Issued:
2008-02-28
Updated:
2008-02-28

RHSA-2008:0131 - Security Advisory

Synopsis

Moderate: netpbm security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated netpbm packages that fix a security issue are now available for Red
Hat Enterprise Linux 2.1, 3, and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The netpbm package contains a library of functions for editing and
converting between various graphics file formats, including .pbm (portable
bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable
pixmaps) and others. The package includes no interactive tools and is
primarily used by other programs (eg CGI scripts that manage web-site
images).

An input validation flaw was discovered in the GIF-to-PNM converter
(giftopnm) shipped with the netpbm package. An attacker could create a
carefully crafted GIF file which could cause giftopnm to crash or possibly
execute arbitrary code as the user running giftopnm. (CVE-2008-0554)

All users are advised to upgrade to these updated packages which contain a
backported patch which resolves this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux Server 2 ia64
  • Red Hat Enterprise Linux Server 2 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Workstation 2 ia64
  • Red Hat Enterprise Linux Workstation 2 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.6 ppc

Fixes

  • BZ - 431525 - CVE-2008-0554 netpbm: GIF handling buffer overflow in giftopnm

Red Hat Enterprise Linux Server 4

SRPM
x86_64
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 86946ee2fb2f1c09cb60725d21c2ad5427493d01dc6027af6b9008feffbf8cdb
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 86946ee2fb2f1c09cb60725d21c2ad5427493d01dc6027af6b9008feffbf8cdb
netpbm-10.25-2.EL4.6.el4_6.1.x86_64.rpm SHA-256: fc33bba96b0cdc97a424ef481f0cca8fad9030be6ddbd08f50f84385e62cf47b
netpbm-10.25-2.EL4.6.el4_6.1.x86_64.rpm SHA-256: fc33bba96b0cdc97a424ef481f0cca8fad9030be6ddbd08f50f84385e62cf47b
netpbm-devel-10.25-2.EL4.6.el4_6.1.x86_64.rpm SHA-256: 7eff2ccf26ee86fa66d974805fedc1a4fcb054908702c34d751a7412c966c945
netpbm-devel-10.25-2.EL4.6.el4_6.1.x86_64.rpm SHA-256: 7eff2ccf26ee86fa66d974805fedc1a4fcb054908702c34d751a7412c966c945
netpbm-progs-10.25-2.EL4.6.el4_6.1.x86_64.rpm SHA-256: 0f01f02eaa17d6ce37d740a5084be504dee995b4f59db2d62a24a99612b488a6
netpbm-progs-10.25-2.EL4.6.el4_6.1.x86_64.rpm SHA-256: 0f01f02eaa17d6ce37d740a5084be504dee995b4f59db2d62a24a99612b488a6
ia64
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 86946ee2fb2f1c09cb60725d21c2ad5427493d01dc6027af6b9008feffbf8cdb
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 86946ee2fb2f1c09cb60725d21c2ad5427493d01dc6027af6b9008feffbf8cdb
netpbm-10.25-2.EL4.6.el4_6.1.ia64.rpm SHA-256: 4202f99a825d5cd339e763b2ac8c05566b133031d380851f2215b17b88d07cb0
netpbm-10.25-2.EL4.6.el4_6.1.ia64.rpm SHA-256: 4202f99a825d5cd339e763b2ac8c05566b133031d380851f2215b17b88d07cb0
netpbm-devel-10.25-2.EL4.6.el4_6.1.ia64.rpm SHA-256: 3e048606dc84b6459a40f925e731270d17850c35ba957a7e7eb78003f31545c5
netpbm-devel-10.25-2.EL4.6.el4_6.1.ia64.rpm SHA-256: 3e048606dc84b6459a40f925e731270d17850c35ba957a7e7eb78003f31545c5
netpbm-progs-10.25-2.EL4.6.el4_6.1.ia64.rpm SHA-256: 8b1dc8e1089b14166b7e7690e0bb6458b0cf6e8d4931a5a67b072466f674e1ed
netpbm-progs-10.25-2.EL4.6.el4_6.1.ia64.rpm SHA-256: 8b1dc8e1089b14166b7e7690e0bb6458b0cf6e8d4931a5a67b072466f674e1ed
i386
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 86946ee2fb2f1c09cb60725d21c2ad5427493d01dc6027af6b9008feffbf8cdb
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 86946ee2fb2f1c09cb60725d21c2ad5427493d01dc6027af6b9008feffbf8cdb
netpbm-devel-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: f552306fb71cbea261674f6778d67abe3700b76ac6076770848337d598201a3e
netpbm-devel-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: f552306fb71cbea261674f6778d67abe3700b76ac6076770848337d598201a3e
netpbm-progs-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 7df0221fc0d27b98a09790e0c4cd99213fc1b26e45f47a1a8157094c6733101a
netpbm-progs-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 7df0221fc0d27b98a09790e0c4cd99213fc1b26e45f47a1a8157094c6733101a

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server 2

SRPM
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.6

SRPM
x86_64
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 86946ee2fb2f1c09cb60725d21c2ad5427493d01dc6027af6b9008feffbf8cdb
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 86946ee2fb2f1c09cb60725d21c2ad5427493d01dc6027af6b9008feffbf8cdb
netpbm-10.25-2.EL4.6.el4_6.1.x86_64.rpm SHA-256: fc33bba96b0cdc97a424ef481f0cca8fad9030be6ddbd08f50f84385e62cf47b
netpbm-10.25-2.EL4.6.el4_6.1.x86_64.rpm SHA-256: fc33bba96b0cdc97a424ef481f0cca8fad9030be6ddbd08f50f84385e62cf47b
netpbm-devel-10.25-2.EL4.6.el4_6.1.x86_64.rpm SHA-256: 7eff2ccf26ee86fa66d974805fedc1a4fcb054908702c34d751a7412c966c945
netpbm-devel-10.25-2.EL4.6.el4_6.1.x86_64.rpm SHA-256: 7eff2ccf26ee86fa66d974805fedc1a4fcb054908702c34d751a7412c966c945
netpbm-progs-10.25-2.EL4.6.el4_6.1.x86_64.rpm SHA-256: 0f01f02eaa17d6ce37d740a5084be504dee995b4f59db2d62a24a99612b488a6
netpbm-progs-10.25-2.EL4.6.el4_6.1.x86_64.rpm SHA-256: 0f01f02eaa17d6ce37d740a5084be504dee995b4f59db2d62a24a99612b488a6
ia64
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 86946ee2fb2f1c09cb60725d21c2ad5427493d01dc6027af6b9008feffbf8cdb
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 86946ee2fb2f1c09cb60725d21c2ad5427493d01dc6027af6b9008feffbf8cdb
netpbm-10.25-2.EL4.6.el4_6.1.ia64.rpm SHA-256: 4202f99a825d5cd339e763b2ac8c05566b133031d380851f2215b17b88d07cb0
netpbm-10.25-2.EL4.6.el4_6.1.ia64.rpm SHA-256: 4202f99a825d5cd339e763b2ac8c05566b133031d380851f2215b17b88d07cb0
netpbm-devel-10.25-2.EL4.6.el4_6.1.ia64.rpm SHA-256: 3e048606dc84b6459a40f925e731270d17850c35ba957a7e7eb78003f31545c5
netpbm-devel-10.25-2.EL4.6.el4_6.1.ia64.rpm SHA-256: 3e048606dc84b6459a40f925e731270d17850c35ba957a7e7eb78003f31545c5
netpbm-progs-10.25-2.EL4.6.el4_6.1.ia64.rpm SHA-256: 8b1dc8e1089b14166b7e7690e0bb6458b0cf6e8d4931a5a67b072466f674e1ed
netpbm-progs-10.25-2.EL4.6.el4_6.1.ia64.rpm SHA-256: 8b1dc8e1089b14166b7e7690e0bb6458b0cf6e8d4931a5a67b072466f674e1ed
i386
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 86946ee2fb2f1c09cb60725d21c2ad5427493d01dc6027af6b9008feffbf8cdb
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 86946ee2fb2f1c09cb60725d21c2ad5427493d01dc6027af6b9008feffbf8cdb
netpbm-devel-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: f552306fb71cbea261674f6778d67abe3700b76ac6076770848337d598201a3e
netpbm-devel-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: f552306fb71cbea261674f6778d67abe3700b76ac6076770848337d598201a3e
netpbm-progs-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 7df0221fc0d27b98a09790e0c4cd99213fc1b26e45f47a1a8157094c6733101a
netpbm-progs-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 7df0221fc0d27b98a09790e0c4cd99213fc1b26e45f47a1a8157094c6733101a

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 86946ee2fb2f1c09cb60725d21c2ad5427493d01dc6027af6b9008feffbf8cdb
netpbm-10.25-2.EL4.6.el4_6.1.x86_64.rpm SHA-256: fc33bba96b0cdc97a424ef481f0cca8fad9030be6ddbd08f50f84385e62cf47b
netpbm-devel-10.25-2.EL4.6.el4_6.1.x86_64.rpm SHA-256: 7eff2ccf26ee86fa66d974805fedc1a4fcb054908702c34d751a7412c966c945
netpbm-progs-10.25-2.EL4.6.el4_6.1.x86_64.rpm SHA-256: 0f01f02eaa17d6ce37d740a5084be504dee995b4f59db2d62a24a99612b488a6
ia64
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 86946ee2fb2f1c09cb60725d21c2ad5427493d01dc6027af6b9008feffbf8cdb
netpbm-10.25-2.EL4.6.el4_6.1.ia64.rpm SHA-256: 4202f99a825d5cd339e763b2ac8c05566b133031d380851f2215b17b88d07cb0
netpbm-devel-10.25-2.EL4.6.el4_6.1.ia64.rpm SHA-256: 3e048606dc84b6459a40f925e731270d17850c35ba957a7e7eb78003f31545c5
netpbm-progs-10.25-2.EL4.6.el4_6.1.ia64.rpm SHA-256: 8b1dc8e1089b14166b7e7690e0bb6458b0cf6e8d4931a5a67b072466f674e1ed
i386
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 86946ee2fb2f1c09cb60725d21c2ad5427493d01dc6027af6b9008feffbf8cdb
netpbm-devel-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: f552306fb71cbea261674f6778d67abe3700b76ac6076770848337d598201a3e
netpbm-progs-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 7df0221fc0d27b98a09790e0c4cd99213fc1b26e45f47a1a8157094c6733101a

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 2

SRPM
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 86946ee2fb2f1c09cb60725d21c2ad5427493d01dc6027af6b9008feffbf8cdb
netpbm-10.25-2.EL4.6.el4_6.1.x86_64.rpm SHA-256: fc33bba96b0cdc97a424ef481f0cca8fad9030be6ddbd08f50f84385e62cf47b
netpbm-devel-10.25-2.EL4.6.el4_6.1.x86_64.rpm SHA-256: 7eff2ccf26ee86fa66d974805fedc1a4fcb054908702c34d751a7412c966c945
netpbm-progs-10.25-2.EL4.6.el4_6.1.x86_64.rpm SHA-256: 0f01f02eaa17d6ce37d740a5084be504dee995b4f59db2d62a24a99612b488a6
i386
netpbm-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 86946ee2fb2f1c09cb60725d21c2ad5427493d01dc6027af6b9008feffbf8cdb
netpbm-devel-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: f552306fb71cbea261674f6778d67abe3700b76ac6076770848337d598201a3e
netpbm-progs-10.25-2.EL4.6.el4_6.1.i386.rpm SHA-256: 7df0221fc0d27b98a09790e0c4cd99213fc1b26e45f47a1a8157094c6733101a

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
netpbm-10.25-2.EL4.6.el4_6.1.s390.rpm SHA-256: 3355a20951df6381d89a992a1890e33256a1f00e161ebaf387ca2d51a456173a
netpbm-10.25-2.EL4.6.el4_6.1.s390x.rpm SHA-256: bf5dbd898d50f62414110111fcf2471ab24528a578443cab333e8c63b3017b81
netpbm-devel-10.25-2.EL4.6.el4_6.1.s390x.rpm SHA-256: 59c0510ad38bd1c06b0ad301d25df449f7a1a3bcebb4bc9db072eb3388fb4b67
netpbm-progs-10.25-2.EL4.6.el4_6.1.s390x.rpm SHA-256: d741e82185ca0e12e96b124327c323c910f35f4a7695e9e2acfd8e49cbe784ec
s390
netpbm-10.25-2.EL4.6.el4_6.1.s390.rpm SHA-256: 3355a20951df6381d89a992a1890e33256a1f00e161ebaf387ca2d51a456173a
netpbm-devel-10.25-2.EL4.6.el4_6.1.s390.rpm SHA-256: 603f627f7dc26251f2a42bbd0e4571924702e96934d6715c914f94cfd7428e08
netpbm-progs-10.25-2.EL4.6.el4_6.1.s390.rpm SHA-256: 7bf72011926e478ec75cf543e362c69cf6909aea78922c1185b655f258ca36e1

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6

SRPM
s390x
netpbm-10.25-2.EL4.6.el4_6.1.s390.rpm SHA-256: 3355a20951df6381d89a992a1890e33256a1f00e161ebaf387ca2d51a456173a
netpbm-10.25-2.EL4.6.el4_6.1.s390x.rpm SHA-256: bf5dbd898d50f62414110111fcf2471ab24528a578443cab333e8c63b3017b81
netpbm-devel-10.25-2.EL4.6.el4_6.1.s390x.rpm SHA-256: 59c0510ad38bd1c06b0ad301d25df449f7a1a3bcebb4bc9db072eb3388fb4b67
netpbm-progs-10.25-2.EL4.6.el4_6.1.s390x.rpm SHA-256: d741e82185ca0e12e96b124327c323c910f35f4a7695e9e2acfd8e49cbe784ec
s390
netpbm-10.25-2.EL4.6.el4_6.1.s390.rpm SHA-256: 3355a20951df6381d89a992a1890e33256a1f00e161ebaf387ca2d51a456173a
netpbm-devel-10.25-2.EL4.6.el4_6.1.s390.rpm SHA-256: 603f627f7dc26251f2a42bbd0e4571924702e96934d6715c914f94cfd7428e08
netpbm-progs-10.25-2.EL4.6.el4_6.1.s390.rpm SHA-256: 7bf72011926e478ec75cf543e362c69cf6909aea78922c1185b655f258ca36e1

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
netpbm-10.25-2.EL4.6.el4_6.1.ppc.rpm SHA-256: 0d29b61bcbef6b193608940cee65d43337a5f09d25c32c598170bd6af5da235b
netpbm-10.25-2.EL4.6.el4_6.1.ppc64.rpm SHA-256: fae94362c039e17f946a7907dd53a6dbca641cf1330606292a108da0ad9b9f8f
netpbm-devel-10.25-2.EL4.6.el4_6.1.ppc.rpm SHA-256: ecfedaa70475a04a120ee61e028d21f457ec785da619da03052a2e4ef2393a30
netpbm-progs-10.25-2.EL4.6.el4_6.1.ppc.rpm SHA-256: 9988d59f24a1a2cd401698e1b37951b410f888de5bac68a12cc5894dde8a20b6

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.6

SRPM
ppc
netpbm-10.25-2.EL4.6.el4_6.1.ppc.rpm SHA-256: 0d29b61bcbef6b193608940cee65d43337a5f09d25c32c598170bd6af5da235b
netpbm-10.25-2.EL4.6.el4_6.1.ppc64.rpm SHA-256: fae94362c039e17f946a7907dd53a6dbca641cf1330606292a108da0ad9b9f8f
netpbm-devel-10.25-2.EL4.6.el4_6.1.ppc.rpm SHA-256: ecfedaa70475a04a120ee61e028d21f457ec785da619da03052a2e4ef2393a30
netpbm-progs-10.25-2.EL4.6.el4_6.1.ppc.rpm SHA-256: 9988d59f24a1a2cd401698e1b37951b410f888de5bac68a12cc5894dde8a20b6

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.