--------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-728 2005-08-17 --------------------------------------------------------------------- Product : Fedora Core 4 Name : netpbm Version : 10.28 Release : 1.FC4.2 Summary : A library for handling different graphics file formats. Description : The netpbm package contains a library of functions that support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps), and others. --------------------------------------------------------------------- Update Information: pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-complicit attackers to execute arbitrary commands. --------------------------------------------------------------------- * Tue Aug 9 2005 Jindrich Novy <jnovy@xxxxxxxxxx> 10.28-1.FC4.2 - fix CAN-2005-2471, unsafe gs calls from pstopnm (#165355) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ c75f2c0006ab6426c1bac141ed356a48 SRPMS/netpbm-10.28-1.FC4.2.src.rpm ca0c2e549644066eb9c7c138516835b0 ppc/netpbm-10.28-1.FC4.2.ppc.rpm 1bd1efa2ae963b6b334c872af0fd6d69 ppc/netpbm-devel-10.28-1.FC4.2.ppc.rpm ee199a8a3564ca536fc3a913b2616b4d ppc/netpbm-progs-10.28-1.FC4.2.ppc.rpm ea3cc0fcb9da447b0d9afa3444046578 ppc/debug/netpbm-debuginfo-10.28-1.FC4.2.ppc.rpm cb51d09e97c1bc99a07c1fbc71c47dbb ppc/netpbm-10.28-1.FC4.2.ppc64.rpm d0cd8297ab8834026f6869775d5da348 x86_64/netpbm-10.28-1.FC4.2.x86_64.rpm d4693dec7263b06ed6f83fe6bc193910 x86_64/netpbm-devel-10.28-1.FC4.2.x86_64.rpm 4edf64b8929c8e9bb6519ea595bae6ec x86_64/netpbm-progs-10.28-1.FC4.2.x86_64.rpm 0b8e26bbcf2026cc9e39e553550827fc x86_64/debug/netpbm-debuginfo-10.28-1.FC4.2.x86_64.rpm 7dfa20764e441856e3bd693649a6fd45 x86_64/netpbm-10.28-1.FC4.2.i386.rpm 7dfa20764e441856e3bd693649a6fd45 i386/netpbm-10.28-1.FC4.2.i386.rpm 21207195f92b79d9fa489b18d0d76041 i386/netpbm-devel-10.28-1.FC4.2.i386.rpm d5be30f7bb4099ba335f77efa70448b3 i386/netpbm-progs-10.28-1.FC4.2.i386.rpm 2487ef9bc6fcd162587a3f128a2556b8 i386/debug/netpbm-debuginfo-10.28-1.FC4.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- fedora-announce-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-announce-list
