Ubuntu Security Notice USN-934-1
29th April, 2010
netpbm-free vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 9.10
- Ubuntu 9.04
- Ubuntu 8.04 LTS
Software description
- netpbm-free
Details
Marc Schoenefeld discovered a buffer overflow in Netpbm when loading
certain images. If a user or automated system were tricked into opening a
specially crafted XPM image, a remote attacker could crash Netpbm. The
default compiler options for affected releases should reduce the
vulnerability to a denial of service.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 9.10:
- netpbm 2:10.0-12ubuntu1.1
- Ubuntu 9.04:
- netpbm 2:10.0-12ubuntu0.9.04.1
- Ubuntu 8.04 LTS:
- netpbm 2:10.0-11.1ubuntu0.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.