-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2005-90
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date: 20 Sep 2005
Last revised: 20 Sep 2005
Package: netpbm
Summary: Vulnerability exists in netpbm
More information:
The netpbm package contains a library of functions which support programs
for handling various graphics file formats.
A vulnerability in the manner in which netpbm handles GhostScript.
Impact:
This vulnerability may allow remote attackers to execute arbitrary code via a malformed file.
Affected Products:
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F...,
Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal]
# turbopkg
or
# zabom -u netpbm netpbm-devel netpbm-progs
[other]
# turbopkg
or
# zabom update netpbm netpbm-devel netpbm-progs
---------------------------------------------
<Turbolinux 10 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/netpbm-10.18.13-4.src.rpm
2107933 1be0a360810ed20d193069d04c54bf5c
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/netpbm-10.18.13-4.i586.rpm
108059 c25cece769a3cb9829e5a5ad32534312
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/netpbm-devel-10.18.13-4.i586.rpm
105249 8f9956a33fb093358380c9664f7206a3
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/netpbm-progs-10.18.13-4.i586.rpm
953859 7b6441173b4f7e5cadac09d86da7df44
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/netpbm-10.14-3.src.rpm
2089188 4fe59afe7947ace4859cc1a1bf4b7299
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/netpbm-10.14-3.i586.rpm
96707 4b2c4c21c65c6bde7afcd61918531a24
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/netpbm-devel-10.14-3.i586.rpm
101221 91b152b155176c1cf33d530e096d5c42
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/netpbm-progs-10.14-3.i586.rpm
975930 66f6c861e80c2c19894156d593cbd131
<Turbolinux 8 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/netpbm-9.25-4.src.rpm
2066225 0226ea4a8de16879b32c65add914cbe5
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/netpbm-9.25-4.i586.rpm
98199 02ff72f6b92f9f043f1b4c23a0abc23d
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/netpbm-devel-9.25-4.i586.rpm
114497 e4ac1f30110756896ad97334e855b525
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/netpbm-progs-9.25-4.i586.rpm
1150217 20510774c8d657d9235a1980c327d7b8
<Turbolinux 8 Workstation>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/netpbm-9.25-4.src.rpm
2066225 260dbe38a0536aedf6092ce0be00b59c
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/netpbm-9.25-4.i586.rpm
98278 eb31b0424fe6cb46d9bc1d3d378f1b74
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/netpbm-devel-9.25-4.i586.rpm
114499 be07111ba807816a24ef52a0eb7c2330
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/netpbm-progs-9.25-4.i586.rpm
1150205 1217f047e778c7e60b131a4ea10eab8b
<Turbolinux 7 Server>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/netpbm-9.14-3.src.rpm
2099570 e65e91674a9a4d5e3a167892d235885a
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/netpbm-9.14-3.i586.rpm
82302 6dbb158081ab9dcb6429f558f5972d93
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/netpbm-devel-9.14-3.i586.rpm
104270 167e3a45c1362bd08258840782f38d81
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/netpbm-progs-9.14-3.i586.rpm
1057680 730c50f21935581e77bdb0fc0f9d3573
<Turbolinux 7 Workstation>
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/netpbm-9.14-3.src.rpm
2099570 93522ffddd88ec50fe04a7b13af15505
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/netpbm-9.14-3.i586.rpm
82280 ee900ce70d4ec89a8e2f9c911ad476ac
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/netpbm-devel-9.14-3.i586.rpm
104176 b0b1c41e000496e6b941be1bf3ba50a0
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/netpbm-progs-9.14-3.i586.rpm
1057373 3a4ffda9c31212640b4967d68affd31d
References:
CVE
[
CAN-2005-2471]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2005-2471
--------------------------------------------------------------------------
Revision History
20 Sep 2005 Initial release
--------------------------------------------------------------------------
Copyright(C) 2005 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDL7E9K0LzjOqIJMwRAg/uAKCoMuQYh3XXGqjiD59KTAvY+YQ3NQCdG0ol
Rah3eyP1MgHqyT/1fxb1PLM=
=hJP5
-----END PGP SIGNATURE-----
