|Category:||Ubuntu Local Security Checks|
|Title:||Ubuntu USN-218-1 (netpbm-free)|
|Summary:||Ubuntu USN-218-1 (netpbm-free)|
The remote host is missing an update to netpbm-free
announced via advisory USN-218-1.
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected: netpbm
Two buffer overflows were discovered in the 'pnmtopng' tool, which
were triggered by processing an image with exactly 256 colors when
using the -alpha option (CVE-2005-3662) or by processing a text file
with very long lines when using the -text option (CVE-2005-3632).
A remote attacker could exploit these to execute arbitrary code by
tricking an user or an automated system into processing a specially
crafted PNM file with pnmtopng.
The problem can be corrected by upgrading the affected package to
version 2:10.0-5ubuntu0.3 (for Ubuntu 4.10), 2:10.0-8ubuntu0.3 (for
Ubuntu 5.04), or 2:10.0-8ubuntu1.2 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.
Risk factor : Medium
Common Vulnerability Exposure (CVE) ID: CVE-2005-3632|
Debian Security Information: DSA-904 (Google Search)
SuSE Security Announcement: SUSE-SR:2005:028 (Google Search)
BugTraq ID: 15514
Common Vulnerability Exposure (CVE) ID: CVE-2005-3662
SGI Security Advisory: 20060101-01-U
BugTraq ID: 15427
|Copyright||Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com|
|This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.