[UCI-Linux] [SECURITY] Fedora Core 3 Update: netpbm-10.28-1.FC3.2

Mike Iglesias IGLESIAS at uci.edu
Thu Aug 18 07:51:11 PDT 2005


From: Jindrich Novy <jnovy at redhat.com>
To: fedora-announce-list at redhat.com
Date: Wed, 17 Aug 2005 16:32:06 -0400
Subject: [SECURITY] Fedora Core 3 Update: netpbm-10.28-1.FC3.2

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-727
2005-08-17
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : netpbm
Version     : 10.28                      
Release     : 1.FC3.2                  
Summary     : A library for handling different graphics file formats.
Description :
The netpbm package contains a library of functions that support
programs for handling various graphics file formats, including .pbm
(portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps),
.ppm (portable pixmaps), and others.

---------------------------------------------------------------------
Update Information:

pstopnm in netpbm does not properly use the "-dSAFER" option
when calling Ghostscript to convert a PostScript file into a
(1) PBM, (2) PGM, or (3) PNM file, which allows external
user-complicit attackers to execute arbitrary commands.


---------------------------------------------------------------------
* Tue Aug  9 2005 Jindrich Novy <jnovy at redhat.com> 10.28-1.FC3.2
- fix CAN-2005-2471, unsafe gs calls from pstopnm (#165355)


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

682fef4118379453f9904ed11025d19c  SRPMS/netpbm-10.28-1.FC3.2.src.rpm
52025f87544eeff14dbd28e041f8f835  x86_64/netpbm-10.28-1.FC3.2.x86_64.rpm
f54e3b276f7de91c60e0274a7e4fa296  x86_64/netpbm-devel-10.28-1.FC3.2.x86_64.rpm
ba23352b4a3408cc09b5a94c7a3ba763  x86_64/netpbm-progs-10.28-1.FC3.2.x86_64.rpm
4f2c90bc63f325618f3f62606c53a8d1 
x86_64/debug/netpbm-debuginfo-10.28-1.FC3.2.x86_64.rpm
77147e145fab7be9d1d3979bd8a6623b  x86_64/netpbm-10.28-1.FC3.2.i386.rpm
77147e145fab7be9d1d3979bd8a6623b  i386/netpbm-10.28-1.FC3.2.i386.rpm
ca36d8da2ce9258dda55bef56459cddf  i386/netpbm-devel-10.28-1.FC3.2.i386.rpm
76580d236a22bf1093ff1deaedd448f9  i386/netpbm-progs-10.28-1.FC3.2.i386.rpm
765ecc1610149fb2ee54b4f59b0e8a44  i386/debug/netpbm-debuginfo-10.28-1.FC3.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

--
fedora-announce-list mailing list
fedora-announce-list at redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list


More information about the UCI-Linux mailing list