Articles / Ubuntu: New netpbm packages…

Ubuntu: New netpbm packages fix security issues

Marc Schoenefeld discovered a buffer overflow in Netpbm when loading certain images. If a user or automated system were tricked into opening a specially crafted XPM image, a remote attacker could crash Netpbm. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Updated packages are available from security.ubuntu.com.

===========================================================
Ubuntu Security Notice USN-934-1             April 29, 2010
netpbm-free vulnerability
CVE-2009-4274
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
 netpbm                          2:10.0-11.1ubuntu0.1

Ubuntu 9.04:
 netpbm                          2:10.0-12ubuntu0.9.04.1

Ubuntu 9.10:
 netpbm                          2:10.0-12ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Marc Schoenefeld discovered a buffer overflow in Netpbm when loading
certain images. If a user or automated system were tricked into opening a
specially crafted XPM image, a remote attacker could crash Netpbm. The
default compiler options for affected releases should reduce the
vulnerability to a denial of service.


Updated packages for Ubuntu 8.04 LTS:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-11.1ubuntu0.1.diff.gz
     Size/MD5:    51396 3b933cdaeeb90688e5d542dea6cbe199
   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-11.1ubuntu0.1.dsc
     Size/MD5:      854 9dee645790f928eb2641cd5719d9cb14
   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
     Size/MD5:  1926538 985e9f6d531ac0b2004f5cbebdeea87d

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1ubuntu0.1_amd64.deb
     Size/MD5:   118022 e108a51c8b3e66a817e790709a8a2fe6
   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11.1ubuntu0.1_amd64.deb
     Size/MD5:    69486 fe76fc6bbdd0a48f780ce1c3409f3e38
   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11.1ubuntu0.1_amd64.deb
     Size/MD5:  1257782 c03bcd7ce2128e5c9a9df983c9ae036e
   http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11.1ubuntu0.1_amd64.deb
     Size/MD5:   118404 bd12f20af38061e666dc9383670ac1be
   http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11.1ubuntu0.1_amd64.deb
     Size/MD5:    77568 7e5d42b00cb558fefb33dcd473d12823

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1ubuntu0.1_i386.deb
     Size/MD5:   109694 898492b6a91dca7f82f77547454ef565
   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-11.1ubuntu0.1_i386.deb
     Size/MD5:    65382 6fafb325b673ad5dc77ef0e3bd529790
   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-11.1ubuntu0.1_i386.deb
     Size/MD5:  1192338 43c8cc47bb5dfb29bb412b34c3351494
   http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11.1ubuntu0.1_i386.deb
     Size/MD5:   109900 1af0b014bb7d630381772931a8e15fbb
   http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-11.1ubuntu0.1_i386.deb
     Size/MD5:    71846 7d116391aacab2dd1ea70f7e91cf82c6

 lpia architecture (Low Power Intel Architecture):

   http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1ubuntu0.1_lpia.deb
     Size/MD5:   109572 c0ca55067b1ce35bce96e1daad6f205c
   http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-11.1ubuntu0.1_lpia.deb
     Size/MD5:    64722 1bc11f70f96157ab0682b70c7520bc41
   http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-11.1ubuntu0.1_lpia.deb
     Size/MD5:  1210620 1e886cac5ec91e3b37e9fcb8ccf06e34
   http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11.1ubuntu0.1_lpia.deb
     Size/MD5:   109686 5eb1bda6ec023f8fd2a4d34af3ade3e3
   http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-11.1ubuntu0.1_lpia.deb
     Size/MD5:    71022 b9ef4e3a234246ab4f13182df12f46c5

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1ubuntu0.1_powerpc.deb
     Size/MD5:   120124 6561cacb0a9277f16f5d779a88848faf
   http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-11.1ubuntu0.1_powerpc.deb
     Size/MD5:    72616 c87f2376495cab70f64f22ac11b425e2
   http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-11.1ubuntu0.1_powerpc.deb
     Size/MD5:  1565012 7546b9c5f487122fcc4a53e417005c30
   http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11.1ubuntu0.1_powerpc.deb
     Size/MD5:   120474 27069053c59af434c160518c94acaea2
   http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-11.1ubuntu0.1_powerpc.deb
     Size/MD5:    85992 c8e01fe04ff180c25e08ebd061e1f68b

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1ubuntu0.1_sparc.deb
     Size/MD5:   111832 6e0989b7b9560c3a624a55899cd7fefe
   http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-11.1ubuntu0.1_sparc.deb
     Size/MD5:    64674 bcabe8e5e9cfce983af10d952fa98cc0
   http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-11.1ubuntu0.1_sparc.deb
     Size/MD5:  1225306 a27e3a3163ab34ba47ad1188892ab5bb
   http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-11.1ubuntu0.1_sparc.deb
     Size/MD5:   112074 b9b09cfb1a7d0788df0bdcaf357d2b47
   http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-11.1ubuntu0.1_sparc.deb
     Size/MD5:    70576 0380c476d0963d7e1199bdd241ea9745

Updated packages for Ubuntu 9.04:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-12ubuntu0.9.04.1.diff.gz
     Size/MD5:    51469 78f6a3a70f29dbd3de3518e514d02422
   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-12ubuntu0.9.04.1.dsc
     Size/MD5:     1282 80711ad731ed5a21e5833c619a704050
   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
     Size/MD5:  1926538 985e9f6d531ac0b2004f5cbebdeea87d

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu0.9.04.1_amd64.deb
     Size/MD5:   121830 4bc7ad40944c79669dec055f51164935
   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu0.9.04.1_amd64.deb
     Size/MD5:    72256 97a7ea3c092d9b86ae8d545c2d1d84fb
   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu0.9.04.1_amd64.deb
     Size/MD5:  1296934 b72beb3e5414f3056b984d439d99a4dc
   http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu0.9.04.1_amd64.deb
     Size/MD5:   122278 63ada11ecfbfa50f94fdcd387967469d
   http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu0.9.04.1_amd64.deb
     Size/MD5:    80618 5d48a9178417752d7be3315eaece3f27

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu0.9.04.1_i386.deb
     Size/MD5:   111308 d14be1569fc520a19e184c26fc04cbde
   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu0.9.04.1_i386.deb
     Size/MD5:    66492 6e726eda1a56f3aae21a9b70591cca81
   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu0.9.04.1_i386.deb
     Size/MD5:  1186290 fb1c74e6dc3c12bcdd457bd630f80992
   http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu0.9.04.1_i386.deb
     Size/MD5:   111672 71fa30688904f6a31bb2f6dc37b975f7
   http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu0.9.04.1_i386.deb
     Size/MD5:    73142 9120b99266e2656388176a62f39a7a50

 lpia architecture (Low Power Intel Architecture):

   http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu0.9.04.1_lpia.deb
     Size/MD5:   110408 31ca163db78bb9c9b39dcd3244c8477d
   http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu0.9.04.1_lpia.deb
     Size/MD5:    65630 50e084e1a72f3254893f1ec0ac84be4d
   http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu0.9.04.1_lpia.deb
     Size/MD5:  1201782 1d6f93e3f57d93a03b4d8b91a0cb9911
   http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu0.9.04.1_lpia.deb
     Size/MD5:   110626 f6321fc6b5b21ee71fbb3ecc4b16bc4f
   http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu0.9.04.1_lpia.deb
     Size/MD5:    72080 e3621916b6c6bba581c809255b15ebca

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu0.9.04.1_powerpc.deb
     Size/MD5:   121854 6e3fd3101ceeecfa7837d8de707c600a
   http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu0.9.04.1_powerpc.deb
     Size/MD5:    73536 8c2191938c9cee81d7921590a9d56fab
   http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu0.9.04.1_powerpc.deb
     Size/MD5:  1538576 50b34ec3c1e0db222c5e4ceed3f37bd9
   http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu0.9.04.1_powerpc.deb
     Size/MD5:   122248 74a1fb9fa84fcea1acbacd614a36e708
   http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu0.9.04.1_powerpc.deb
     Size/MD5:    87142 f9358fb6afd6979ab48340bc565dfdea

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu0.9.04.1_sparc.deb
     Size/MD5:   112342 2b684ce5b72ee3750945a918355161e1
   http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu0.9.04.1_sparc.deb
     Size/MD5:    64712 f0e50d792616573dc7d91674a83b08c0
   http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu0.9.04.1_sparc.deb
     Size/MD5:  1246284 1cb781727174a6ddfcda7b33b531c24f
   http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu0.9.04.1_sparc.deb
     Size/MD5:   112508 12681c89e6a0d6ef326a7880b5341480
   http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu0.9.04.1_sparc.deb
     Size/MD5:    71044 009197a03432978b752c27fee372592f

Updated packages for Ubuntu 9.10:

 Source archives:

   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-12ubuntu1.1.diff.gz
     Size/MD5:    53120 375beda86e990ccdeb84d02b40b3851b
   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0-12ubuntu1.1.dsc
     Size/MD5:     1257 78896c4fdc3f1868969909b5ffff1939
   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
     Size/MD5:  1926538 985e9f6d531ac0b2004f5cbebdeea87d

 amd64 architecture (Athlon64, Opteron, EM64T Xeon):

   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu1.1_amd64.deb
     Size/MD5:   122492 b025e6bdbca03bf37058f0ee8f04b97d
   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu1.1_amd64.deb
     Size/MD5:    72416 a821c3906f40e68cb7df777cec6f814e
   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu1.1_amd64.deb
     Size/MD5:  1348222 10f74fba9571b655abf0f1f42085f2c4
   http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu1.1_amd64.deb
     Size/MD5:   122686 1c3bf9489e33a2de3d8d90fad517a19d
   http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu1.1_amd64.deb
     Size/MD5:    81566 5c09e338a334e66a6d4d8cdad9eb5048

 i386 architecture (x86 compatible Intel/AMD):

   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu1.1_i386.deb
     Size/MD5:   111216 ce88d5ca75781debfa4d15cb67ccd752
   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu1.1_i386.deb
     Size/MD5:    66856 41f52a3145cf0d1d02051699555117bb
   http://security.ubuntu.com/ubuntu/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu1.1_i386.deb
     Size/MD5:  1211310 1aea631cc8e4f02b2da393fec66bdfa4
   http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu1.1_i386.deb
     Size/MD5:   111520 d1da86390c7ab5078c525bdfbca7a158
   http://security.ubuntu.com/ubuntu/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu1.1_i386.deb
     Size/MD5:    73548 7a6956b65b101594406c0d1b02790cac

 lpia architecture (Low Power Intel Architecture):

   http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu1.1_lpia.deb
     Size/MD5:   113570 772eddf36a0c9f21b3d433327d62c8f0
   http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu1.1_lpia.deb
     Size/MD5:    67286 1ed7e5da818f11629a2e59ef9ae0a78d
   http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu1.1_lpia.deb
     Size/MD5:  1243552 54e53d3523abaab3f5560e67ac52c515
   http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu1.1_lpia.deb
     Size/MD5:   113856 16b6015d780f2821562ff86ddb83415c
   http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu1.1_lpia.deb
     Size/MD5:    73808 cb745c3040dbe1d53687c552d4ef4ea4

 powerpc architecture (Apple Macintosh G3/G4/G5):

   http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu1.1_powerpc.deb
     Size/MD5:   122284 8cc6227ad60468bc54d67cdff4ccb91a
   http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu1.1_powerpc.deb
     Size/MD5:    71634 0c1e14204679de44cecb795e85bb0c09
   http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu1.1_powerpc.deb
     Size/MD5:  1318546 d7f3262ec9a653a8c9339497711c6208
   http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu1.1_powerpc.deb
     Size/MD5:   122598 ca549e7822edcfe54ce200807add4c1e
   http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu1.1_powerpc.deb
     Size/MD5:    78774 9838760022680b9f11fbb721d03d9083

 sparc architecture (Sun SPARC/UltraSPARC):

   http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10-dev_10.0-12ubuntu1.1_sparc.deb
     Size/MD5:   113092 ee85fec79393b6020ee5433f8807c689
   http://ports.ubuntu.com/pool/main/n/netpbm-free/libnetpbm10_10.0-12ubuntu1.1_sparc.deb
     Size/MD5:    65292 9486fa0af4b42ceb37fe27785efb1389
   http://ports.ubuntu.com/pool/main/n/netpbm-free/netpbm_10.0-12ubuntu1.1_sparc.deb
     Size/MD5:  1284554 15646f57449988a7357798ae145c64eb
   http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9-dev_10.0-12ubuntu1.1_sparc.deb
     Size/MD5:   113268 c44b7fe9a19d28aa369d651b37b46a75
   http://ports.ubuntu.com/pool/universe/n/netpbm-free/libnetpbm9_10.0-12ubuntu1.1_sparc.deb
     Size/MD5:    71674 cbe97c529ddbeb4db88bf93ea7359f41
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.