MDVSA-2009:143
- Package name
- netpbm
- Date
- 2009-06-26
- Advisory ID
- MDVSA-2009:143
- Affected versions
- CS4.0 x86_64 , CS4.0 i586
Problem description
Multiple security vulnerabilities has been identified and fixed
in netpbm:
Multiple integer overflows in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via a crafted
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).
Buffer overflow in the jas_stream_printf function in
libjasper/base/jas_stream.c in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via
vectors related to the mif_hdr_put function and use of vsprintf
(CVE-2008-3522).
The updated packages have been patched to prevent this.
Updated packages
CS4.0 x86_64
d298f85e7e353913ac97ea15dc01a674 corporate/4.0/x86_64/lib64netpbm10-10.29-1.5.20060mlcs4.x86_64.rpm 70485d93a13188b2210a8024a96bc4f3 corporate/4.0/x86_64/lib64netpbm10-devel-10.29-1.5.20060mlcs4.x86_64.rpm 5c0f09c43181f26f57b0ced97be203ff corporate/4.0/x86_64/lib64netpbm10-static-devel-10.29-1.5.20060mlcs4.x86_64.rpm 3176c141b4a8b67f6418bb7ebe333675 corporate/4.0/x86_64/netpbm-10.29-1.5.20060mlcs4.x86_64.rpm 3e1a668baa86c6b280ec7cd07547c93c corporate/4.0/SRPMS/netpbm-10.29-1.5.20060mlcs4.src.rpm
CS4.0 i586
ee725813ce84328353f254deaae6fb37 corporate/4.0/i586/libnetpbm10-10.29-1.5.20060mlcs4.i586.rpm 2aa11003c3f25f8e8c24b77bb149651c corporate/4.0/i586/libnetpbm10-devel-10.29-1.5.20060mlcs4.i586.rpm 986bf041d7635b323627d1e22d1dcad5 corporate/4.0/i586/libnetpbm10-static-devel-10.29-1.5.20060mlcs4.i586.rpm 785b15f9024d98211c8dce6924db0a1b corporate/4.0/i586/netpbm-10.29-1.5.20060mlcs4.i586.rpm 3e1a668baa86c6b280ec7cd07547c93c corporate/4.0/SRPMS/netpbm-10.29-1.5.20060mlcs4.src.rpm