|
|
| Problem Description |
Max Vozeler discovered that pstopnm, a part of the netpbm graphics
utility suite, would call the GhostScript interpreter on untrusted
PostScript files without using the -dSAFER option when converting a
PostScript file into a PBM, PGM, or PNM file. This could result in
the execution of arbitrary commands with the privileges of the user
running pstopnm if they could be convinced to try to convert a
malicious PostScript file.
The updated packages have been patched to correct this problem.
| Updated Packages |
Mandrakelinux 10.0
7bb710a56342cc78170bb74b37f512b0 10.0/RPMS/libnetpbm9-9.24-8.2.100mdk.i586.rpm 7f820a3e8fcfaa705c0164cfd1b7a5c0 10.0/RPMS/libnetpbm9-devel-9.24-8.2.100mdk.i586.rpm 3de55337645f009ed8e951b3e97b9507 10.0/RPMS/libnetpbm9-static-devel-9.24-8.2.100mdk.i586.rpm d32febe43b6b19ca7a3189b41de6d53c 10.0/RPMS/netpbm-9.24-8.2.100mdk.i586.rpm 7d2bdf5636955adc39bfe13c4c581858 10.0/SRPMS/netpbm-9.24-8.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64
04a7546fef5edfa604cdfd1e3dff1bc2 amd64/10.0/RPMS/lib64netpbm9-9.24-8.2.100mdk.amd64.rpm f89f7f330ecb8dd8e9a536afdcfb56f0 amd64/10.0/RPMS/lib64netpbm9-devel-9.24-8.2.100mdk.amd64.rpm 0401393af2d5b3a933b487a1e00e3e43 amd64/10.0/RPMS/lib64netpbm9-static-devel-9.24-8.2.100mdk.amd64.rpm 2400c52abc020a3ac9883bc02dc77f36 amd64/10.0/RPMS/netpbm-9.24-8.2.100mdk.amd64.rpm 7d2bdf5636955adc39bfe13c4c581858 amd64/10.0/SRPMS/netpbm-9.24-8.2.100mdk.src.rpm
Mandrakelinux 10.1
0c7ca6675e4a1502dc450d8b31076753 10.1/RPMS/libnetpbm9-9.24-8.1.101mdk.i586.rpm ac327d0433d6c672e382a2c1f4dc8667 10.1/RPMS/libnetpbm9-devel-9.24-8.1.101mdk.i586.rpm dee01cf52709fbbc65f3a0c21d4573d9 10.1/RPMS/libnetpbm9-static-devel-9.24-8.1.101mdk.i586.rpm 6c9bedecf233accd53f123f3c2a26aec 10.1/RPMS/netpbm-9.24-8.1.101mdk.i586.rpm 8722f08f1813fb796d7b5fa8576f6045 10.1/SRPMS/netpbm-9.24-8.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64
9b99ec325088181a931983f622c7649f x86_64/10.1/RPMS/lib64netpbm9-9.24-8.1.101mdk.x86_64.rpm 119d4f558fddb4bafee84dc5da3f0c8a x86_64/10.1/RPMS/lib64netpbm9-devel-9.24-8.1.101mdk.x86_64.rpm 13e9911031dc3d8b23da2157451f89a8 x86_64/10.1/RPMS/lib64netpbm9-static-devel-9.24-8.1.101mdk.x86_64.rpm 6637e848b29abe54142155f66ac79fb9 x86_64/10.1/RPMS/netpbm-9.24-8.1.101mdk.x86_64.rpm 8722f08f1813fb796d7b5fa8576f6045 x86_64/10.1/SRPMS/netpbm-9.24-8.1.101mdk.src.rpm
Corporate Server 2.1
f42bccdec9b6f8a432191730b85d186c corporate/2.1/RPMS/libnetpbm9-9.24-4.4.C21mdk.i586.rpm 3e877555a0533572d788a4d47694bccd corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.4.C21mdk.i586.rpm 57dcadc0b0d94243894bccdaf17acf8a corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.4.C21mdk.i586.rpm 1fa1e01964db5302ddc773c2be67ca6b corporate/2.1/RPMS/netpbm-9.24-4.4.C21mdk.i586.rpm 511aeb9ce3bdb6429e8a8ce06b873b6b corporate/2.1/SRPMS/netpbm-9.24-4.4.C21mdk.src.rpm
Corporate Server 2.1/X86_64
6dfd39d7a3b0db15b273b2b7b7db01c4 x86_64/corporate/2.1/RPMS/libnetpbm9-9.24-4.4.C21mdk.x86_64.rpm 50c24455f7b43e1f7fe7581a12655c39 x86_64/corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.4.C21mdk.x86_64.rpm b947dcdb4226298cb90c644cce9dbd4c x86_64/corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.4.C21mdk.x86_64.rpm e1ace7d529c4adc3cc4e64d116467e0b x86_64/corporate/2.1/RPMS/netpbm-9.24-4.4.C21mdk.x86_64.rpm 511aeb9ce3bdb6429e8a8ce06b873b6b x86_64/corporate/2.1/SRPMS/netpbm-9.24-4.4.C21mdk.src.rpm
Corporate Server 3.0
b086f97cc2bad2023fd2446135e00def corporate/3.0/RPMS/libnetpbm9-9.24-8.2.C30mdk.i586.rpm 768f2b273391c3cb4d39790ac91b40c4 corporate/3.0/RPMS/libnetpbm9-devel-9.24-8.2.C30mdk.i586.rpm 7f6eb96aef5065be7370f1954b252dee corporate/3.0/RPMS/libnetpbm9-static-devel-9.24-8.2.C30mdk.i586.rpm 1b2c5cb64efceac8a39d1d84aa362f2d corporate/3.0/RPMS/netpbm-9.24-8.2.C30mdk.i586.rpm 435e2548bed0da6bc4519910e3bae83f corporate/3.0/SRPMS/netpbm-9.24-8.2.C30mdk.src.rpm
Corporate Server 3.0/X86_64
c6fcd7a90094eeae7e67ee56d71d3e22 x86_64/corporate/3.0/RPMS/lib64netpbm9-9.24-8.2.C30mdk.x86_64.rpm a8d06987e1aacb0c9ab174082bc024a0 x86_64/corporate/3.0/RPMS/lib64netpbm9-devel-9.24-8.2.C30mdk.x86_64.rpm 2653e371af14609096eb2ed9ef7e5963 x86_64/corporate/3.0/RPMS/lib64netpbm9-static-devel-9.24-8.2.C30mdk.x86_64.rpm 7b93e604b00f197a77e49fe94a3cd612 x86_64/corporate/3.0/RPMS/netpbm-9.24-8.2.C30mdk.x86_64.rpm 435e2548bed0da6bc4519910e3bae83f x86_64/corporate/3.0/SRPMS/netpbm-9.24-8.2.C30mdk.src.rpm
Mandriva Linux LE2005
4db608229fad2d6014ea506ad775e9f8 10.2/RPMS/libnetpbm10-10.26-2.1.102mdk.i586.rpm 4fd7e7857c692209d4c94a8a5ebe84cc 10.2/RPMS/libnetpbm10-devel-10.26-2.1.102mdk.i586.rpm 4521de30a4e9ee995200ae0c1443132b 10.2/RPMS/libnetpbm10-static-devel-10.26-2.1.102mdk.i586.rpm a3b5efc89e18489ef2cd181b20a1dc1b 10.2/RPMS/netpbm-10.26-2.1.102mdk.i586.rpm 52d2d1a460d07b33fbe7f6204d1cf51f 10.2/SRPMS/netpbm-10.26-2.1.102mdk.src.rpm
Mandriva Linux LE2005/X86_64
37912f8c31bd31b979bfdb69ad357837 x86_64/10.2/RPMS/lib64netpbm10-10.26-2.1.102mdk.x86_64.rpm 928a397b673e96ed0fecdd62878aef84 x86_64/10.2/RPMS/lib64netpbm10-devel-10.26-2.1.102mdk.x86_64.rpm b74c96495461b1406af317e91932500e x86_64/10.2/RPMS/lib64netpbm10-static-devel-10.26-2.1.102mdk.x86_64.rpm 30ae5cd7a9e65594e30cf876f352fda6 x86_64/10.2/RPMS/netpbm-10.26-2.1.102mdk.x86_64.rpm 52d2d1a460d07b33fbe7f6204d1cf51f x86_64/10.2/SRPMS/netpbm-10.26-2.1.102mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2471
http://secunia.com/advisories/16184/
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.