[SECURITY] Fedora Core 4 Update: netpbm-10.28-1.FC4.2

Jindrich Novy jnovy at redhat.com
Wed Aug 17 20:32:16 UTC 2005 

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-728
2005-08-17
---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : netpbm
Version     : 10.28                      
Release     : 1.FC4.2                  
Summary     : A library for handling different graphics file formats.
Description :
The netpbm package contains a library of functions that support
programs for handling various graphics file formats, including .pbm
(portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps),
.ppm (portable pixmaps), and others.

---------------------------------------------------------------------
Update Information:

pstopnm in netpbm does not properly use the "-dSAFER" option
when calling Ghostscript to convert a PostScript file into a
(1) PBM, (2) PGM, or (3) PNM file, which allows external
user-complicit attackers to execute arbitrary commands. 
---------------------------------------------------------------------
* Tue Aug  9 2005 Jindrich Novy <jnovy at redhat.com> 10.28-1.FC4.2
- fix CAN-2005-2471, unsafe gs calls from pstopnm (#165355)


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

c75f2c0006ab6426c1bac141ed356a48  SRPMS/netpbm-10.28-1.FC4.2.src.rpm
ca0c2e549644066eb9c7c138516835b0  ppc/netpbm-10.28-1.FC4.2.ppc.rpm
1bd1efa2ae963b6b334c872af0fd6d69  ppc/netpbm-devel-10.28-1.FC4.2.ppc.rpm
ee199a8a3564ca536fc3a913b2616b4d  ppc/netpbm-progs-10.28-1.FC4.2.ppc.rpm
ea3cc0fcb9da447b0d9afa3444046578  ppc/debug/netpbm-debuginfo-10.28-1.FC4.2.ppc.rpm
cb51d09e97c1bc99a07c1fbc71c47dbb  ppc/netpbm-10.28-1.FC4.2.ppc64.rpm
d0cd8297ab8834026f6869775d5da348  x86_64/netpbm-10.28-1.FC4.2.x86_64.rpm
d4693dec7263b06ed6f83fe6bc193910  x86_64/netpbm-devel-10.28-1.FC4.2.x86_64.rpm
4edf64b8929c8e9bb6519ea595bae6ec  x86_64/netpbm-progs-10.28-1.FC4.2.x86_64.rpm
0b8e26bbcf2026cc9e39e553550827fc 
x86_64/debug/netpbm-debuginfo-10.28-1.FC4.2.x86_64.rpm
7dfa20764e441856e3bd693649a6fd45  x86_64/netpbm-10.28-1.FC4.2.i386.rpm
7dfa20764e441856e3bd693649a6fd45  i386/netpbm-10.28-1.FC4.2.i386.rpm
21207195f92b79d9fa489b18d0d76041  i386/netpbm-devel-10.28-1.FC4.2.i386.rpm
d5be30f7bb4099ba335f77efa70448b3  i386/netpbm-progs-10.28-1.FC4.2.i386.rpm
2487ef9bc6fcd162587a3f128a2556b8  i386/debug/netpbm-debuginfo-10.28-1.FC4.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

More information about the fedora-announce-list mailing list