Ubuntu Security Notice USN-218-1
21st November, 2005
netpbm-free vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.10
- Ubuntu 5.04
- Ubuntu 4.10
Details
Two buffer overflows were discovered in the 'pnmtopng' tool, which
were triggered by processing an image with exactly 256 colors when
using the -alpha option (CVE-2005-3662) or by processing a text file
with very long lines when using the -text option (CVE-2005-3632).
A remote attacker could exploit these to execute arbitrary code by
tricking an user or an automated system into processing a specially
crafted PNM file with pnmtopng.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.10:
- netpbm
- Ubuntu 5.04:
- netpbm
- Ubuntu 4.10:
- netpbm
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None