MDKSA-2003:036-1

Package name

netpbm

Date

2003-04-03

Advisory ID

MDKSA-2003:036-1

Affected versions

9.1 i586

Problem description

Several math overflow errors were found in NetPBM by Al Viro and Alan Cox. While these programs are not installed suid root, they are often used to prepare data for processing. These errors may permit remote attackers to cause a denial of service or execute arbitrary code in any programs or scripts that use these graphics conversion tools. Update: The packages for Mandrake Linux 9.1/PPC were not GPG-signed. This has been fixed and as a result the md5sums have changed. Thanks to Mark Lyda for pointing this out.

Updated packages

9.1 i586

 dc511823d79a5d5336ab9400eacaa783  ppc/9.1/RPMS/libnetpbm9-9.24-4.1mdk.ppc.rpm
b9130a1f2d977006064a0f0db381413d  ppc/9.1/RPMS/libnetpbm9-devel-9.24-4.1mdk.ppc.rpm
5d8fc09ad59e21648234fde45082d3ec  ppc/9.1/RPMS/libnetpbm9-static-devel-9.24-4.1mdk.ppc.rpm
241e86470b3cbbef89306ff03a425291  ppc/9.1/RPMS/netpbm-9.24-4.1mdk.ppc.rpm
8ab4aa98e85996de86cdd5a0352998b2  ppc/9.1/SRPMS/netpbm-9.24-4.1mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0146