|
|
>> Fedora Security Update Fixes Netpbm Code Execution Vulnerability
|
Title : Fedora Security Update Fixes Netpbm Code Execution Vulnerability
VUPEN ID : VUPEN/ADV-2006-0068
CVE ID : CVE-2005-2471
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-01-06
|
Fedora has released updated packages to correct a vulnerability identified in Netpbm. This flaw is due to a design error where pstopnm calls the GhostScript interpreter on untrusted PostScript files without specifying the -dSAFER option, which could be exploited to execute arbitrary code by convincing a user to open a specially crafted PostScript file. For additional information, see : VUPEN/ADV-2005-1281
Affected Products
Fedora Core 4
Fedora Core 3
Solution
Upgrade the affected packages :
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
05b808fe534f913834530db110ebb97b SRPMS/netpbm-10.31-1.FC4.src.rpm
8659b8820076f3bb1f33fb5d5700126f ppc/netpbm-10.31-1.FC4.ppc.rpm
afbe79efa5de1e1d905eb357a6598c7e ppc/netpbm-devel-10.31-1.FC4.ppc.rpm
ba1d46e8316674ccea2a400cc5f11075 ppc/netpbm-progs-10.31-1.FC4.ppc.rpm
29bf4d2f839818501b9a4a37cb6824f8 ppc/debug/netpbm-debuginfo-10.31-1.FC4.ppc.rpm
364778bb033c2c4baacbb1b683f8f4cd ppc/netpbm-10.31-1.FC4.ppc64.rpm
874784cf9b697ddbfe3f4b66da0322f0 x86_64/netpbm-10.31-1.FC4.x86_64.rpm
cac80eb8366d25684db568a6ca79fbf8 x86_64/netpbm-devel-10.31-1.FC4.x86_64.rpm
8662953d393e2e93732ee17f0219771c x86_64/netpbm-progs-10.31-1.FC4.x86_64.rpm
7ae5b58ed27519a82637ee2862ba9f4f x86_64/debug/netpbm-debuginfo-10.31-1.FC4.x86_64.rpm
38164cd65cb82aa368c51554f0d99d66 x86_64/netpbm-10.31-1.FC4.i386.rpm
38164cd65cb82aa368c51554f0d99d66 i386/netpbm-10.31-1.FC4.i386.rpm
9e354373282d6bbe5f68b553f76c0196 i386/netpbm-devel-10.31-1.FC4.i386.rpm
dc4aa540a5bfa1b80d17a38e74da9c44 i386/netpbm-progs-10.31-1.FC4.i386.rpm
b25722d9bd0474c6c8c6b28fa4930c82 i386/debug/netpbm-debuginfo-10.31-1.FC4.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
cbfe3355df99d9a12361a776a462fd47 SRPMS/netpbm-10.31-1.FC3.src.rpm
5cf67469de82aad455d9699dcdcba615 x86_64/netpbm-10.31-1.FC3.x86_64.rpm
6082974667786cf7a901c538363a7465 x86_64/netpbm-devel-10.31-1.FC3.x86_64.rpm
a1bc319112d416eecf90529f38e9640a x86_64/netpbm-progs-10.31-1.FC3.x86_64.rpm
5bede7d226e44e5ec3572c89ca80d8ce x86_64/debug/netpbm-debuginfo-10.31-1.FC3.x86_64.rpm
299b02dbd8002b434fa4bc004a1edd3b x86_64/netpbm-10.31-1.FC3.i386.rpm
299b02dbd8002b434fa4bc004a1edd3b i386/netpbm-10.31-1.FC3.i386.rpm
fd102082850ec85692bc5a5b01e30032 i386/netpbm-devel-10.31-1.FC3.i386.rpm
381c3f2bdad6f1da3937c7424b69f7bb i386/netpbm-progs-10.31-1.FC3.i386.rpm
8456cc32e55f5bbeb34983c079b93133 i386/debug/netpbm-debuginfo-10.31-1.FC3.i386.rpm
References
http://www.vupen.com/english/advisories/2006/0068
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00007.html
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00008.html
ChangeLog
2006-01-06 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
