(RHSA-2008:0131) Moderate: netpbm security update

2008-02-2800:00:00

access.redhat.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.042 Low

EPSS

Percentile

91.3%

JSON

The netpbm package contains a library of functions for editing and
converting between various graphics file formats, including .pbm (portable
bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable
pixmaps) and others. The package includes no interactive tools and is
primarily used by other programs (eg CGI scripts that manage web-site
images).

An input validation flaw was discovered in the GIF-to-PNM converter
(giftopnm) shipped with the netpbm package. An attacker could create a
carefully crafted GIF file which could cause giftopnm to crash or possibly
execute arbitrary code as the user running giftopnm. (CVE-2008-0554)

All users are advised to upgrade to these updated packages which contain a
backported patch which resolves this issue.

OSVersionArchitecturePackageVersionFilename
RedHatanyia64netpbm< 9.24-11.30.5netpbm-9.24-11.30.5.ia64.rpm
RedHatanys390netpbm-progs< 9.24-11.30.5netpbm-progs-9.24-11.30.5.s390.rpm
RedHat4s390xnetpbm-devel< 10.25-2.EL4.6.el4_6.1netpbm-devel-10.25-2.EL4.6.el4_6.1.s390x.rpm
RedHat4ia64netpbm-progs< 10.25-2.EL4.6.el4_6.1netpbm-progs-10.25-2.EL4.6.el4_6.1.ia64.rpm
RedHatanyia64netpbm-progs< 9.24-11.30.5netpbm-progs-9.24-11.30.5.ia64.rpm
RedHat4s390xnetpbm-progs< 10.25-2.EL4.6.el4_6.1netpbm-progs-10.25-2.EL4.6.el4_6.1.s390x.rpm
RedHat4i386netpbm-devel< 10.25-2.EL4.6.el4_6.1netpbm-devel-10.25-2.EL4.6.el4_6.1.i386.rpm
RedHat4s390xnetpbm< 10.25-2.EL4.6.el4_6.1netpbm-10.25-2.EL4.6.el4_6.1.s390x.rpm
RedHatanys390xnetpbm< 9.24-11.30.5netpbm-9.24-11.30.5.s390x.rpm
RedHatanyx86_64netpbm-progs< 9.24-11.30.5netpbm-progs-9.24-11.30.5.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	ia64	netpbm	< 9.24-11.30.5	netpbm-9.24-11.30.5.ia64.rpm
RedHat	any	s390	netpbm-progs	< 9.24-11.30.5	netpbm-progs-9.24-11.30.5.s390.rpm
RedHat	4	s390x	netpbm-devel	< 10.25-2.EL4.6.el4_6.1	netpbm-devel-10.25-2.EL4.6.el4_6.1.s390x.rpm
RedHat	4	ia64	netpbm-progs	< 10.25-2.EL4.6.el4_6.1	netpbm-progs-10.25-2.EL4.6.el4_6.1.ia64.rpm
RedHat	any	ia64	netpbm-progs	< 9.24-11.30.5	netpbm-progs-9.24-11.30.5.ia64.rpm
RedHat	4	s390x	netpbm-progs	< 10.25-2.EL4.6.el4_6.1	netpbm-progs-10.25-2.EL4.6.el4_6.1.s390x.rpm
RedHat	4	i386	netpbm-devel	< 10.25-2.EL4.6.el4_6.1	netpbm-devel-10.25-2.EL4.6.el4_6.1.i386.rpm
RedHat	4	s390x	netpbm	< 10.25-2.EL4.6.el4_6.1	netpbm-10.25-2.EL4.6.el4_6.1.s390x.rpm
RedHat	any	s390x	netpbm	< 9.24-11.30.5	netpbm-9.24-11.30.5.s390x.rpm
RedHat	any	x86_64	netpbm-progs	< 9.24-11.30.5	netpbm-progs-9.24-11.30.5.x86_64.rpm