__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN netpbm security update [RHSA-2005:743-08] August 23, 2005 17:00 GMT Number P-285 [REVISED 08 Sep 2005] ______________________________________________________________________________ PROBLEM: A bug was found in the way netpbm converts PostScript files into PBM, PGM or PPM files. PLATFORM: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor SGI ProPack 3 Service Pack 6 for SGI Altix family of systems DAMAGE: An attacker could create a carefully crafted PostScript file in such a way that it could execute arbitrary commands when the file is processed by a victim using pstopnm. SOLUTION: Upgrade to current version. ______________________________________________________________________________ VULNERABILITY The risk is LOW. An attacker could create a carefully crafted ASSESSMENT: file in such a way that it could execute arbitrary commands. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/p-285.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2005-743.html ADDITIONAL LINKS: SGI Security Advisory Number 2005090101-U ftp://patches.sgi.com/support/free/security/advisories/ 20050901-01-U.asc CVE/CAN: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CAN-2005-2471 ______________________________________________________________________________ REVISION HISTORY: 09/08/2005 - added link to SGI Security Advisory 20050901-01-U that provides patches for SGI ProPack 3 Service Pack 6. [***** Start RHSA-2005:743-08 *****] Low: netpbm security update Advisory: RHSA-2005:743-08 Type: Security Advisory Issued on: 2005-08-22 Last updated on: 2005-08-22 Affected Products: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor CVEs (cve.mitre.org): CAN-2005-2471 Details Updated netpbm packages that fix a security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The netpbm package contains a library of functions that support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. A bug was found in the way netpbm converts PostScript files into PBM, PGM or PPM files. An attacker could create a carefully crafted PostScript file in such a way that it could execute arbitrary commands when the file is processed by a victim using pstopnm. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2471 to this issue. All users of netpbm should upgrade to the updated packages, which contain a backported patch to resolve this issue. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Updated packages Red Hat Desktop (v. 3) SRPMS: netpbm-9.24-11.30.2.src.rpm 0cbc57173d4c67641b1cd4c6d554d7d5 IA-32: netpbm-9.24-11.30.2.i386.rpm 54e4b9b1f3148d653642b0207bb95a05 netpbm-devel-9.24-11.30.2.i386.rpm e00bf44ef1264face9d30f1f3ea447f0 netpbm-progs-9.24-11.30.2.i386.rpm 577fbbf1e292e68e33673505db2f27b8 x86_64: netpbm-9.24-11.30.2.i386.rpm 54e4b9b1f3148d653642b0207bb95a05 netpbm-9.24-11.30.2.x86_64.rpm aeeb5e951717021ee5c3e0bcc25106f4 netpbm-devel-9.24-11.30.2.x86_64.rpm 077468df7b231dfc7940c683d8c0d61c netpbm-progs-9.24-11.30.2.x86_64.rpm 895c4f320449d7458705b79262f8566c Red Hat Desktop (v. 4) SRPMS: netpbm-10.25-2.EL4.1.src.rpm 869e0f21cfd0377739445c391731eedd IA-32: netpbm-10.25-2.EL4.1.i386.rpm 4c9721788faee4772a53714354ddeeaf netpbm-devel-10.25-2.EL4.1.i386.rpm 1dbb7efb0c0263385155d384d4391b98 netpbm-progs-10.25-2.EL4.1.i386.rpm 171ac58a455d11573617987a1d1491b5 x86_64: netpbm-10.25-2.EL4.1.i386.rpm 4c9721788faee4772a53714354ddeeaf netpbm-10.25-2.EL4.1.x86_64.rpm 79ab9dcf0c19661719ef8d19d778aea0 netpbm-devel-10.25-2.EL4.1.x86_64.rpm cddf4e0c5e2bbcac02002376e7830ae8 netpbm-progs-10.25-2.EL4.1.x86_64.rpm 1de2e67ae51b427005999b2ad413c5d6 Red Hat Enterprise Linux AS (v. 2.1) SRPMS: netpbm-9.24-9.AS21.4.src.rpm 811dca197324094d79f4242325b08609 IA-32: netpbm-9.24-9.AS21.4.i386.rpm ac0b56e01dd861b14e4510a793c9ea8e netpbm-devel-9.24-9.AS21.4.i386.rpm b7d87039c032a6dbf6b7831d18e7a103 netpbm-progs-9.24-9.AS21.4.i386.rpm 9befb02310e527a72767c80e21e47eda IA-64: netpbm-9.24-9.AS21.4.ia64.rpm 8286f19e1a7d5ad225c4ca1515d3bbbf netpbm-devel-9.24-9.AS21.4.ia64.rpm 20d1855ff0ecb091485c02d495433239 netpbm-progs-9.24-9.AS21.4.ia64.rpm 00d36b5c9a0aa343e0cb26ca578490e5 Red Hat Enterprise Linux AS (v. 3) SRPMS: netpbm-9.24-11.30.2.src.rpm 0cbc57173d4c67641b1cd4c6d554d7d5 IA-32: netpbm-9.24-11.30.2.i386.rpm 54e4b9b1f3148d653642b0207bb95a05 netpbm-devel-9.24-11.30.2.i386.rpm e00bf44ef1264face9d30f1f3ea447f0 netpbm-progs-9.24-11.30.2.i386.rpm 577fbbf1e292e68e33673505db2f27b8 IA-64: netpbm-9.24-11.30.2.i386.rpm 54e4b9b1f3148d653642b0207bb95a05 netpbm-9.24-11.30.2.ia64.rpm 8c62264a5d040d869228ef07c356d511 netpbm-devel-9.24-11.30.2.ia64.rpm 70717ab0600b1f0d9fddb7c3ce55a726 netpbm-progs-9.24-11.30.2.ia64.rpm 0cb39d2f07227be71af3e90ac228ac5d PPC: netpbm-9.24-11.30.2.ppc.rpm 8810fb53342e7c9b54777dd15157980d netpbm-9.24-11.30.2.ppc64.rpm c8a377dcabf4cb2700b5d2921b0f36d6 netpbm-devel-9.24-11.30.2.ppc.rpm d5abadde29b8ffcb4dc4ce33ba51e160 netpbm-progs-9.24-11.30.2.ppc.rpm cdca8f666ca2f2e6e6d73173cc078cda s390: netpbm-9.24-11.30.2.s390.rpm ae7c0c83795b2f9d919d632ecbec98e4 netpbm-devel-9.24-11.30.2.s390.rpm 4f77dc9899e24faa336881dc90f049f4 netpbm-progs-9.24-11.30.2.s390.rpm f6949ce9913ee9c6b4ae5c1282d45ec8 s390x: netpbm-9.24-11.30.2.s390.rpm ae7c0c83795b2f9d919d632ecbec98e4 netpbm-9.24-11.30.2.s390x.rpm 42f272052b23f14c4593d59613110e4f netpbm-devel-9.24-11.30.2.s390x.rpm f192270764af4be44d9040e8ee0960fc netpbm-progs-9.24-11.30.2.s390x.rpm cba3eb031401a348108e762b26a558d7 x86_64: netpbm-9.24-11.30.2.i386.rpm 54e4b9b1f3148d653642b0207bb95a05 netpbm-9.24-11.30.2.x86_64.rpm aeeb5e951717021ee5c3e0bcc25106f4 netpbm-devel-9.24-11.30.2.x86_64.rpm 077468df7b231dfc7940c683d8c0d61c netpbm-progs-9.24-11.30.2.x86_64.rpm 895c4f320449d7458705b79262f8566c Red Hat Enterprise Linux AS (v. 4) SRPMS: netpbm-10.25-2.EL4.1.src.rpm 869e0f21cfd0377739445c391731eedd IA-32: netpbm-10.25-2.EL4.1.i386.rpm 4c9721788faee4772a53714354ddeeaf netpbm-devel-10.25-2.EL4.1.i386.rpm 1dbb7efb0c0263385155d384d4391b98 netpbm-progs-10.25-2.EL4.1.i386.rpm 171ac58a455d11573617987a1d1491b5 IA-64: netpbm-10.25-2.EL4.1.i386.rpm 4c9721788faee4772a53714354ddeeaf netpbm-10.25-2.EL4.1.ia64.rpm 880f3a657940bc52db851023867a0352 netpbm-devel-10.25-2.EL4.1.ia64.rpm 71a8155fef4920eb70a810731fc5f692 netpbm-progs-10.25-2.EL4.1.ia64.rpm d37c2f791950d4956a628ecbb8747615 PPC: netpbm-10.25-2.EL4.1.ppc.rpm cc0188a8ccbddfda6740ac2022e8863f netpbm-10.25-2.EL4.1.ppc64.rpm b058426aed7fac9f713733f457744538 netpbm-devel-10.25-2.EL4.1.ppc.rpm 8a540650f6c8902973b3e8df86a8b154 netpbm-progs-10.25-2.EL4.1.ppc.rpm b8cc6b71ad253855729e181bc5efecdc s390: netpbm-10.25-2.EL4.1.s390.rpm 19f7fa268d1030ed163ee10c578bd915 netpbm-devel-10.25-2.EL4.1.s390.rpm 6ffe8964ea0ddd43ebd3ae1ce7710c89 netpbm-progs-10.25-2.EL4.1.s390.rpm ca7ec7adb7519cde1ea22407e412bf04 s390x: netpbm-10.25-2.EL4.1.s390.rpm 19f7fa268d1030ed163ee10c578bd915 netpbm-10.25-2.EL4.1.s390x.rpm 146544c0a2ad3b1dce15cfe1957d98cf netpbm-devel-10.25-2.EL4.1.s390x.rpm 744c222b67dbb77f83d60ba9fc45e9eb netpbm-progs-10.25-2.EL4.1.s390x.rpm a7d0e17a1693d02734ffebc4d00496bb x86_64: netpbm-10.25-2.EL4.1.i386.rpm 4c9721788faee4772a53714354ddeeaf netpbm-10.25-2.EL4.1.x86_64.rpm 79ab9dcf0c19661719ef8d19d778aea0 netpbm-devel-10.25-2.EL4.1.x86_64.rpm cddf4e0c5e2bbcac02002376e7830ae8 netpbm-progs-10.25-2.EL4.1.x86_64.rpm 1de2e67ae51b427005999b2ad413c5d6 Red Hat Enterprise Linux ES (v. 2.1) SRPMS: netpbm-9.24-9.AS21.4.src.rpm 811dca197324094d79f4242325b08609 IA-32: netpbm-9.24-9.AS21.4.i386.rpm ac0b56e01dd861b14e4510a793c9ea8e netpbm-devel-9.24-9.AS21.4.i386.rpm b7d87039c032a6dbf6b7831d18e7a103 netpbm-progs-9.24-9.AS21.4.i386.rpm 9befb02310e527a72767c80e21e47eda Red Hat Enterprise Linux ES (v. 3) SRPMS: netpbm-9.24-11.30.2.src.rpm 0cbc57173d4c67641b1cd4c6d554d7d5 IA-32: netpbm-9.24-11.30.2.i386.rpm 54e4b9b1f3148d653642b0207bb95a05 netpbm-devel-9.24-11.30.2.i386.rpm e00bf44ef1264face9d30f1f3ea447f0 netpbm-progs-9.24-11.30.2.i386.rpm 577fbbf1e292e68e33673505db2f27b8 IA-64: netpbm-9.24-11.30.2.i386.rpm 54e4b9b1f3148d653642b0207bb95a05 netpbm-9.24-11.30.2.ia64.rpm 8c62264a5d040d869228ef07c356d511 netpbm-devel-9.24-11.30.2.ia64.rpm 70717ab0600b1f0d9fddb7c3ce55a726 netpbm-progs-9.24-11.30.2.ia64.rpm 0cb39d2f07227be71af3e90ac228ac5d x86_64: netpbm-9.24-11.30.2.i386.rpm 54e4b9b1f3148d653642b0207bb95a05 netpbm-9.24-11.30.2.x86_64.rpm aeeb5e951717021ee5c3e0bcc25106f4 netpbm-devel-9.24-11.30.2.x86_64.rpm 077468df7b231dfc7940c683d8c0d61c netpbm-progs-9.24-11.30.2.x86_64.rpm 895c4f320449d7458705b79262f8566c Red Hat Enterprise Linux ES (v. 4) SRPMS: netpbm-10.25-2.EL4.1.src.rpm 869e0f21cfd0377739445c391731eedd IA-32: netpbm-10.25-2.EL4.1.i386.rpm 4c9721788faee4772a53714354ddeeaf netpbm-devel-10.25-2.EL4.1.i386.rpm 1dbb7efb0c0263385155d384d4391b98 netpbm-progs-10.25-2.EL4.1.i386.rpm 171ac58a455d11573617987a1d1491b5 IA-64: netpbm-10.25-2.EL4.1.i386.rpm 4c9721788faee4772a53714354ddeeaf netpbm-10.25-2.EL4.1.ia64.rpm 880f3a657940bc52db851023867a0352 netpbm-devel-10.25-2.EL4.1.ia64.rpm 71a8155fef4920eb70a810731fc5f692 netpbm-progs-10.25-2.EL4.1.ia64.rpm d37c2f791950d4956a628ecbb8747615 x86_64: netpbm-10.25-2.EL4.1.i386.rpm 4c9721788faee4772a53714354ddeeaf netpbm-10.25-2.EL4.1.x86_64.rpm 79ab9dcf0c19661719ef8d19d778aea0 netpbm-devel-10.25-2.EL4.1.x86_64.rpm cddf4e0c5e2bbcac02002376e7830ae8 netpbm-progs-10.25-2.EL4.1.x86_64.rpm 1de2e67ae51b427005999b2ad413c5d6 Red Hat Enterprise Linux WS (v. 2.1) SRPMS: netpbm-9.24-9.AS21.4.src.rpm 811dca197324094d79f4242325b08609 IA-32: netpbm-9.24-9.AS21.4.i386.rpm ac0b56e01dd861b14e4510a793c9ea8e netpbm-devel-9.24-9.AS21.4.i386.rpm b7d87039c032a6dbf6b7831d18e7a103 netpbm-progs-9.24-9.AS21.4.i386.rpm 9befb02310e527a72767c80e21e47eda Red Hat Enterprise Linux WS (v. 3) SRPMS: netpbm-9.24-11.30.2.src.rpm 0cbc57173d4c67641b1cd4c6d554d7d5 IA-32: netpbm-9.24-11.30.2.i386.rpm 54e4b9b1f3148d653642b0207bb95a05 netpbm-devel-9.24-11.30.2.i386.rpm e00bf44ef1264face9d30f1f3ea447f0 netpbm-progs-9.24-11.30.2.i386.rpm 577fbbf1e292e68e33673505db2f27b8 IA-64: netpbm-9.24-11.30.2.i386.rpm 54e4b9b1f3148d653642b0207bb95a05 netpbm-9.24-11.30.2.ia64.rpm 8c62264a5d040d869228ef07c356d511 netpbm-devel-9.24-11.30.2.ia64.rpm 70717ab0600b1f0d9fddb7c3ce55a726 netpbm-progs-9.24-11.30.2.ia64.rpm 0cb39d2f07227be71af3e90ac228ac5d x86_64: netpbm-9.24-11.30.2.i386.rpm 54e4b9b1f3148d653642b0207bb95a05 netpbm-9.24-11.30.2.x86_64.rpm aeeb5e951717021ee5c3e0bcc25106f4 netpbm-devel-9.24-11.30.2.x86_64.rpm 077468df7b231dfc7940c683d8c0d61c netpbm-progs-9.24-11.30.2.x86_64.rpm 895c4f320449d7458705b79262f8566c Red Hat Enterprise Linux WS (v. 4) SRPMS: netpbm-10.25-2.EL4.1.src.rpm 869e0f21cfd0377739445c391731eedd IA-32: netpbm-10.25-2.EL4.1.i386.rpm 4c9721788faee4772a53714354ddeeaf netpbm-devel-10.25-2.EL4.1.i386.rpm 1dbb7efb0c0263385155d384d4391b98 netpbm-progs-10.25-2.EL4.1.i386.rpm 171ac58a455d11573617987a1d1491b5 IA-64: netpbm-10.25-2.EL4.1.i386.rpm 4c9721788faee4772a53714354ddeeaf netpbm-10.25-2.EL4.1.ia64.rpm 880f3a657940bc52db851023867a0352 netpbm-devel-10.25-2.EL4.1.ia64.rpm 71a8155fef4920eb70a810731fc5f692 netpbm-progs-10.25-2.EL4.1.ia64.rpm d37c2f791950d4956a628ecbb8747615 x86_64: netpbm-10.25-2.EL4.1.i386.rpm 4c9721788faee4772a53714354ddeeaf netpbm-10.25-2.EL4.1.x86_64.rpm 79ab9dcf0c19661719ef8d19d778aea0 netpbm-devel-10.25-2.EL4.1.x86_64.rpm cddf4e0c5e2bbcac02002376e7830ae8 netpbm-progs-10.25-2.EL4.1.x86_64.rpm 1de2e67ae51b427005999b2ad413c5d6 Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor SRPMS: netpbm-9.24-9.AS21.4.src.rpm 811dca197324094d79f4242325b08609 IA-64: netpbm-9.24-9.AS21.4.ia64.rpm 8286f19e1a7d5ad225c4ca1515d3bbbf netpbm-devel-9.24-9.AS21.4.ia64.rpm 20d1855ff0ecb091485c02d495433239 netpbm-progs-9.24-9.AS21.4.ia64.rpm 00d36b5c9a0aa343e0cb26ca578490e5 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 165354 - CAN-2005-2471 netpbm should use the -dSAFER option when calling Ghostscript References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2471 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319757 Keywords pstopnm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End RHSA-2005:743-08 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of RedHat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) P-275: Adobe Acrobat and Reader Plug-in Buffer Overflow P-276: Apple Security Update 2005-007 P-277: HP-UX Ignite-UX Remote Unauthorized Access P-278: clamav -- integer overflows P-279: Cisco Clean Access Vulnerability P-280: Security Vulnerability in The "printd" Daemon P-281: Security Vulnerabilities in the Sun StorEdge Enterprise Backup Software P-282: PHP PEAR XML-RPC Server Package Vulnerability P-283: Cisco Intrusion Prevention System Vulnerable to Privilege Escalation P-284: SSL Certificate Validation Vulnerability in IDS Management Software