Advisories

Mandriva Advisories

Package name	netpbm
Date	March 25th, 2003
Advisory ID	MDKSA-2003:036
Affected versions	8.2, 9.0, 9.1, MNF8.2, CS2.1
Synopsis	Updated netpbm packages fix math overflow errors

Problem Description

Several math overflow errors were found in NetPBM by Al Viro and Alan
Cox. While these programs are not installed suid root, they are often
used to prepare data for processing. These errors may permit remote
attackers to cause a denial of service or execute arbitrary code in
any programs or scripts that use these graphics conversion tools.

Updated Packages

Mandrakelinux 8.2

 4c277ce5221a712ff3a2e81f4d4ae779  8.2/RPMS/libnetpbm9-9.20-2.1mdk.i586.rpm
5cd77d93147a04562f7786e3d54d3b1f  8.2/RPMS/libnetpbm9-devel-9.20-2.1mdk.i586.rpm
68d366954fefdd8aca8f5a7d5173c5c1  8.2/RPMS/netpbm-9.20-2.1mdk.i586.rpm
fa92b8f4cf40d23b0f3b413538a25d96  8.2/SRPMS/netpbm-9.20-2.1mdk.src.rpm

Mandrakelinux 8.2/PPC

 0bcd2f6a657fb9cb1155beeaeb9d36a3  ppc/8.2/RPMS/libnetpbm9-9.20-2.1mdk.ppc.rpm
85688ef2cf1403fc9b206d6695486ed7  ppc/8.2/RPMS/libnetpbm9-devel-9.20-2.1mdk.ppc.rpm
ea6be931b8b18fb481a7f3afa342d68a  ppc/8.2/RPMS/netpbm-9.20-2.1mdk.ppc.rpm
fa92b8f4cf40d23b0f3b413538a25d96  ppc/8.2/SRPMS/netpbm-9.20-2.1mdk.src.rpm

Mandrakelinux 9.0

 1cacb96516f20c657e707220883da4e2  9.0/RPMS/libnetpbm9-9.24-4.1mdk.i586.rpm
d02aafe14615b2c7d3fe1d2dbc11cf88  9.0/RPMS/libnetpbm9-devel-9.24-4.1mdk.i586.rpm
846afa2193443b7eab80617f575908f7  9.0/RPMS/libnetpbm9-static-devel-9.24-4.1mdk.i586.rpm
a511622a573dbeb8d1797ef06e5f84d2  9.0/RPMS/netpbm-9.24-4.1mdk.i586.rpm
8ab4aa98e85996de86cdd5a0352998b2  9.0/SRPMS/netpbm-9.24-4.1mdk.src.rpm

Mandrakelinux 9.1

 bb8f608467f395541f6c07fba5387446  9.1/RPMS/libnetpbm9-9.24-4.1mdk.i586.rpm
83c13c185a3d1acb563ab92048b19293  9.1/RPMS/libnetpbm9-devel-9.24-4.1mdk.i586.rpm
456cb325352a4c67bf8043698ff9e1eb  9.1/RPMS/libnetpbm9-static-devel-9.24-4.1mdk.i586.rpm
5cb800b6e2bede124a8c7b074b6f8b98  9.1/RPMS/netpbm-9.24-4.1mdk.i586.rpm
8ab4aa98e85996de86cdd5a0352998b2  9.1/SRPMS/netpbm-9.24-4.1mdk.src.rpm

Mandrakelinux 9.1/PPC

 698a57c9e890a7ead13218a41088b520  ppc/9.1/RPMS/libnetpbm9-9.24-4.1mdk.ppc.rpm
f20183e0ac7bb83e6a8ef62b6d102aa8  ppc/9.1/RPMS/libnetpbm9-devel-9.24-4.1mdk.ppc.rpm
ec3079aafa81664762c509e6027c4e83  ppc/9.1/RPMS/libnetpbm9-static-devel-9.24-4.1mdk.ppc.rpm
a679a6f2f228a7cc4151f0d1d3db77fa  ppc/9.1/RPMS/netpbm-9.24-4.1mdk.ppc.rpm
8ab4aa98e85996de86cdd5a0352998b2  ppc/9.1/SRPMS/netpbm-9.24-4.1mdk.src.rpm

Multi Network Firewall 8.2

 4c277ce5221a712ff3a2e81f4d4ae779  mnf8.2/RPMS/libnetpbm9-9.20-2.1mdk.i586.rpm
68d366954fefdd8aca8f5a7d5173c5c1  mnf8.2/RPMS/netpbm-9.20-2.1mdk.i586.rpm
fa92b8f4cf40d23b0f3b413538a25d96  mnf8.2/SRPMS/netpbm-9.20-2.1mdk.src.rpm

Corporate Server 2.1

 1cacb96516f20c657e707220883da4e2  corporate/2.1/RPMS/libnetpbm9-9.24-4.1mdk.i586.rpm
d02aafe14615b2c7d3fe1d2dbc11cf88  corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.1mdk.i586.rpm
846afa2193443b7eab80617f575908f7  corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.1mdk.i586.rpm
a511622a573dbeb8d1797ef06e5f84d2  corporate/2.1/RPMS/netpbm-9.24-4.1mdk.i586.rpm
8ab4aa98e85996de86cdd5a0352998b2  corporate/2.1/SRPMS/netpbm-9.24-4.1mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0146

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer