News

=========================================================== Ubuntu Security Notice USN-218-1 November 21, 2005 netpbm-free vulnerabilities CVE-2005-3632, CVE-2005-3662 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: netpbm The problem can be corrected by upgrading the affected package to version 2:10.0-5ubuntu0.3 (for Ubuntu 4.10), 2:10.0-8ubuntu0.3 (for Ubuntu 5.04), or 2:10.0-8ubuntu1.2 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Two buffer overflows were discovered in the 'pnmtopng' tool, which were triggered by processing an image with exactly 256 colors when using the -alpha option (CVE-2005-3662) or by processing a text file with very long lines when using the -text option (CVE-2005-3632). A remote attacker could exploit these to execute arbitrary code by tricking an user or an automated system into processing a specially crafted PNM file with pnmtopng.