|
|
>> Fedora Security Update Fixes Netpbm Code Execution Vulnerability
|
Title : Fedora Security Update Fixes Netpbm Code Execution Vulnerability
VUPEN ID : VUPEN/ADV-2005-1453
CVE ID : CVE-2005-2471
CWE ID : CWE-
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-08-18
|
Fedora has released updated packages to correct a vulnerability identified in Netpbm. This flaw is due to a design error where pstopnm calls the GhostScript interpreter on untrusted PostScript files without specifying the -dSAFER option, which could be exploited to execute arbitrary code by convincing a user to open a specially crafted PostScript file. For additional information, see : VUPEN/ADV-2005-1281
Affected Products
Fedora Core 3
Fedora Core 4
Solution
Apply patches :
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
682fef4118379453f9904ed11025d19c SRPMS/netpbm-10.28-1.FC3.2.src.rpm
52025f87544eeff14dbd28e041f8f835 x86_64/netpbm-10.28-1.FC3.2.x86_64.rpm
f54e3b276f7de91c60e0274a7e4fa296 x86_64/netpbm-devel-10.28-1.FC3.2.x86_64.rpm
ba23352b4a3408cc09b5a94c7a3ba763 x86_64/netpbm-progs-10.28-1.FC3.2.x86_64.rpm
4f2c90bc63f325618f3f62606c53a8d1 x86_64/debug/netpbm-debuginfo-10.28-1.FC3.2.x86_64.rpm
77147e145fab7be9d1d3979bd8a6623b x86_64/netpbm-10.28-1.FC3.2.i386.rpm
77147e145fab7be9d1d3979bd8a6623b i386/netpbm-10.28-1.FC3.2.i386.rpm
ca36d8da2ce9258dda55bef56459cddf i386/netpbm-devel-10.28-1.FC3.2.i386.rpm
76580d236a22bf1093ff1deaedd448f9 i386/netpbm-progs-10.28-1.FC3.2.i386.rpm
765ecc1610149fb2ee54b4f59b0e8a44 i386/debug/netpbm-debuginfo-10.28-1.FC3.2.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
c75f2c0006ab6426c1bac141ed356a48 SRPMS/netpbm-10.28-1.FC4.2.src.rpm
ca0c2e549644066eb9c7c138516835b0 ppc/netpbm-10.28-1.FC4.2.ppc.rpm
1bd1efa2ae963b6b334c872af0fd6d69 ppc/netpbm-devel-10.28-1.FC4.2.ppc.rpm
ee199a8a3564ca536fc3a913b2616b4d ppc/netpbm-progs-10.28-1.FC4.2.ppc.rpm
ea3cc0fcb9da447b0d9afa3444046578 ppc/debug/netpbm-debuginfo-10.28-1.FC4.2.ppc.rpm
cb51d09e97c1bc99a07c1fbc71c47dbb ppc/netpbm-10.28-1.FC4.2.ppc64.rpm
d0cd8297ab8834026f6869775d5da348 x86_64/netpbm-10.28-1.FC4.2.x86_64.rpm
d4693dec7263b06ed6f83fe6bc193910 x86_64/netpbm-devel-10.28-1.FC4.2.x86_64.rpm
4edf64b8929c8e9bb6519ea595bae6ec x86_64/netpbm-progs-10.28-1.FC4.2.x86_64.rpm
0b8e26bbcf2026cc9e39e553550827fc x86_64/debug/netpbm-debuginfo-10.28-1.FC4.2.x86_64.rpm
7dfa20764e441856e3bd693649a6fd45 x86_64/netpbm-10.28-1.FC4.2.i386.rpm
7dfa20764e441856e3bd693649a6fd45 i386/netpbm-10.28-1.FC4.2.i386.rpm
21207195f92b79d9fa489b18d0d76041 i386/netpbm-devel-10.28-1.FC4.2.i386.rpm
d5be30f7bb4099ba335f77efa70448b3 i386/netpbm-progs-10.28-1.FC4.2.i386.rpm
2487ef9bc6fcd162587a3f128a2556b8 i386/debug/netpbm-debuginfo-10.28-1.FC4.2.i386.rpm
References
http://www.vupen.com/english/advisories/2005/1453
http://www.redhat.com/archives/fedora-announce-list/2005-August/msg00074.html
http://www.redhat.com/archives/fedora-announce-list/2005-August/msg00085.html
ChangeLog
2005-08-18 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
