 checksum:    74492 81ece0d62781d46579cfc923e2f9ad4d
          Size/MD5 checksum:   117698 5217fe47475db4e8d0e8f99ff5675aca
          Size/MD5 checksum:  1279416 f0e1ad2342fefbdce08630777d03c579


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Debian: New netpbm packages fix arbitrary code execution

November 21, 2005
Updated package.

Summary

Severity

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved