USN-665-1: Netpbm vulnerability

11-06-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-665-1: Netpbm vulnerability

Referenced CVEs:
CVE-2008-0554

Description:
===========================================================Ubuntu Security Notice USN-665-1 November 06, 2008netpbm-free vulnerabilityCVE-2008-0554===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: netpbm 2:10.0-10ubuntu1.1Ubuntu 7.10: netpbm 2:10.0-11ubuntu0.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that Netpbm could be made to overrun a buffer when loadingcertain images. If a user were tricked into opening a specially craftedGIF image, remote attackers could cause a denial of service or executearbitrary code with user privileges.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

Netpbm subroutine library: pm_make_tmpfile_fd() function(3) Library Functions Manual Netpbm subroutine library: pm_make_tmpfile_fd() function(3) NAME
pm_make_tmpfile_fd() - create a temporary named file SYNOPSIS
#include <netpbm/pm.h> pm_make_tmpfile(int * fdP, const char ** filenameP); EXAMPLE
This simple example creates a temporary file, writes 'hello world' to it, then writes some search patterns to it, then uses it as input to grep: #include <netpbm/pm.h> int fd; const char * myfilename; pm_make_tmpfile_fd(&fdP, &myfilename); write(fd, '^account:\s.* ', 16); fprintf(fd, '^name:\s.* ', 13); close(fd); asprintfN(&grepCommand, 'grep --file='%s' /tmp/infile >/tmp/outfile'); system(grepCommand); strfree(grepCommand); unlink(myfilename); strfree(myfilename); DESCRIPTION
This library function is part of Netpbm(1) pm_make_tmpfile_fd() is analogous to pm_make_tmpfile()(1) difference is that it opens the file as a low level file, as open() would, rather than as a stream, as fopen() would. If you don't need to access the file by name, use pm_tmpfile_fd() instead, because it's cleaner. With pm_tmpfile_fd(), the operating sys- tem always deletes the temporary file when your program exits, if the program failed to clean up after itself. HISTORY
pm_tmpfile() was introduced in Netpbm 10.42 (March 2008). netpbm documentation 31 December 2007 Netpbm subroutine library: pm_make_tmpfile_fd() function(3)

Security Advisories (RSS)

USN-665-1: Netpbm vulnerability

LEARN ABOUT CENTOS

libmaketmpfilefd