what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice 164-1

Ubuntu Security Notice 164-1
Posted Aug 12, 2005
Authored by Ubuntu | Site ubuntu.com

Ubuntu Security Notice USN-164-1 - Max Vozeler discovered that the the pstopnm conversion tool did not use the -dSAFER option when calling ghostscript. This option prohibits file operations and calling commands within PostScript code. This flaw could be exploited by an attacker to execute arbitrary code if he tricked an user (or an automatic server) into processing a specially crafted PostScript document with pstopnm.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2005-2471
SHA-256 | e7bee8ebff81a32f1d1b893ba21274a04bb055f8c81980d772a51a23273a551d
Download | Favorite | View

Ubuntu Security Notice 164-1

Change Mirror Download
===========================================================
Ubuntu Security Notice USN-164-1      August 11, 2005
netpbm-free vulnerability
CAN-2005-2471
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

netpbm

The problem can be corrected by upgrading the affected package to
version 2:10.0-5ubuntu0.1 (for Ubuntu 4.10), or 2:10.0-8ubuntu0.1 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

Max Vozeler discovered that the the "pstopnm" conversion tool did not
use the -dSAFER option when calling ghostscript. This option prohibits
file operations and calling commands within PostScript code. This flaw
could be exploited by an attacker to execute arbitrary code if he
tricked an user (or an automatic server) into processing a specially
crafted PostScript document with pstopnm.

Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-5ubuntu0.1.diff.gz
      Size/MD5:    43550 594a1da9339c54d05e36106f0b1c85e0
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-5ubuntu0.1.dsc
      Size/MD5:      760 1a5edc03ebc6b8ff8076a4a0079f6674
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
      Size/MD5:  1926538 985e9f6d531ac0b2004f5cbebdeea87d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-5ubuntu0.1_amd64.deb
      Size/MD5:   117696 81a4435f3d2338e5177eb2f83de5883a
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-5ubuntu0.1_amd64.deb
      Size/MD5:    68430 7d1534c040af6b2dfb2f076f21e11294
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-5ubuntu0.1_amd64.deb
      Size/MD5:   118092 6e3f69a316a5fab8057bafc5f6f91829
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-5ubuntu0.1_amd64.deb
      Size/MD5:    76756 13a2c07cfa7aef8c6c4d31989715ff06
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-5ubuntu0.1_amd64.deb
      Size/MD5:  1276426 41ff60e1f2a073be1f11bf37c6e9ffb6

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-5ubuntu0.1_i386.deb
      Size/MD5:   108612 4a01122b8ff53ae7f81a8782add80bc7
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-5ubuntu0.1_i386.deb
      Size/MD5:    63306 5f85f06109a2139deb853b137318f997
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-5ubuntu0.1_i386.deb
      Size/MD5:   108748 5d77a22114f9aefc1903a612d5854275
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-5ubuntu0.1_i386.deb
      Size/MD5:    70416 0d1eff935dcaadf7eb29c0378c2e5639
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-5ubuntu0.1_i386.deb
      Size/MD5:  1182336 1e715dfc30cc3beec31bfce99cbe8a79

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-5ubuntu0.1_powerpc.deb
      Size/MD5:   123390 155ee0575e849690a7cd4219ed6cb509
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-5ubuntu0.1_powerpc.deb
      Size/MD5:    70782 4eb27ff658d8e5b49d6376d824442b40
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-5ubuntu0.1_powerpc.deb
      Size/MD5:   123664 9b0ef06fab45b9edc2e2b59ad4cb2a7e
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-5ubuntu0.1_powerpc.deb
      Size/MD5:    82816 525e99e624fff10f0c34ec5785a68c4f
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-5ubuntu0.1_powerpc.deb
      Size/MD5:  1521674 0e708e0d77ca3093af9c90cc2b7f89ec

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-8ubuntu0.1.diff.gz
      Size/MD5:    45394 f045727d094656cad9f3a2f3e0171eed
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-8ubuntu0.1.dsc
      Size/MD5:      755 7b7b7c2fdadf10de5b67d745a93c7add
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
      Size/MD5:  1926538 985e9f6d531ac0b2004f5cbebdeea87d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu0.1_amd64.deb
      Size/MD5:   118090 25dc40a3ab2e4dde8f8bf7b98aa74629
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu0.1_amd64.deb
      Size/MD5:    68828 bd84aeeb984234a89489e3044ee2c355
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu0.1_amd64.deb
      Size/MD5:   118482 4d9584027b65b1b3c551aa263c93ae52
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu0.1_amd64.deb
      Size/MD5:    77198 586b50c7907046e6f2388b158b8302f6
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu0.1_amd64.deb
      Size/MD5:  1277508 bd90553e95b20cab3ead12fad1f6564c

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu0.1_i386.deb
      Size/MD5:   109002 cd45b1a3ac5091e38d647a7bbe2c4309
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu0.1_i386.deb
      Size/MD5:    63740 24f0a6c4df8108e55af18d624175e2ea
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu0.1_i386.deb
      Size/MD5:   109136 a3e242c840b27ab6bc451f4385a0d587
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu0.1_i386.deb
      Size/MD5:    70794 22aa8bcd2694fc96f4880d87848ccb08
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu0.1_i386.deb
      Size/MD5:  1175102 9ddef3f1d985c875e4ea2638427ec4c8

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-8ubuntu0.1_powerpc.deb
      Size/MD5:   123650 bcb684cb4875269a4a954d8e855663c3
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-8ubuntu0.1_powerpc.deb
      Size/MD5:    71214 d0567e9580b01c2369fa5b4ee16a350d
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9-dev_10.0-8ubuntu0.1_powerpc.deb
      Size/MD5:   124020 643b8c4b7f95a406453f1c6162466549
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm9_10.0-8ubuntu0.1_powerpc.deb
      Size/MD5:    83384 28a271191d11e95438ee8e118fbc2d94
    http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-8ubuntu0.1_powerpc.deb
      Size/MD5:  1521420 66194d82af39e5a9b1230da149af1381
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close