=========================================================== Ubuntu Security Notice USN-934-1 April 29, 2010 netpbm-free vulnerability CVE-2009-4274 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: netpbm 2:10.0-11.1ubuntu0.1 Ubuntu 9.04: netpbm 2:10.0-12ubuntu0.9.04.1 Ubuntu 9.10: netpbm 2:10.0-12ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Marc Schoenefeld discovered a buffer overflow in Netpbm when loading certain images. If a user or automated system were tricked into opening a specially crafted XPM image, a remote attacker could crash Netpbm. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-11.1ubuntu0.1.diff.gz Size/MD5: 51396 3b933cdaeeb90688e5d542dea6cbe199 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-11.1ubuntu0.1.dsc Size/MD5: 854 9dee645790f928eb2641cd5719d9cb14 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz Size/MD5: 1926538 985e9f6d531ac0b2004f5cbebdeea87d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1ubuntu0.1_amd64.deb Size/MD5: 118022 e108a51c8b3e66a817e790709a8a2fe6 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11.1ubuntu0.1_amd64.deb Size/MD5: 69486 fe76fc6bbdd0a48f780ce1c3409f3e38 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11.1ubuntu0.1_amd64.deb Size/MD5: 1257782 c03bcd7ce2128e5c9a9df983c9ae036e http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11.1ubuntu0.1_amd64.deb Size/MD5: 118404 bd12f20af38061e666dc9383670ac1be http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11.1ubuntu0.1_amd64.deb Size/MD5: 77568 7e5d42b00cb558fefb33dcd473d12823 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1ubuntu0.1_i386.deb Size/MD5: 109694 898492b6a91dca7f82f77547454ef565 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11.1ubuntu0.1_i386.deb Size/MD5: 65382 6fafb325b673ad5dc77ef0e3bd529790 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11.1ubuntu0.1_i386.deb Size/MD5: 1192338 43c8cc47bb5dfb29bb412b34c3351494 http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11.1ubuntu0.1_i386.deb Size/MD5: 109900 1af0b014bb7d630381772931a8e15fbb http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11.1ubuntu0.1_i386.deb Size/MD5: 71846 7d116391aacab2dd1ea70f7e91cf82c6 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1ubuntu0.1_lpia.deb Size/MD5: 109572 c0ca55067b1ce35bce96e1daad6f205c http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-11.1ubuntu0.1_lpia.deb Size/MD5: 64722 1bc11f70f96157ab0682b70c7520bc41 http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-11.1ubuntu0.1_lpia.deb Size/MD5: 1210620 1e886cac5ec91e3b37e9fcb8ccf06e34 http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11.1ubuntu0.1_lpia.deb Size/MD5: 109686 5eb1bda6ec023f8fd2a4d34af3ade3e3 http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-11.1ubuntu0.1_lpia.deb Size/MD5: 71022 b9ef4e3a234246ab4f13182df12f46c5 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1ubuntu0.1_powerpc.deb Size/MD5: 120124 6561cacb0a9277f16f5d779a88848faf http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-11.1ubuntu0.1_powerpc.deb Size/MD5: 72616 c87f2376495cab70f64f22ac11b425e2 http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-11.1ubuntu0.1_powerpc.deb Size/MD5: 1565012 7546b9c5f487122fcc4a53e417005c30 http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11.1ubuntu0.1_powerpc.deb Size/MD5: 120474 27069053c59af434c160518c94acaea2 http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-11.1ubuntu0.1_powerpc.deb Size/MD5: 85992 c8e01fe04ff180c25e08ebd061e1f68b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1ubuntu0.1_sparc.deb Size/MD5: 111832 6e0989b7b9560c3a624a55899cd7fefe http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-11.1ubuntu0.1_sparc.deb Size/MD5: 64674 bcabe8e5e9cfce983af10d952fa98cc0 http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-11.1ubuntu0.1_sparc.deb Size/MD5: 1225306 a27e3a3163ab34ba47ad1188892ab5bb http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11.1ubuntu0.1_sparc.deb Size/MD5: 112074 b9b09cfb1a7d0788df0bdcaf357d2b47 http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-11.1ubuntu0.1_sparc.deb Size/MD5: 70576 0380c476d0963d7e1199bdd241ea9745 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-12ubuntu0.9.04.1.diff.gz Size/MD5: 51469 78f6a3a70f29dbd3de3518e514d02422 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-12ubuntu0.9.04.1.dsc Size/MD5: 1282 80711ad731ed5a21e5833c619a704050 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz Size/MD5: 1926538 985e9f6d531ac0b2004f5cbebdeea87d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu0.9.04.1_amd64.deb Size/MD5: 121830 4bc7ad40944c79669dec055f51164935 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu0.9.04.1_amd64.deb Size/MD5: 72256 97a7ea3c092d9b86ae8d545c2d1d84fb http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu0.9.04.1_amd64.deb Size/MD5: 1296934 b72beb3e5414f3056b984d439d99a4dc http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu0.9.04.1_amd64.deb Size/MD5: 122278 63ada11ecfbfa50f94fdcd387967469d http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu0.9.04.1_amd64.deb Size/MD5: 80618 5d48a9178417752d7be3315eaece3f27 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu0.9.04.1_i386.deb Size/MD5: 111308 d14be1569fc520a19e184c26fc04cbde http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu0.9.04.1_i386.deb Size/MD5: 66492 6e726eda1a56f3aae21a9b70591cca81 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu0.9.04.1_i386.deb Size/MD5: 1186290 fb1c74e6dc3c12bcdd457bd630f80992 http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu0.9.04.1_i386.deb Size/MD5: 111672 71fa30688904f6a31bb2f6dc37b975f7 http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu0.9.04.1_i386.deb Size/MD5: 73142 9120b99266e2656388176a62f39a7a50 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu0.9.04.1_lpia.deb Size/MD5: 110408 31ca163db78bb9c9b39dcd3244c8477d http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu0.9.04.1_lpia.deb Size/MD5: 65630 50e084e1a72f3254893f1ec0ac84be4d http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu0.9.04.1_lpia.deb Size/MD5: 1201782 1d6f93e3f57d93a03b4d8b91a0cb9911 http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu0.9.04.1_lpia.deb Size/MD5: 110626 f6321fc6b5b21ee71fbb3ecc4b16bc4f http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu0.9.04.1_lpia.deb Size/MD5: 72080 e3621916b6c6bba581c809255b15ebca powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu0.9.04.1_powerpc.deb Size/MD5: 121854 6e3fd3101ceeecfa7837d8de707c600a http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu0.9.04.1_powerpc.deb Size/MD5: 73536 8c2191938c9cee81d7921590a9d56fab http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu0.9.04.1_powerpc.deb Size/MD5: 1538576 50b34ec3c1e0db222c5e4ceed3f37bd9 http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu0.9.04.1_powerpc.deb Size/MD5: 122248 74a1fb9fa84fcea1acbacd614a36e708 http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu0.9.04.1_powerpc.deb Size/MD5: 87142 f9358fb6afd6979ab48340bc565dfdea sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu0.9.04.1_sparc.deb Size/MD5: 112342 2b684ce5b72ee3750945a918355161e1 http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu0.9.04.1_sparc.deb Size/MD5: 64712 f0e50d792616573dc7d91674a83b08c0 http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu0.9.04.1_sparc.deb Size/MD5: 1246284 1cb781727174a6ddfcda7b33b531c24f http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu0.9.04.1_sparc.deb Size/MD5: 112508 12681c89e6a0d6ef326a7880b5341480 http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu0.9.04.1_sparc.deb Size/MD5: 71044 009197a03432978b752c27fee372592f Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-12ubuntu1.1.diff.gz Size/MD5: 53120 375beda86e990ccdeb84d02b40b3851b http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-12ubuntu1.1.dsc Size/MD5: 1257 78896c4fdc3f1868969909b5ffff1939 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz Size/MD5: 1926538 985e9f6d531ac0b2004f5cbebdeea87d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu1.1_amd64.deb Size/MD5: 122492 b025e6bdbca03bf37058f0ee8f04b97d http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu1.1_amd64.deb Size/MD5: 72416 a821c3906f40e68cb7df777cec6f814e http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu1.1_amd64.deb Size/MD5: 1348222 10f74fba9571b655abf0f1f42085f2c4 http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu1.1_amd64.deb Size/MD5: 122686 1c3bf9489e33a2de3d8d90fad517a19d http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu1.1_amd64.deb Size/MD5: 81566 5c09e338a334e66a6d4d8cdad9eb5048 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu1.1_i386.deb Size/MD5: 111216 ce88d5ca75781debfa4d15cb67ccd752 http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu1.1_i386.deb Size/MD5: 66856 41f52a3145cf0d1d02051699555117bb http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu1.1_i386.deb Size/MD5: 1211310 1aea631cc8e4f02b2da393fec66bdfa4 http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu1.1_i386.deb Size/MD5: 111520 d1da86390c7ab5078c525bdfbca7a158 http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu1.1_i386.deb Size/MD5: 73548 7a6956b65b101594406c0d1b02790cac lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu1.1_lpia.deb Size/MD5: 113570 772eddf36a0c9f21b3d433327d62c8f0 http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu1.1_lpia.deb Size/MD5: 67286 1ed7e5da818f11629a2e59ef9ae0a78d http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu1.1_lpia.deb Size/MD5: 1243552 54e53d3523abaab3f5560e67ac52c515 http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu1.1_lpia.deb Size/MD5: 113856 16b6015d780f2821562ff86ddb83415c http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu1.1_lpia.deb Size/MD5: 73808 cb745c3040dbe1d53687c552d4ef4ea4 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu1.1_powerpc.deb Size/MD5: 122284 8cc6227ad60468bc54d67cdff4ccb91a http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu1.1_powerpc.deb Size/MD5: 71634 0c1e14204679de44cecb795e85bb0c09 http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu1.1_powerpc.deb Size/MD5: 1318546 d7f3262ec9a653a8c9339497711c6208 http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu1.1_powerpc.deb Size/MD5: 122598 ca549e7822edcfe54ce200807add4c1e http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu1.1_powerpc.deb Size/MD5: 78774 9838760022680b9f11fbb721d03d9083 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu1.1_sparc.deb Size/MD5: 113092 ee85fec79393b6020ee5433f8807c689 http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu1.1_sparc.deb Size/MD5: 65292 9486fa0af4b42ceb37fe27785efb1389 http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu1.1_sparc.deb Size/MD5: 1284554 15646f57449988a7357798ae145c64eb http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu1.1_sparc.deb Size/MD5: 113268 c44b7fe9a19d28aa369d651b37b46a75 http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu1.1_sparc.deb Size/MD5: 71674 cbe97c529ddbeb4db88bf93ea7359f41
Attachment:
signature.asc
Description: Digital signature