Ubuntu Local Security Checks : Ubuntu USN-218-1 (netpbm-free)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.55921

Category: Ubuntu Local Security Checks

Title: Ubuntu USN-218-1 (netpbm-free)

Summary: Ubuntu USN-218-1 (netpbm-free)

Description:
The remote host is missing an update to netpbm-free
announced via advisory USN-218-1.

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected: netpbm

Two buffer overflows were discovered in the 'pnmtopng' tool, which
were triggered by processing an image with exactly 256 colors when
using the -alpha option (CVE-2005-3662) or by processing a text file
with very long lines when using the -text option (CVE-2005-3632).

A remote attacker could exploit these to execute arbitrary code by
tricking an user or an automated system into processing a specially
crafted PNM file with pnmtopng.

Solution:
The problem can be corrected by upgrading the affected package to
version 2:10.0-5ubuntu0.3 (for Ubuntu 4.10), 2:10.0-8ubuntu0.3 (for
Ubuntu 5.04), or 2:10.0-8ubuntu1.2 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-218-1

Risk factor : Medium

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-3632
Debian Security Information: DSA-904 (Google Search)
http://www.debian.org/security/2005/dsa-904
http://www.mandriva.com/security/advisories?name=MDKSA-2005:217
http://www.redhat.com/support/errata/RHSA-2005-843.html
SuSE Security Announcement: SUSE-SR:2005:028 (Google Search)
http://www.novell.com/linux/security/advisories/2005_28_sr.html
http://www.ubuntulinux.org/support/documentation/usn/usn-218-1
BugTraq ID: 15514
http://www.securityfocus.com/bid/15514
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11165
http://www.vupen.com/english/advisories/2005/2418
http://secunia.com/advisories/17544
http://secunia.com/advisories/17679
http://secunia.com/advisories/17828
http://secunia.com/advisories/18186
http://secunia.com/advisories/17671
Common Vulnerability Exposure (CVE) ID: CVE-2005-3662
SGI Security Advisory: 20060101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
BugTraq ID: 15427
http://www.securityfocus.com/bid/15427
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9583
http://secunia.com/advisories/18517

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.55921
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-218-1 (netpbm-free)
Summary:	Ubuntu USN-218-1 (netpbm-free)
Description:	The remote host is missing an update to netpbm-free announced via advisory USN-218-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: netpbm Two buffer overflows were discovered in the 'pnmtopng' tool, which were triggered by processing an image with exactly 256 colors when using the -alpha option (CVE-2005-3662) or by processing a text file with very long lines when using the -text option (CVE-2005-3632). A remote attacker could exploit these to execute arbitrary code by tricking an user or an automated system into processing a specially crafted PNM file with pnmtopng. Solution: The problem can be corrected by upgrading the affected package to version 2:10.0-5ubuntu0.3 (for Ubuntu 4.10), 2:10.0-8ubuntu0.3 (for Ubuntu 5.04), or 2:10.0-8ubuntu1.2 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-218-1 Risk factor : Medium
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-3632 Debian Security Information: DSA-904 (Google Search) http://www.debian.org/security/2005/dsa-904 http://www.mandriva.com/security/advisories?name=MDKSA-2005:217 http://www.redhat.com/support/errata/RHSA-2005-843.html SuSE Security Announcement: SUSE-SR:2005:028 (Google Search) http://www.novell.com/linux/security/advisories/2005_28_sr.html http://www.ubuntulinux.org/support/documentation/usn/usn-218-1 BugTraq ID: 15514 http://www.securityfocus.com/bid/15514 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11165 http://www.vupen.com/english/advisories/2005/2418 http://secunia.com/advisories/17544 http://secunia.com/advisories/17679 http://secunia.com/advisories/17828 http://secunia.com/advisories/18186 http://secunia.com/advisories/17671 Common Vulnerability Exposure (CVE) ID: CVE-2005-3662 SGI Security Advisory: 20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U BugTraq ID: 15427 http://www.securityfocus.com/bid/15427 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9583 http://secunia.com/advisories/18517
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com