Paketname
netpbm
Datum
2009-06-26
Advisory ID
MDVSA-2009:143
Betroffene Versionen
CS4.0 x86_64 , CS4.0 i586

Problembeschreibung

Multiple security vulnerabilities has been identified and fixed
in netpbm:

Multiple integer overflows in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via a crafted
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).

Buffer overflow in the jas_stream_printf function in
libjasper/base/jas_stream.c in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via
vectors related to the mif_hdr_put function and use of vsprintf
(CVE-2008-3522).

The updated packages have been patched to prevent this.

Aktualisierte Pakete

CS4.0 x86_64

 d298f85e7e353913ac97ea15dc01a674  corporate/4.0/x86_64/lib64netpbm10-10.29-1.5.20060mlcs4.x86_64.rpm
 70485d93a13188b2210a8024a96bc4f3  corporate/4.0/x86_64/lib64netpbm10-devel-10.29-1.5.20060mlcs4.x86_64.rpm
 5c0f09c43181f26f57b0ced97be203ff  corporate/4.0/x86_64/lib64netpbm10-static-devel-10.29-1.5.20060mlcs4.x86_64.rpm
 3176c141b4a8b67f6418bb7ebe333675  corporate/4.0/x86_64/netpbm-10.29-1.5.20060mlcs4.x86_64.rpm 
 3e1a668baa86c6b280ec7cd07547c93c  corporate/4.0/SRPMS/netpbm-10.29-1.5.20060mlcs4.src.rpm

CS4.0 i586

 ee725813ce84328353f254deaae6fb37  corporate/4.0/i586/libnetpbm10-10.29-1.5.20060mlcs4.i586.rpm
 2aa11003c3f25f8e8c24b77bb149651c  corporate/4.0/i586/libnetpbm10-devel-10.29-1.5.20060mlcs4.i586.rpm
 986bf041d7635b323627d1e22d1dcad5  corporate/4.0/i586/libnetpbm10-static-devel-10.29-1.5.20060mlcs4.i586.rpm
 785b15f9024d98211c8dce6924db0a1b  corporate/4.0/i586/netpbm-10.29-1.5.20060mlcs4.i586.rpm 
 3e1a668baa86c6b280ec7cd07547c93c  corporate/4.0/SRPMS/netpbm-10.29-1.5.20060mlcs4.src.rpm

Referenzen