=========================================================== Ubuntu Security Notice USN-665-1 November 06, 2008 netpbm-free vulnerability CVE-2008-0554 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: netpbm 2:10.0-10ubuntu1.1 Ubuntu 7.10: netpbm 2:10.0-11ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Netpbm could be made to overrun a buffer when loading certain images. If a user were tricked into opening a specially crafted GIF image, remote attackers could cause a denial of service or execute arbitrary code with user privileges. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-10ubuntu1.1.diff.gz Size/MD5: 47416 8c934de07a571397513476c437cabb2f http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-10ubuntu1.1.dsc Size/MD5: 1177 8f3609a5895ebad9690b9775566598fe http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz Size/MD5: 1926538 985e9f6d531ac0b2004f5cbebdeea87d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-10ubuntu1.1_amd64.deb Size/MD5: 117090 c98ea1eed4289c4c50a8506a059f1012 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-10ubuntu1.1_amd64.deb Size/MD5: 67988 7c8c79e7157b4270e786689b70afebcc http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-10ubuntu1.1_amd64.deb Size/MD5: 1240542 c83dcf0458f61476e3cbf8e3b973aae2 http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-10ubuntu1.1_amd64.deb Size/MD5: 117554 0ade156c94cbd5f0c902720a17a36b91 http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-10ubuntu1.1_amd64.deb Size/MD5: 76128 76f13c6a58ee22b753513baea9ee9b4c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-10ubuntu1.1_i386.deb Size/MD5: 107600 61fac1e5c74250be84d52fd6725ab685 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-10ubuntu1.1_i386.deb Size/MD5: 61830 da159f82fb4ee67a3a6c33d6e35042e9 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-10ubuntu1.1_i386.deb Size/MD5: 1158566 6c9f3d48e61081bd08fdef781e66f3ef http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-10ubuntu1.1_i386.deb Size/MD5: 107768 6c9a5ffa2597bb4c140098ba6aee52f8 http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-10ubuntu1.1_i386.deb Size/MD5: 68350 f294764496a8886ec136bb28d9d9fc14 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-10ubuntu1.1_powerpc.deb Size/MD5: 118684 74b6e583202c40ff700c34a8526364cb http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-10ubuntu1.1_powerpc.deb Size/MD5: 67920 1f5136910fa28a67c0f502da278e23c2 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-10ubuntu1.1_powerpc.deb Size/MD5: 1433978 584ef3d723e3a1be63d493c2b9fd7799 http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-10ubuntu1.1_powerpc.deb Size/MD5: 119082 a0f1c6d1fcdcf0751232728d074488eb http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-10ubuntu1.1_powerpc.deb Size/MD5: 78724 d5c49cdfb811c9f10dad44fb098a09b4 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-10ubuntu1.1_sparc.deb Size/MD5: 111480 cc24c22f5ed7c2d993dff941ca1278d2 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-10ubuntu1.1_sparc.deb Size/MD5: 62984 cd32c55c8d99a810046d1e852876db66 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-10ubuntu1.1_sparc.deb Size/MD5: 1192324 ae062ef40a1cc92a5927b1d4aada29a7 http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-10ubuntu1.1_sparc.deb Size/MD5: 111684 c2141a22c826a11065214829f8391c68 http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-10ubuntu1.1_sparc.deb Size/MD5: 68932 35081c20279458fa43675fb68e2590b1 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-11ubuntu0.1.diff.gz Size/MD5: 50599 0558b91bb50122e9b8d97db673547f1c http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-11ubuntu0.1.dsc Size/MD5: 1261 885d22265365eda670af9b89253ae1df http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz Size/MD5: 1926538 985e9f6d531ac0b2004f5cbebdeea87d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11ubuntu0.1_amd64.deb Size/MD5: 117796 949f0dd3e907cefed173791194f4569c http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11ubuntu0.1_amd64.deb Size/MD5: 69278 727407bf53689821cdc4f1a5d160687b http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11ubuntu0.1_amd64.deb Size/MD5: 1259144 42f2b5a581deaf809c831fd5142fc3df http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11ubuntu0.1_amd64.deb Size/MD5: 118266 9ff4f5fa4973cbc142255afadbfc6642 http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11ubuntu0.1_amd64.deb Size/MD5: 77262 d5666a23440e23e4cf8c2bb77adbfd64 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11ubuntu0.1_i386.deb Size/MD5: 109480 d18aadd3ceed2454beb3358111799b24 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11ubuntu0.1_i386.deb Size/MD5: 65090 9c5cd559bf82a9d8cb3050f7641b5030 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11ubuntu0.1_i386.deb Size/MD5: 1193458 afa6c3e0a74b0c690625767b31cdf3b5 http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11ubuntu0.1_i386.deb Size/MD5: 109640 ccd27f32c25b529c51e751821a1adc14 http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11ubuntu0.1_i386.deb Size/MD5: 71574 52e294370c9f5239bd4ea018f66132d3 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11ubuntu0.1_lpia.deb Size/MD5: 109476 99c83cb6461416e9dcbf004defb67783 http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-11ubuntu0.1_lpia.deb Size/MD5: 64636 b009900becf643ce5da0ebe0f7994bc4 http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-11ubuntu0.1_lpia.deb Size/MD5: 1210064 1dbfa228b0a857bb517c068a1823b875 http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11ubuntu0.1_lpia.deb Size/MD5: 109596 4356f5e395921e3d1ca1f9c916705d33 http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-11ubuntu0.1_lpia.deb Size/MD5: 70978 c6ba0efc2b1cdc0d04de9c670db3ee88 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11ubuntu0.1_powerpc.deb Size/MD5: 119718 f6c14468c7d34aad12aa44e20a34ee8c http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11ubuntu0.1_powerpc.deb Size/MD5: 72230 d717b745f707bfda7f266c3fb654b913 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11ubuntu0.1_powerpc.deb Size/MD5: 1570838 9456e2d126e50e7569a0c7f35ecefb72 http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11ubuntu0.1_powerpc.deb Size/MD5: 120036 3fd5889c1ccab9d5f2b8a9718fb810ca http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11ubuntu0.1_powerpc.deb Size/MD5: 85384 7575c0ac65d2d748cf4946ba1ccac931 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11ubuntu0.1_sparc.deb Size/MD5: 112128 d073826b938434f12d3fea1b2c8de8f4 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11ubuntu0.1_sparc.deb Size/MD5: 64596 390b364d2efb37312a6470da82601417 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11ubuntu0.1_sparc.deb Size/MD5: 1239510 d8c259674b5241bd23702f36ed7572f9 http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11ubuntu0.1_sparc.deb Size/MD5: 112318 ce2e6033bca4f16fafaf608b22d87150 http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11ubuntu0.1_sparc.deb Size/MD5: 70588 332d02f00dafb2f4ac5b72fb5a04de56