1.152.  netpbm

1.152.1.  RHSA-2009:0012: Moderate security update

Important

This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:0012
Updated netpbm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
The netpbm package contains a library of functions for editing and converting between various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps), and others.
An input validation flaw and multiple integer overflows were discovered in the JasPer library providing support for JPEG-2000 image format and used in the jpeg2ktopam and pamtojpeg2k converters. An attacker could create a carefully-crafted JPEG file which could cause jpeg2ktopam to crash or, possibly, execute arbitrary code as the user running jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520)
All users are advised to upgrade to these updated packages which contain backported patches which resolve these issues.

1.152.2.  RHBA-2009:1268: bug fix update

Updated netpbm packages that resolve several issues and provide enhancements are now available.
The netpbm package contains a library of functions which support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others.
These updated netpbm packages upgrade netpbm to version 10.35.58, which provides many bug fixes and enhancements over the previous version. Notably, a few new utilities are included in this upgraded version, including: jbigtopnm, pcdovtoppm and pnmtojbig.
In addition, the following bugs have been fixed in this netpbm update:
  • several utilities shipped with netpbm may have crashed while processing image files. With this update, this issue has been resolved.
  • several utilities shipped with netpbm did not accept files from standard input even though this method was in accordance with the documentation. With this update, this issue has been resolved.
  • the documentation of a number of utilities provided by netpbm did not agree with the actual usage, described parameters which are not present, and contained various typos and errors. The documentation of the netpbm utilities is much improved with this update, and the specific problems listed have been corrected.
All users of netpbm are advised to upgrade to these updated packages, which resolve these issues.