Issued:
2011-12-12
Updated:
2011-12-12

RHSA-2011:1811 - Security Advisory

Synopsis

Important: netpbm security update

Type/Severity

Security Advisory: Important

Topic

Updated netpbm packages that fix three security issues are now available
for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Description

The netpbm packages contain a library of functions which support programs
for handling various graphics file formats, including .pbm (Portable Bit
Map), .pgm (Portable Gray Map), .pnm (Portable Any Map), .ppm (Portable
Pixel Map), and others.

Two heap-based buffer overflow flaws were found in the embedded JasPer
library, which is used to provide support for Part 1 of the JPEG 2000 image
compression standard in the jpeg2ktopam and pamtojpeg2k tools. An attacker
could create a malicious JPEG 2000 compressed image file that could cause
jpeg2ktopam to crash or, potentially, execute arbitrary code with the
privileges of the user running jpeg2ktopam. These flaws do not affect
pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517)

A stack-based buffer overflow flaw was found in the way the xpmtoppm tool
processed X PixMap (XPM) image files. An attacker could create a malicious
XPM file that would cause xpmtoppm to crash or, potentially, execute
arbitrary code with the privileges of the user running xpmtoppm.
(CVE-2009-4274)

Red Hat would like to thank Jonathan Foote of the CERT Coordination Center
for reporting the CVE-2011-4516 and CVE-2011-4517 issues.

All users of netpbm are advised to upgrade to these updated packages,
which contain backported patches to correct these issues.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 546580 - CVE-2009-4274 netpbm: Stack-based buffer overflow by processing X PixMap image header fields
  • BZ - 747726 - CVE-2011-4516 CVE-2011-4517 jasper: heap buffer overflow flaws lead to arbitrary code execution (CERT VU#887409)

CVEs

References

Red Hat Enterprise Linux Server 5

SRPM
netpbm-10.35.58-8.el5_7.3.src.rpm SHA-256: 5dd98cf6e7e6e8a81af2d4fd70334fb1ffa4804426f4c9eba050409d8c4c8f72
x86_64
netpbm-10.35.58-8.el5_7.3.i386.rpm SHA-256: 131f2425522c2532c126e236dba4fea2ff8f16e29d3dfae8f719a3c1945f28d0
netpbm-10.35.58-8.el5_7.3.x86_64.rpm SHA-256: 35f3a2b931ba52f2f0e1c47d57aef62a1209c7c83e87500e999b4b3e6944905f
netpbm-devel-10.35.58-8.el5_7.3.i386.rpm SHA-256: 852afc9b4c16e85748568d9b093a7f050193f6953b9d581052acd8ca53f5f843
netpbm-devel-10.35.58-8.el5_7.3.x86_64.rpm SHA-256: ba664c9d0df00eea32d1ba3bd4b93a80b01d8c8742072451200e9d5bcd37e43a
netpbm-progs-10.35.58-8.el5_7.3.x86_64.rpm SHA-256: 5e4b18001238a674935a5abcc50d4893f98d20c7a87115508c8b050ea8a2b2d3
ia64
netpbm-10.35.58-8.el5_7.3.ia64.rpm SHA-256: 6719cc3bdb6d1fa667715ec17d4390f4f2f09073361a7da76940832e40f140e4
netpbm-devel-10.35.58-8.el5_7.3.ia64.rpm SHA-256: 2b8b9b8b6483dcd0cc386f86656b993084d55581f0e59a2b5aa1cf2a37bb4a4f
netpbm-progs-10.35.58-8.el5_7.3.ia64.rpm SHA-256: 108f947329726570ed64a759b1b427575f2017658db22fd06ebdced963e9b435
i386
netpbm-10.35.58-8.el5_7.3.i386.rpm SHA-256: 131f2425522c2532c126e236dba4fea2ff8f16e29d3dfae8f719a3c1945f28d0
netpbm-devel-10.35.58-8.el5_7.3.i386.rpm SHA-256: 852afc9b4c16e85748568d9b093a7f050193f6953b9d581052acd8ca53f5f843
netpbm-progs-10.35.58-8.el5_7.3.i386.rpm SHA-256: d1b293191ad5851766afef5d5f658a0d5902378fe4d65aca57ac10ab52d5d85b

Red Hat Enterprise Linux Server 4

SRPM
netpbm-10.35.58-8.el4.src.rpm SHA-256: 52b2c1f189d10b4b50b2f0d01d615f222bc3c60e7bf63ad3a5b4e722f799033a
x86_64
netpbm-10.35.58-8.el4.i386.rpm SHA-256: 9565f6c7caa803a7ddf863672c0e865f1988dd5c6bbf5e9af0548a499e6ffc02
netpbm-10.35.58-8.el4.i386.rpm SHA-256: 9565f6c7caa803a7ddf863672c0e865f1988dd5c6bbf5e9af0548a499e6ffc02
netpbm-10.35.58-8.el4.x86_64.rpm SHA-256: 009c6da6a4621edd63b6c2b2324b0a1b7cc062c3fa7ea0122d7cefcbe8939bb0
netpbm-10.35.58-8.el4.x86_64.rpm SHA-256: 009c6da6a4621edd63b6c2b2324b0a1b7cc062c3fa7ea0122d7cefcbe8939bb0
netpbm-devel-10.35.58-8.el4.x86_64.rpm SHA-256: bdef434977f1ec9128d58a404697b446ef783150ac6bb39769779a4d8a990b45
netpbm-devel-10.35.58-8.el4.x86_64.rpm SHA-256: bdef434977f1ec9128d58a404697b446ef783150ac6bb39769779a4d8a990b45
netpbm-progs-10.35.58-8.el4.x86_64.rpm SHA-256: 29c6d80ff2653e7a7477b4772bfb7bdfbc1cd1c4a719f6c6bafd37a4a4c6d401
netpbm-progs-10.35.58-8.el4.x86_64.rpm SHA-256: 29c6d80ff2653e7a7477b4772bfb7bdfbc1cd1c4a719f6c6bafd37a4a4c6d401
ia64
netpbm-10.35.58-8.el4.i386.rpm SHA-256: 9565f6c7caa803a7ddf863672c0e865f1988dd5c6bbf5e9af0548a499e6ffc02
netpbm-10.35.58-8.el4.i386.rpm SHA-256: 9565f6c7caa803a7ddf863672c0e865f1988dd5c6bbf5e9af0548a499e6ffc02
netpbm-10.35.58-8.el4.ia64.rpm SHA-256: 996652664b83289cf5bdc8641830dfb48ca2640d22abec0b73ad670bbe81f18b
netpbm-10.35.58-8.el4.ia64.rpm SHA-256: 996652664b83289cf5bdc8641830dfb48ca2640d22abec0b73ad670bbe81f18b
netpbm-devel-10.35.58-8.el4.ia64.rpm SHA-256: 324f4538502f6bb9fcaed631627db70fef3e808cbe4f713091edbb373346f63b
netpbm-devel-10.35.58-8.el4.ia64.rpm SHA-256: 324f4538502f6bb9fcaed631627db70fef3e808cbe4f713091edbb373346f63b
netpbm-progs-10.35.58-8.el4.ia64.rpm SHA-256: 2b973188175cf8d03a932969bf271afdef086141fa3857acdb8f1f5d3a14e996
netpbm-progs-10.35.58-8.el4.ia64.rpm SHA-256: 2b973188175cf8d03a932969bf271afdef086141fa3857acdb8f1f5d3a14e996
i386
netpbm-10.35.58-8.el4.i386.rpm SHA-256: 9565f6c7caa803a7ddf863672c0e865f1988dd5c6bbf5e9af0548a499e6ffc02
netpbm-10.35.58-8.el4.i386.rpm SHA-256: 9565f6c7caa803a7ddf863672c0e865f1988dd5c6bbf5e9af0548a499e6ffc02
netpbm-devel-10.35.58-8.el4.i386.rpm SHA-256: af3c3d122dd0d2ed474aa98d63f754384e17f340d3dd4d65ce5209011718bcdc
netpbm-devel-10.35.58-8.el4.i386.rpm SHA-256: af3c3d122dd0d2ed474aa98d63f754384e17f340d3dd4d65ce5209011718bcdc
netpbm-progs-10.35.58-8.el4.i386.rpm SHA-256: 78bb8b63e9dcf7e8eefeb6203898c7c4d77a3d850870d3c272ed4af775fb1bea
netpbm-progs-10.35.58-8.el4.i386.rpm SHA-256: 78bb8b63e9dcf7e8eefeb6203898c7c4d77a3d850870d3c272ed4af775fb1bea

Red Hat Enterprise Linux Workstation 5

SRPM
netpbm-10.35.58-8.el5_7.3.src.rpm SHA-256: 5dd98cf6e7e6e8a81af2d4fd70334fb1ffa4804426f4c9eba050409d8c4c8f72
x86_64
netpbm-10.35.58-8.el5_7.3.i386.rpm SHA-256: 131f2425522c2532c126e236dba4fea2ff8f16e29d3dfae8f719a3c1945f28d0
netpbm-10.35.58-8.el5_7.3.x86_64.rpm SHA-256: 35f3a2b931ba52f2f0e1c47d57aef62a1209c7c83e87500e999b4b3e6944905f
netpbm-devel-10.35.58-8.el5_7.3.i386.rpm SHA-256: 852afc9b4c16e85748568d9b093a7f050193f6953b9d581052acd8ca53f5f843
netpbm-devel-10.35.58-8.el5_7.3.x86_64.rpm SHA-256: ba664c9d0df00eea32d1ba3bd4b93a80b01d8c8742072451200e9d5bcd37e43a
netpbm-progs-10.35.58-8.el5_7.3.x86_64.rpm SHA-256: 5e4b18001238a674935a5abcc50d4893f98d20c7a87115508c8b050ea8a2b2d3
i386
netpbm-10.35.58-8.el5_7.3.i386.rpm SHA-256: 131f2425522c2532c126e236dba4fea2ff8f16e29d3dfae8f719a3c1945f28d0
netpbm-devel-10.35.58-8.el5_7.3.i386.rpm SHA-256: 852afc9b4c16e85748568d9b093a7f050193f6953b9d581052acd8ca53f5f843
netpbm-progs-10.35.58-8.el5_7.3.i386.rpm SHA-256: d1b293191ad5851766afef5d5f658a0d5902378fe4d65aca57ac10ab52d5d85b

Red Hat Enterprise Linux Workstation 4

SRPM
netpbm-10.35.58-8.el4.src.rpm SHA-256: 52b2c1f189d10b4b50b2f0d01d615f222bc3c60e7bf63ad3a5b4e722f799033a
x86_64
netpbm-10.35.58-8.el4.i386.rpm SHA-256: 9565f6c7caa803a7ddf863672c0e865f1988dd5c6bbf5e9af0548a499e6ffc02
netpbm-10.35.58-8.el4.x86_64.rpm SHA-256: 009c6da6a4621edd63b6c2b2324b0a1b7cc062c3fa7ea0122d7cefcbe8939bb0
netpbm-devel-10.35.58-8.el4.x86_64.rpm SHA-256: bdef434977f1ec9128d58a404697b446ef783150ac6bb39769779a4d8a990b45
netpbm-progs-10.35.58-8.el4.x86_64.rpm SHA-256: 29c6d80ff2653e7a7477b4772bfb7bdfbc1cd1c4a719f6c6bafd37a4a4c6d401
ia64
netpbm-10.35.58-8.el4.i386.rpm SHA-256: 9565f6c7caa803a7ddf863672c0e865f1988dd5c6bbf5e9af0548a499e6ffc02
netpbm-10.35.58-8.el4.ia64.rpm SHA-256: 996652664b83289cf5bdc8641830dfb48ca2640d22abec0b73ad670bbe81f18b
netpbm-devel-10.35.58-8.el4.ia64.rpm SHA-256: 324f4538502f6bb9fcaed631627db70fef3e808cbe4f713091edbb373346f63b
netpbm-progs-10.35.58-8.el4.ia64.rpm SHA-256: 2b973188175cf8d03a932969bf271afdef086141fa3857acdb8f1f5d3a14e996
i386
netpbm-10.35.58-8.el4.i386.rpm SHA-256: 9565f6c7caa803a7ddf863672c0e865f1988dd5c6bbf5e9af0548a499e6ffc02
netpbm-devel-10.35.58-8.el4.i386.rpm SHA-256: af3c3d122dd0d2ed474aa98d63f754384e17f340d3dd4d65ce5209011718bcdc
netpbm-progs-10.35.58-8.el4.i386.rpm SHA-256: 78bb8b63e9dcf7e8eefeb6203898c7c4d77a3d850870d3c272ed4af775fb1bea

Red Hat Enterprise Linux Desktop 5

SRPM
netpbm-10.35.58-8.el5_7.3.src.rpm SHA-256: 5dd98cf6e7e6e8a81af2d4fd70334fb1ffa4804426f4c9eba050409d8c4c8f72
x86_64
netpbm-10.35.58-8.el5_7.3.i386.rpm SHA-256: 131f2425522c2532c126e236dba4fea2ff8f16e29d3dfae8f719a3c1945f28d0
netpbm-10.35.58-8.el5_7.3.x86_64.rpm SHA-256: 35f3a2b931ba52f2f0e1c47d57aef62a1209c7c83e87500e999b4b3e6944905f
netpbm-progs-10.35.58-8.el5_7.3.x86_64.rpm SHA-256: 5e4b18001238a674935a5abcc50d4893f98d20c7a87115508c8b050ea8a2b2d3
i386
netpbm-10.35.58-8.el5_7.3.i386.rpm SHA-256: 131f2425522c2532c126e236dba4fea2ff8f16e29d3dfae8f719a3c1945f28d0
netpbm-progs-10.35.58-8.el5_7.3.i386.rpm SHA-256: d1b293191ad5851766afef5d5f658a0d5902378fe4d65aca57ac10ab52d5d85b

Red Hat Enterprise Linux Desktop 4

SRPM
netpbm-10.35.58-8.el4.src.rpm SHA-256: 52b2c1f189d10b4b50b2f0d01d615f222bc3c60e7bf63ad3a5b4e722f799033a
x86_64
netpbm-10.35.58-8.el4.i386.rpm SHA-256: 9565f6c7caa803a7ddf863672c0e865f1988dd5c6bbf5e9af0548a499e6ffc02
netpbm-10.35.58-8.el4.x86_64.rpm SHA-256: 009c6da6a4621edd63b6c2b2324b0a1b7cc062c3fa7ea0122d7cefcbe8939bb0
netpbm-devel-10.35.58-8.el4.x86_64.rpm SHA-256: bdef434977f1ec9128d58a404697b446ef783150ac6bb39769779a4d8a990b45
netpbm-progs-10.35.58-8.el4.x86_64.rpm SHA-256: 29c6d80ff2653e7a7477b4772bfb7bdfbc1cd1c4a719f6c6bafd37a4a4c6d401
i386
netpbm-10.35.58-8.el4.i386.rpm SHA-256: 9565f6c7caa803a7ddf863672c0e865f1988dd5c6bbf5e9af0548a499e6ffc02
netpbm-devel-10.35.58-8.el4.i386.rpm SHA-256: af3c3d122dd0d2ed474aa98d63f754384e17f340d3dd4d65ce5209011718bcdc
netpbm-progs-10.35.58-8.el4.i386.rpm SHA-256: 78bb8b63e9dcf7e8eefeb6203898c7c4d77a3d850870d3c272ed4af775fb1bea

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
netpbm-10.35.58-8.el5_7.3.src.rpm SHA-256: 5dd98cf6e7e6e8a81af2d4fd70334fb1ffa4804426f4c9eba050409d8c4c8f72
s390x
netpbm-10.35.58-8.el5_7.3.s390.rpm SHA-256: ebb903ca3edc0a3308c9face97bab36cfdd475ee69207901e67e1cd036593da3
netpbm-10.35.58-8.el5_7.3.s390x.rpm SHA-256: 0de0361abdeffe7a37cb7a6a918584f0436f6895a8228ec3065799d6ff7b156a
netpbm-devel-10.35.58-8.el5_7.3.s390.rpm SHA-256: 673bfb4f6f71c77dc362ebf8eaa47a809276eb7ea73829b65f424e0716d1b3de
netpbm-devel-10.35.58-8.el5_7.3.s390x.rpm SHA-256: 065826392d0caafc76e2713e39385d7b7567d1245d2f62530b96df3c5d20e638
netpbm-progs-10.35.58-8.el5_7.3.s390x.rpm SHA-256: f4dabbf33cb7d9952b4670378ba15c8227a3d3f139a7fd787824b1a39a4ea712

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
netpbm-10.35.58-8.el4.src.rpm SHA-256: 52b2c1f189d10b4b50b2f0d01d615f222bc3c60e7bf63ad3a5b4e722f799033a
s390x
netpbm-10.35.58-8.el4.s390.rpm SHA-256: 276b8298d6afe55e2fd1bf75d2f489d3bd59d11e27276f905e8acb11c468a920
netpbm-10.35.58-8.el4.s390x.rpm SHA-256: 4e26425947b74ee6e070779ee0a523e19c1a0682107ab7eab777d7cbb62ed3a8
netpbm-devel-10.35.58-8.el4.s390x.rpm SHA-256: c2038032c7078168c9323c567c41a76423a1c72865964ef17fbac9d91204ae96
netpbm-progs-10.35.58-8.el4.s390x.rpm SHA-256: a31d5deef5464ddcea8342da9ac01211f7ac705b9e418ef8e6871c0b43969b1b
s390
netpbm-10.35.58-8.el4.s390.rpm SHA-256: 276b8298d6afe55e2fd1bf75d2f489d3bd59d11e27276f905e8acb11c468a920
netpbm-devel-10.35.58-8.el4.s390.rpm SHA-256: 3f1cf558e0bc9081f777bc8763a8529e56538f734d0efeee1f0280f39c0d8c56
netpbm-progs-10.35.58-8.el4.s390.rpm SHA-256: f7a43c58237abc972c36a4b1d97af7fde0c62eb813469887d2b48a14c65f0bcd

Red Hat Enterprise Linux for Power, big endian 5

SRPM
netpbm-10.35.58-8.el5_7.3.src.rpm SHA-256: 5dd98cf6e7e6e8a81af2d4fd70334fb1ffa4804426f4c9eba050409d8c4c8f72
ppc
netpbm-10.35.58-8.el5_7.3.ppc.rpm SHA-256: 36d276256686694a98cfebac9889c022374f7526b4679739b3942588762266bb
netpbm-10.35.58-8.el5_7.3.ppc64.rpm SHA-256: 1873c6028be35a216380b815d99e7426882c5be494096019dcdc7daaa609245b
netpbm-devel-10.35.58-8.el5_7.3.ppc.rpm SHA-256: 97bbb252b7691e5c516f099c3e855b855815d94bd3cfb72b8e3edf2e1c149d50
netpbm-devel-10.35.58-8.el5_7.3.ppc64.rpm SHA-256: bf2785d76d4de576ce9f3dd085ab2da033791bb4a1eb0580386690f836416288
netpbm-progs-10.35.58-8.el5_7.3.ppc.rpm SHA-256: 175f69e0673a871b96988cae839c7825936449c6449f1550bad59c24cd6803c6

Red Hat Enterprise Linux for Power, big endian 4

SRPM
netpbm-10.35.58-8.el4.src.rpm SHA-256: 52b2c1f189d10b4b50b2f0d01d615f222bc3c60e7bf63ad3a5b4e722f799033a
ppc
netpbm-10.35.58-8.el4.ppc.rpm SHA-256: ac9473c1e976efad41dacdbab94bd192b5436f3062c7839001c57567c436090f
netpbm-10.35.58-8.el4.ppc64.rpm SHA-256: ba16fb41b7531e387653cce767a7f0e5f4b4ef7c973a250f089dadbe394533ac
netpbm-devel-10.35.58-8.el4.ppc.rpm SHA-256: fc76a318ebbb5a1aabcb38c8c2bf3477a0331e78c44d63d499cbabf38a8ba50b
netpbm-progs-10.35.58-8.el4.ppc.rpm SHA-256: e3acea6f08e8fe0269737d1fb8bb832dd718d42d2c9b9237345fcb3137ef9994

Red Hat Enterprise Linux Server from RHUI 5

SRPM
netpbm-10.35.58-8.el5_7.3.src.rpm SHA-256: 5dd98cf6e7e6e8a81af2d4fd70334fb1ffa4804426f4c9eba050409d8c4c8f72
x86_64
netpbm-10.35.58-8.el5_7.3.i386.rpm SHA-256: 131f2425522c2532c126e236dba4fea2ff8f16e29d3dfae8f719a3c1945f28d0
netpbm-10.35.58-8.el5_7.3.x86_64.rpm SHA-256: 35f3a2b931ba52f2f0e1c47d57aef62a1209c7c83e87500e999b4b3e6944905f
netpbm-devel-10.35.58-8.el5_7.3.i386.rpm SHA-256: 852afc9b4c16e85748568d9b093a7f050193f6953b9d581052acd8ca53f5f843
netpbm-devel-10.35.58-8.el5_7.3.x86_64.rpm SHA-256: ba664c9d0df00eea32d1ba3bd4b93a80b01d8c8742072451200e9d5bcd37e43a
netpbm-progs-10.35.58-8.el5_7.3.x86_64.rpm SHA-256: 5e4b18001238a674935a5abcc50d4893f98d20c7a87115508c8b050ea8a2b2d3
i386
netpbm-10.35.58-8.el5_7.3.i386.rpm SHA-256: 131f2425522c2532c126e236dba4fea2ff8f16e29d3dfae8f719a3c1945f28d0
netpbm-devel-10.35.58-8.el5_7.3.i386.rpm SHA-256: 852afc9b4c16e85748568d9b093a7f050193f6953b9d581052acd8ca53f5f843
netpbm-progs-10.35.58-8.el5_7.3.i386.rpm SHA-256: d1b293191ad5851766afef5d5f658a0d5902378fe4d65aca57ac10ab52d5d85b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.