Notified: January 19, 2004 Updated: January 23, 2004
Affected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Debian Security Advisory DSA 426-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
January 18th, 2004 http://www.debian.org/security/faq Package : netpbm-free
Vulnerability : insecure temporary files
Problem-Type : local
Debian-specific: no
CVE Ids : CAN-2003-0924 netpbm is graphics conversion toolkit made up of a large number of
single-purpose programs. Many of these programs were found to create
temporary files in an insecure manner, which could allow a local
attacker to overwrite files with the privileges of the user invoking a
vulnerable netpbm tool. For the current stable distribution (woody) these problems have been
fixed in version 2:9.20-8.4. For the unstable distribution (sid) these problems have been fixed in
version 2:9.25-9. We recommend that you update your netpbm-free package. Upgrade Instructions wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file. If you are using the apt-get package manager, use the line for
sources.list as given below: apt-get update
will update the internal database
apt-get upgrade
will install corrected packages You may use an automated update by adding the resources from the
footer to the proper configuration. Debian GNU/Linux 3.0 alias woody Source archives: http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.4.dsc
Size/MD5 checksum: 662 2074eb1d13fa871111ec06f18ff57725
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.4.diff.gz
Size/MD5 checksum: 52834 0b7fbdc2e47c9a2a2e8da7eb54b98bb6
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20.orig.tar.gz
Size/MD5 checksum: 1882851 0f153116c21bc7d2e167e574a486c22f Alpha architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_alpha.deb
Size/MD5 checksum: 77762 1b6724adf13a90cf981122831e20165c
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_alpha.deb
Size/MD5 checksum: 135466 ed7e2fb447336275d65c0e984553ac9e
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_alpha.deb
Size/MD5 checksum: 1413784 feca605bc7f99fe0b7eb1fe5ae6e4e10 ARM architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_arm.deb
Size/MD5 checksum: 64148 b8151d91f4b6461d61aff5ca93186356
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_arm.deb
Size/MD5 checksum: 125526 5ad7c026d001b8033f7249fb59574f5e
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_arm.deb
Size/MD5 checksum: 1127644 e014fc4f87defe6d845288dc19a7f9dc Intel IA-32 architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_i386.deb
Size/MD5 checksum: 62450 6f7e06e132e08cabfd629d0cb89c7d98
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_i386.deb
Size/MD5 checksum: 103436 2c5d4e71e3de9bc55303d81a842c97f6
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_i386.deb
Size/MD5 checksum: 1079210 794d6f39a9f8cb427f1ca2569f1b10ec Intel IA-64 architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_ia64.deb
Size/MD5 checksum: 96534 8b8a73f914ec44486e23139547bc5c87
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_ia64.deb
Size/MD5 checksum: 170446 39927dc25960cb6db29a1ebe7d09436a
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_ia64.deb
Size/MD5 checksum: 1608638 6585784653a932078ba3354844e13fa7 HP Precision architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.3_hppa.deb
Size/MD5 checksum: 83914 666e951ffedd72f5d2a4e6abe379f94d
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.3_hppa.deb
Size/MD5 checksum: 122954 bc35c5b3ca865b04c94b805ef3947b75
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.3_hppa.deb
Size/MD5 checksum: 1337394 248f5113d06737cb2d35c889fb26a95a Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_m68k.deb
Size/MD5 checksum: 62048 60f5dfaf168d9a8ed74194ffa3a4e299
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_m68k.deb
Size/MD5 checksum: 102256 909a64f8620188f4bb17fb84613f3f60
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_m68k.deb
Size/MD5 checksum: 1016512 5caf53f54597bf2944ed798a4fe6c299 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_mips.deb
Size/MD5 checksum: 66904 342b1aa43a2a9a5737d86d44a64a6025
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_mips.deb
Size/MD5 checksum: 123508 fbfa242ebee248d72f5f95874836fde4
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_mips.deb
Size/MD5 checksum: 1181146 4fdf19eedaf2e2dd070bd20524a68005 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.3_mipsel.deb
Size/MD5 checksum: 66740 b7552fba3606a3f58ebb452abf7f0fea
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.3_mipsel.deb
Size/MD5 checksum: 123598 438cdf503b994fd3540f127ac1d31293
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.3_mipsel.deb
Size/MD5 checksum: 1179992 e064c0325d910621134cc151c6f0b420 PowerPC architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_powerpc.deb
Size/MD5 checksum: 68940 aad85d5f1b3d9e959ceb11ce78d9a3b7
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_powerpc.deb
Size/MD5 checksum: 117868 f90c3780160363d358b072e458ec419e
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_powerpc.deb
Size/MD5 checksum: 1153728 37e3b1719ed32004377410bfc49a82c5 IBM S/390 architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_s390.deb
Size/MD5 checksum: 66696 6d600c371a05c4689b7f45d3800d70dc
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_s390.deb
Size/MD5 checksum: 116054 86fdf11619f0411cc4eac144d51556ce
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_s390.deb
Size/MD5 checksum: 1130276 b4d038d29e5c674d034bda4f989d976f Sun Sparc architecture: http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_sparc.deb
Size/MD5 checksum: 65304 7a162f5688e187d6dd8f179a1a1bf7aa
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_sparc.deb
Size/MD5 checksum: 118610 148bb94f30313a348ba2c7570734d4e3
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_sparc.deb
Size/MD5 checksum: 1435468 69ab0007d50cf12a59de32d29e5e5f8b These files will probably be moved into the stable distribution on
its next revision. For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: January 19, 2004 Updated: January 23, 2004
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.